Hi Colin,
I get the impression you are posting in html to a text only Usenet Newsgroup.... the resultant message is not work out who said what.
Try using a more sensible quoting system.
In article , Colin Paul Gloster writes
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
And what about the management failures? Most programming projects fail due to errors such as trying to solve the wrong problem, too few resources for the amount of effort required, etc. The choice of programming language has no impact on this either.
Also fairly trivially reported with PC-Lint
| apples_in_handbag = 2; e:\cygwin\home\radsett\newlib-lpc\test2.c 44 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 44 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| apples_in_rucksack = 5; e:\cygwin\home\radsett\newlib-lpc\test2.c 45 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 45 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| oranges_in_handbag = 3; e:\cygwin\home\radsett\newlib-lpc\test2.c 46 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 46 Warning 632: Assignment to strong type 'quantity_of_oranges_type' in context: assignment
| oranges_in_handbag /*Oops.*/; e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_apples_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_oranges_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| } e:\cygwin\home\radsett\newlib-lpc\test2.c 51 Warning 550: Symbol 'total_number_of_apples' (line 39) not accessed
e:\cygwin\home\radsett\newlib-lpc\test2.c 39 Info 830: Location cited in prior message
| } e:\cygwin\home\radsett\newlib-lpc\test2.c 51 Warning 550: Symbol 'apples_in_handbag' (line 37) not accessed
e:\cygwin\home\radsett\newlib-lpc\test2.c 37 Info 830: Location cited in prior message
(parenthetically, this sort of tool is a big reason why I insist on my C being portable, and also why I loathe vendor supplied IDEs in general.)
This is as far as I got with your post, I'm afraid your quoting style makes the rest incomprehensible.
Robert
-- Posted via a free Usenet account from http://www.teranews.com
Also fairly trivially reported with PC-Lint
| apples_in_handbag = 2; e:\cygwin\home\radsett\newlib-lpc\test2.c 44 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 44 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| apples_in_rucksack = 5; e:\cygwin\home\radsett\newlib-lpc\test2.c 45 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 45 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| oranges_in_handbag = 3; e:\cygwin\home\radsett\newlib-lpc\test2.c 46 Note 960: Violates MISRA
2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsignede:\cygwin\home\radsett\newlib-lpc\test2.c 46 Warning 632: Assignment to strong type 'quantity_of_oranges_type' in context: assignment
| oranges_in_handbag /*Oops.*/; e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_apples_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_oranges_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 632: Assignment to strong type 'quantity_of_apples_type' in context: assignment
| } e:\cygwin\home\radsett\newlib-lpc\test2.c 51 Warning 550: Symbol 'total_number_of_apples' (line 39) not accessed
e:\cygwin\home\radsett\newlib-lpc\test2.c 39 Info 830: Location cited in prior message
| } e:\cygwin\home\radsett\newlib-lpc\test2.c 51 Warning 550: Symbol 'apples_in_handbag' (line 37) not accessed
e:\cygwin\home\radsett\newlib-lpc\test2.c 37 Info 830: Location cited in prior message
(parenthetically, this sort of tool is a big reason why I insist on my C being portable, and also why I loathe vendor supplied IDEs in general.)
This is as far as I got with your post, I'm afraid your quoting style makes the rest incomprehensible.
Robert
-- Posted via a free Usenet account from http://www.teranews.com
This is correct. These affect all projects no matter the language used.
With good processes and project management C is as effective as Ada. This is because people use the correct tools with a C compiler and use the language responsibly.
If you really want to you can make a pigs ear of it with Ada too.
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
... snip ...
Snippet:
char array[MAXi]; int i; ... for (i = 0; array[i]; i++) continue;
Please show me the C system that detects the possible overrun at compile time, or at any time before execution, when it either aborts or needs added code.
However, when i is properly declared as 0..MAXi, the detection is immediate. C lacks this facility.
--
cbfalconer at maineline dot net
If you want to see me, you do the travel. However, I suspect that you can easily find another C programmer in your vicinity who would detect this error at compile time, or even before.
You don't want a computer to do stupid things, don't write stupid code.
-- Al Balmer Sun City, AZ
With a lack of Chris finding the magazine article he was seeking I thought I would see what I could turn up with a bit of Googling. The links below lead to some interesting material (one saying that it doesn't matter about language and one arguing that it does - but the latter sells Spark-Ada).
Also another paper has an interesting view on languages for Safety Critical Systems.
-- ******************************************************************** Paul E. Bennett .................... Forth based HIDECS Consultancy ..... Mob: +44 (0)7811-639972 Tel: +44 (0)1235-811095 Going Forth Safely ..... EBA. www.electric-boat-association.org.uk.. ********************************************************************
So what ?
If a language detects an out of range condition, what does it do ?
If it generates an exception, is there any guarantee that this exception is handled in any sensible way ? Look for instance at the first "spectacular" Ariane 5 launch :-).
In systems, in which you just can not give up and display a blue screen etc., you really have to design the software in such a way that it survives unexpected events.
In practice, it is much easier to code the error cases in the main program flow than using a huge exception handler, which first tries to figure out what happened and then tries to figure out, how to get out of this, without crashing the system.
Paul
... snip ...
What's stupid about that code? It is effectively strlen.
--
cbfalconer at maineline dot net
gcc 4.3 has this feature:
Of course, gcc 4.3 is not yet released.
I definitely agree that this sort of thing is something that C is missing. If you want to get the best out of lint, you have to add extra lint-specific comments with this sort of range information - it would be far better if it were included in the C language itself. This would give three things (in order of importance) - it would let the programmer be clearer about his/her intentions in the code, it would let the compiler do better checking, and it would let the compiler generate better code in some cases.
Another thing I'd like is an Ada-like ability to get information about a type (either from the type name, or from a variable), such as the highest value of a enumerated type. In Pascal, and Ada, you can write the equivalent of:
typedef enum { white, black, orange, blue } colours; typedef struct { uint_8 red, blue, green; } rgbStruct; static rgbStruct rgbs[colours];
Thus you have an array sized and indexed by the enumerated type.
You can get some way towards this using C++, but it's not easy to do so without run-time costs.
In news: snipped-for-privacy@free.teranews.com , Robert Adsett posted: "[..]
Also fairly trivially reported with PC-Lint [..] e:\cygwin\home\radsett\newlib-lpc\test2.c 46 Warning 632: Assignment
to strong type 'quantity_of_oranges_type' in context: assignment
| oranges_in_handbag /*Oops.*/; e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_apples_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 639: Strong type mismatch for type 'quantity_of_oranges_type' in binary operation
e:\cygwin\home\radsett\newlib-lpc\test2.c 48 Warning 632: Assignment
to strong type 'quantity_of_apples_type' in context: assignment [..]"
Thanks.
In article , Robert Adsett writes
I keep telling him this but in a discussion on the use of compiler languages in safely critical work he keeps using an unreadable (ie dangerous) style of quoting that is indecipherable to most others.
Chris
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Not readable, due to lack of proper quoting, excessive line lengths, etc. Please fix your newsreader.
Please do not top-post. Your answer belongs after (or intermixed with) the quoted material to which you reply, after snipping all irrelevant material. See the following links:
--
(taming google)
(newusers)
I won't argue on the quoting, but any line length issues originated with me. Cut and paste from PC-Lint's error output and wrapped during post by the newsreader.
He also didn't top-post. It just looked thay way.
Robert
-- Posted via a free Usenet account from http://www.teranews.com
Well, next time consider using the -width(w,i) option.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.