From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=BAYES_00,NICE_REPLY_A autolearn=ham autolearn_force=no version=3.4.6 Path: eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: "Alejandro R. Mosteo" Newsgroups: comp.lang.ada Subject: Re: Adacore joins with Ferrous Systems to support Rust Date: Sat, 12 Feb 2022 18:34:04 +0100 Organization: A noiseless patient Spider Message-ID: References: <87o83pzlvm.fsf@nightsong.com> <87d2e0c1-c851-43e2-a085-fad30e475e35n@googlegroups.com> <70f72b7e-1f3f-4942-b6aa-1044430bdcd9n@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sat, 12 Feb 2022 17:32:03 -0000 (UTC) Injection-Info: reader02.eternal-september.org; posting-host="7bbecf2e524abba71bf206a6e27463f5"; logging-data="27562"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+oAY90AtZiXQelEzrDCfnq" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Cancel-Lock: sha1:6fi81N618a1wBiYWf+nBO3mKn9w= In-Reply-To: Content-Language: en-US Xref: reader02.eternal-september.org comp.lang.ada:63495 List-Id: I'm sorry if this pops up twice, something strange happened with my first attempt. On Fri, Feb 11, 2022 at 8:24 PM 'Luke A. Guest' wrote: > So, you'd prefer, if Ada was designed now, it didn't do runtime check (on pointers) and have compile-time checks? I'd prefer that, as much as feasible, checks were moved (not removed!) to compile-time, yes. I know there are efforts in this direction at AdaCore to simplify the accessibility checks model. > I'm more ashamed now of the whole anonymous pointers and accessibility surprises in Ada. I'm not sure what you mean here. My problem with runtime checks (which are undoubtedly better than no checks, sure), and in particular with accessibility checks, is that sometimes you get a failure much later during testing. By that time, understanding the problem may be 1) hard and 2) require painful redesign. At compile-time you get to deal with the problem immediately. This is something in which Rust and Ada share the sentiment: "if it compiles, it works". So having something in another language found at compile-time makes me want to have it also in Ada at compile-time. It really spoils you against runtime checks. Much like I prefer the static elaboration model in GNAT instead of the dynamic one. Also there are times in Ada where static checks are false positives that require some 'Unchecked_Access, and other times there is no failure yet you're doing something wrong. I find these from time to time in pretty obscure combinations not easy to provide a reproducer and frankly, I hate it. I'm never sure if I'm at fault, the compiler is at fault, or I've hit a corner case in the "heart of darkness". Nowadays I won't use a pointer even if it means obscene underperformance, until the thing is unavoidable. There are also situations in which marking a parameter as aliased, even if you know it is already by reference (a limited/tagged type), will alter the things you can do with 'Access/'Unchecked_Access. There have been a couple of recent posts about that. Even if it's my fault, I find too hard to repeatably remember the finer details.