From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,LOTS_OF_MONEY autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!newsfeed.xs3.de!io.xs3.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED.rrsoftware.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: How to get Ada to "cross the chasm"? Date: Wed, 25 Apr 2018 18:02:26 -0500 Organization: JSA Research & Innovation Message-ID: References: <1c73f159-eae4-4ae7-a348-03964b007197@googlegroups.com><878t9nemrl.fsf@nightsong.com><87h8o7lowg.fsf@nightsong.com><8736zqkwat.fsf@nightsong.com><6839088c-f221-4650-a6ea-1841ae539486@googlegroups.com><1e5f5681-0e2a-43cc-9437-2bd38078da08@googlegroups.com><87604lvkqp.fsf@nightsong.com><0bd80336-595a-45b6-b4e5-26c13d5859cb@googlegroups.com><87o9idsh7f.fsf@nightsong.com> <87k1t1s9lx.fsf@nightsong.com> Injection-Date: Wed, 25 Apr 2018 23:02:27 -0000 (UTC) Injection-Info: franka.jacob-sparre.dk; posting-host="rrsoftware.com:24.196.82.226"; logging-data="20981"; mail-complaints-to="news@jacob-sparre.dk" X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.7246 Xref: reader02.eternal-september.org comp.lang.ada:51706 Date: 2018-04-25T18:02:26-05:00 List-Id: "Paul Rubin" wrote in message news:87k1t1s9lx.fsf@nightsong.com... ... >> Never crashing is a good thing; it's far better to have a controlled >> exit than possibly leave things in a inconsistent state. > > 1. Of course it's a good thing, but is it CRITICAL? For a jet engine it > is critical. For a compiler I'm claiming it's not critical. I'm open > to persuasion but at the moment I don't see the other side. Let's put > it another way: you are running a crashfree compiler when a mischievous > billionaire offers you $10 million if you let him smash your computer > with a sledgehammer (setting you back a day or so while you buy a new > computer and restore your backups to it). If you take the $10 million, > I claim you would have been ok without the crashfree compiler. I just want $50 for every compiler crash. Then I can retire. ;-) > 2. What inconsistent state is left if the compiler crashes? It's just a > usermode program. There's an error message saying that the compiler > crashed, and hopefully some diagnostic info saying how the crash > happened. For Ada at least, you also have the programming environment. If a crash corrupts that, you can be in deep do-do. (If a crash corrupts the Janus/Ada project file, the only realistic fix is to delete it and reconstruct. That's not very efficient!) ... > Really, SPARK is great, but I think I'm seeing some overreaching claims > for it in this thread. I personally think SPARK is the worst thing every to happen to Ada, because it took the focus off of the great things that Ada 2012 itself can do for you (without any verification) and onto something that only makes sense for a niche. And it seems to have kept the AdaCore people from pursuing some of those great things. (If you could send that $10 million this way, I'd take a swing at them, but as it stands I need to pay for food and shelter first... :-) Randy.