problems/risks due to programming language

John F Nixon jnixon at andrew.ATL.GE.COM
Thu Feb 22 10:14:52 AEST 1990 

billwolf (William Thomas Wolfe, 2847 ) writes:
>From hammondr at sunroof.crd.ge.com (Richard A Hammond):
>> So, in the AT&T case using Ada we would have exited both the switch and the
>> loop rather than just the switch.  Hardly an improvement!
>   This is not a valid analogy.  In C, the case statement *requires* the
>   use of a restricted GOTO in order to accomplish "normal" processing;

But we aren't talking about using the "break" in this sense, we are talking
about using the "break" to exit an "if", something which isn't C.

> In other words, C requires use [of] a dangerous construct on a routine basis.

Just as Ada requires the use of "exit" to leave the "loop" construct;
unless you use Ada'a "goto"...

>   With the if construct in C, the default is to exit the if construct 
>   automatically, as opposed to continuing on to execute the section of
>   code associated with the else part.  Thus, we have an inconsistency
>   in C's design: with one flow-of-control construct... use(s) dangerous
>   GOTO [normally] whereas a similar flow-of-control construct... default is
>   reversed.  Given such a language design, it should not surprise anyone
>   that programmers become confused, particularly when the constructs are
>   being used together. 

This argument applies equally to Ada's "loop" construct versus Ada's
"if" construct.

>   Ada, on the other hand, is consistent: in both the if and case statements,

Ignoring the example presented (Ada's loop and exit).

>   the default is to exit the construct once the code associated with the
>   specified situation has been executed.  Ada also provides the exit
>   statement, a restricted GOTO which permits a loop to be exited early,
>   but this construct is not used (as is C's break) on a routine basis.  

Unless one uses the "loop" statement on a routine basis.  Bill may not, but
what if I do?  And if the reversed sense is such a bad example of
program language design, then Ada is an example of bad program
language design.  

I'm not trying to tag Ada, or praise C, but simply to make the point that
this case is *not* an example of error a language such as C or Ada 
detects.  Both programs are legal, both will compile, both are wrong.
Neither C nor Ada are free of flaws.  However, C has not made claims
such as the one which follows:

>   However, we cannot disregard that fact that Ada was
>   specifically designed to provide maximal support for the software 
>   engineering process.

I agree.

However, Ada doesn't pass the test in this case.  It is possible (nay,
inevitable) that someone will misuse the Ada exit statement.  And it is
likely that someone will correctly use the exit statment
in exactly this fashion.  Too bad you can't tell till runtime.



----
jnixon at atl.ge.com                    ...steinmetz!atl.decnet!jnxion

More information about the Comp.lang.c mailing list