Andrei Alexandrescu:

>> (*) Ada has many features missing in D that make its programs
>> significantly safer than D programs, like:
>> - built-in ranged integers;
>> - user-defined array indexes;
>> - clean syntax to stack-allocate matrices of runtime-defined sizes;
>> - pointer kinds with different limitations;
>> - stack overeflow safeties;
>> - safe concurrency;
>> - no undefined semantics;
>> - explicit type conversions;
>> - sane modulus on negative numbers;
>> - integral runtime overflow tests;
>> - etc etc.
>>
>> Bye,
>> bearophile
>
> What did I just read? Oh boy.

Sorry, let me explain better and again. There are programming tasks where a lot of reliability is required, but for some reasons a widespread virtual machine is not desired. In such cases people sometimes use C or C++ (sometimes with some enforced restrictions) or Ada (or some of its stricter subsets, as Spark), and once in a while Eiffel. D language offers features to increase code reliability, but:
- As long as D compilers and Phobos are significantly buggy, it's hard to write reliability programs, regardless of the qualities of D language. Ada specs and Ada compiler writers know this very well;
- As I have listed, Ada offers numerous means to constrain code and avoid many bugs statically. From what I am seeing D is less bug-prone than C++, but more bug prone than Ada. But so far I have not seen people interested in using D in some of the places where Ada is used.

Bye,
bearophile

On 8/4/12 8:25 AM, bearophile wrote:
> Andrei Alexandrescu:
>
>>> (*) Ada has many features missing in D that make its programs
>>> significantly safer than D programs, like:
>>> - built-in ranged integers;
>>> - user-defined array indexes;
>>> - clean syntax to stack-allocate matrices of runtime-defined sizes;
>>> - pointer kinds with different limitations;
>>> - stack overeflow safeties;
>>> - safe concurrency;
>>> - no undefined semantics;
>>> - explicit type conversions;
>>> - sane modulus on negative numbers;
>>> - integral runtime overflow tests;
>>> - etc etc.
>>>
>>> Bye,
>>> bearophile
>>
>> What did I just read? Oh boy.
>
> Sorry, let me explain better and again.

I wasn't referring the clarity of explanation, just that I think this sort of righteous pontification - cheap to produce, yet implying vast insight - doesn't add any value to the exchange.

Andrei

Andrei Alexandrescu:

> I wasn't referring the clarity of explanation, just that I think this sort of righteous pontification - cheap to produce, yet implying vast insight - doesn't add any value to the exchange.

I agree that my answers were a little OT to the main discussion of this thread. But sometimes you want to discuss a bit more wide things, outside a matchbox. Next time in similar situations I will start a new thread then.

My two post didn't imply to contain significant insights, they mostly contain a single question.

Regarding the value of those two posts, they raises some questions, like: is D fit just for video games, or is it good to write highly reliable programs too? Are Ada programmers going to appreciate D?

The purposes of a language are important, because they must guide its design and progressive development. If D is very good mostly for games, then probably it's worth adding in Phobos things useful to write games, and the language designers need to listen more to what people like Carmak ask to language designers. On the other hand if in D future there is the creation of high integrity systems to replace some of the current uses of Ada (and C-high-integrity profiles), then it's worth considering how much useful some Ada features are, maybe for present and future improvements of D. As I have shown Ada has several advantages over D in that regard.

Bye,
bearophile

On Saturday, 4 August 2012 at 15:12:54 UTC, bearophile wrote:
> Andrei Alexandrescu:
>
>> I wasn't referring the clarity of explanation, just that I think this sort of righteous pontification - cheap to produce, yet implying vast insight - doesn't add any value to the exchange.
>
> I agree that my answers were a little OT to the main discussion of this thread. But sometimes you want to discuss a bit more wide things, outside a matchbox. Next time in similar situations I will start a new thread then.
>
> My two post didn't imply to contain significant insights, they mostly contain a single question.
>
> Regarding the value of those two posts, they raises some questions, like: is D fit just for video games, or is it good to write highly reliable programs too? Are Ada programmers going to appreciate D?
>

I doubt Ada programmers would appreciate any other language, given
the type of high security applications Ada is used in.

Even C and C++ have to endure strict regulations to be used in such environments, for example the Auto Industry MISRA standard.

--
Paulo

Paulo Pinto:

Thank you for your answer, but I think you have missed most subtleties of my points.

> I doubt Ada programmers would appreciate any other language, given the type of high security applications Ada is used in.

I was not referring to just Ada programmers, but to programs that people *maybe* want to write in Ada.

Programs are not classified in just two groups as "normal" and "ultra high integrity". There is a continuum between the quicker Perl script and the Shuttle flight control software.


> Even C and C++ have to endure strict regulations to be used in such environments, for example the Auto Industry MISRA standard.

D already contains some rules of those subsets of C and C++, and some of those rules are not needed in D because D has other features that avoid their need.

D is not like MISRA C but it's generally safer than regular C. A stricter subset of D too can be invented.

So, I think D is fit for intermediate projects where you don't want to afford the costs of the proved ADA-SPARK subset, but you want something a bit safer than plain full C/C++ (this is also the main design purpose of Rust language).

If future people will appreciate to use D for such purposes, then it's worth tuning a bit D/Phobos for their needs too.

Bye,
bearophile

I spent far to much time with Ada (I have and I have read quite a pile of books on this language). When I tried to write some sample programs with GNAT using advanced features of this language I immediately hit on bugs so ridiculous that I was thrown off the language for good. There are no free compilers of this language (which you could freely use to write commercial programs, like for example games), no affordable commercial compilers (which you could buy for ~$500). Ada as a language is DEAD. And you certainly heard about the Ada related catastrophe of the Ariadne rocket? So much for "safety". Ada is dead and should not be touched with a mile pole.

On Sunday, 5 August 2012 at 13:49:18 UTC, bearophile wrote:
> Paulo Pinto:
>
> Thank you for your answer, but I think you have missed most subtleties of my points.
>
>> I doubt Ada programmers would appreciate any other language, given the type of high security applications Ada is used in.
>
> I was not referring to just Ada programmers, but to programs that people *maybe* want to write in Ada.
>
> Programs are not classified in just two groups as "normal" and "ultra high integrity". There is a continuum between the quicker Perl script and the Shuttle flight control software.
>
>
>> Even C and C++ have to endure strict regulations to be used in such environments, for example the Auto Industry MISRA standard.
>
> D already contains some rules of those subsets of C and C++, and some of those rules are not needed in D because D has other features that avoid their need.
>
> D is not like MISRA C but it's generally safer than regular C. A stricter subset of D too can be invented.
>
> So, I think D is fit for intermediate projects where you don't want to afford the costs of the proved ADA-SPARK subset, but you want something a bit safer than plain full C/C++ (this is also the main design purpose of Rust language).
>
> If future people will appreciate to use D for such purposes, then it's worth tuning a bit D/Phobos for their needs too.
>
> Bye,
> bearophile

On Tuesday, 7 August 2012 at 10:28:00 UTC, Franciszek Czekała wrote:
> I spent far to much time with Ada (I have and I have read quite a pile of books on this language). When I tried to write some sample programs with GNAT using advanced features of this language I immediately hit on bugs so ridiculous that I was thrown off the language for good.

For example?


> There are no free compilers of this language (which you could freely use to write commercial programs, like for example games), no affordable commercial compilers (which you could buy for ~$500). Ada as a language is DEAD.

FSF's GNAT in GCC is GPL with linking exception, like the rest of GCC.
If you say "you can't build commercial software" with this, you can't build commercial software with GCC either.

> And you certainly heard about the Ada related catastrophe of the Ariadne rocket? So much for "safety". Ada is dead and should not be touched with a mile pole.
>

http://en.wikipedia.org/wiki/Ariane_5

"Ariane 5's first test flight (Ariane 5 Flight 501) on 4 June 1996 failed, with the rocket self-destructing 37 seconds after launch because of a malfunction in the control software.[14] A data conversion from 64-bit floating point value to 16-bit signed integer value to be stored in a variable representing horizontal bias caused a processor trap (operand error)[15] because the floating point value was too large to be represented by a 16-bit signed integer. The software was originally written for the Ariane 4 where efficiency considerations (the computer running the software had an 80% maximum workload requirement[15]) led to 4 variables being protected with a handler while 3 others, including the horizontal bias variable, were left unprotected because it was thought that they were "physically limited or that there was a large margin of error".[15] The software, written in Ada, was included in the Ariane 5 through the reuse of an entire Ariane 4 subsystem despite the fact that the particular software containing the bug, which was just a part of the subsystem, was not required by the Ariane 5 because it has a different preparation sequence[15] than the Ariane 4."

Jeeze, guys, OT? The OP didn't ask about ADA, or exploding rockets. I, personally, would think that D is perfectly capable of handling a MMORPG client, as it has proven to be very capable of pretty much all the tasks required. Derelict is your friend here, I'd wager, allowing you access to libraries such as SDL, OpenGL (should you go onto a 3D client, maybe for a later game), sound libraries and more, while multi-threading and timing are handled just fine by Phobos, as are file manipulations which includes ZIP archives, and memory-mapped files

On 8/4/2012 8:12 AM, bearophile wrote:
> My two post didn't imply to contain significant insights, they mostly contain a
> single question.
>
> Regarding the value of those two posts, they raises some questions, like: is D
> fit just for video games, or is it good to write highly reliable programs too?
> Are Ada programmers going to appreciate D?
>
> The purposes of a language are important, because they must guide its design and
> progressive development. If D is very good mostly for games, then probably it's
> worth adding in Phobos things useful to write games, and the language designers
> need to listen more to what people like Carmak ask to language designers. On the
> other hand if in D future there is the creation of high integrity systems to
> replace some of the current uses of Ada (and C-high-integrity profiles), then
> it's worth considering how much useful some Ada features are, maybe for present
> and future improvements of D. As I have shown Ada has several advantages over D
> in that regard.

What's frustrating about your analyses is they fail to mention or account for any features D has that make it more reliable than Ada. It's like you took a list of Ada features and ticked off which ones were not in D, thus making it a foregone conclusion that D can never be more than a pathetic subset of Ada.

For once I'd like you to take a list of D features and tick off those not in Ada (or whatever other language du jour).

Like transitive immutability.

On Tuesday, 7 August 2012 at 18:08:25 UTC, Araq wrote:
> On Tuesday, 7 August 2012 at 10:28:00 UTC, Franciszek Czekała wrote:
>> I spent far to much time with Ada (I have and I have read quite a pile of books on this language). When I tried to write some sample programs with GNAT using advanced features of this language I immediately hit on bugs so ridiculous that I was thrown off the language for good.
>
> For example?
>
If my memory serves me the bugs were related to postblit constructors and finalizers (not to mention that these features are horribly designed and a clear afterthought).
>
>> There are no free compilers of this language (which you could freely use to write commercial programs, like for example games), no affordable commercial compilers (which you could buy for ~$500). Ada as a language is DEAD.
>
> FSF's GNAT in GCC is GPL with linking exception, like the rest of GCC.
> If you say "you can't build commercial software" with this, you can't build commercial software with GCC either.
>
Check http://libre.adacore.com/comparisonchart/
GNAT GPL edition is meant for "Free Software development following the terms of the GPL". It is not that the compiler is GPL protected. It is that your programs created with GNAT are required to be GPL protected. The difference is related with licensing of the GNAT runtime which is always a part of compiled Ada programs. This licensing was changed some time ago to put restrictions on what you can do with Ada. I spent some time searching internet forums trying to clear the matter and the consensus was that you cannot legally use free GNAT to create closed-source commercial programs.

>> And you certainly heard about the Ada related catastrophe of the Ariadne rocket? So much for "safety". Ada is dead and should not be touched with a mile pole.
>>
>
> http://en.wikipedia.org/wiki/Ariane_5
>
> "Ariane 5's first test flight (Ariane 5 Flight 501) on 4 June 1996 failed, with the rocket self-destructing 37 seconds after launch because of a malfunction in the control software.[14] A data conversion from 64-bit floating point value to 16-bit signed integer value to be stored in a variable representing horizontal bias caused a processor trap (operand error)[15] because the floating point value was too large to be represented by a 16-bit signed integer. The software was originally written for the Ariane 4 where efficiency considerations (the computer running the software had an 80% maximum workload requirement[15]) led to 4 variables being protected with a handler while 3 others, including the horizontal bias variable, were left unprotected because it was thought that they were "physically limited or that there was a large margin of error".[15] The software, written in Ada, was included in the Ariane 5 through the reuse of an entire Ariane 4 subsystem despite the fact that the particular software containing the bug, which was just a part of the subsystem, was not required by the Ariane 5 because it has a different preparation sequence[15] than the Ariane 4."

The program was written with Ada and failed in a most stupid way. Is it not a proof enough that safety cannot be sensibly enforced by mechanical tools? And this was the main rationale for Ada from day one. If you check for possible commercial compilers you will see that most of them remember the days of Windows 95. Ada was forced on people by administrative means and died when those means were removed. I wonder how much Ada is in Curiosity on Mars. Let me guess, 0%?