Language Design, Syntax, and Reliable Programming
Language Design
- Syntax affects reliability
- It matters more than you might think
- Some examples are below
With and Use
- With statement is required to access libraries
- Library must be explicitely specified
- What is Java's rule?
- Access any classes on CLASSPATH
- Are you accessing the class that you expect?
- Use statement - Fully qualified name not required
- Can be put in any declaration section
- Has same scope as a declaration
Comments
- -- to end of line
- No multi-line comment (ie block comment)
- Why: reliability problems - what was the programmer's intention?
Problems with Block Comments
- Consider this:
/* x = 3; * /
y = 4;
/* z = 5; */
- Did you catch the error above? Now consider this:
/* Startup
x = 3;
/* Reset count */
count = 2 * x;
- Or this (from SPARK/MISRA C books):
/*
/* ++a; */
++a;
// ++a; */
- And this:
/* x = 3;
y = 4;
/* Come back and think about z's value
* z = 5;
*/
- This C code ...
int i = 98;
int * p = & i; /* pointer p points to i */
i = i / *p;
i = /* say something about the expression here */
-4;
printf("%d\n", i); /* result is -4 */
- ... gives different results from this C code:
int i = 98;
int * p = & i;
i = i /*p; -- Starts a comment!!!
i = /* say something about the expression here */
-4;
printf("%d\n", i); /* result is 94 */
- Different results in C and C++ (from Stroustrup):
int b = a//* divide by 4 */4;
-a;
- Is nesting allowed?
- What does this mean:
int nest = /*/*/0*/**/1;
- If comments do NOT nest:
nest = 0 * 1;
- If comments do nest:
nest = 1;
- Same code, with some spaces:
int nest = /*/*/ 0 */**/ 1;
- You don't need to know C to see that lots of problems can arise!
- Some examples from Van Tassel, 2004 web paper
Range Constraints and Subtypes
- Catch errors earlier
- Catch errors when incorrect value is assigned rather than
when incorrect value is used
- Example range constraint:
i: Positive range 1 .. 100;
...
i := ...; -- Error if value is out of range
Example subtype:
subtype Small_Int is Integer range -10 .. 10;
i: Small_Int;
j: Integer;
procedure p (x: Small_Int) is
...
end p;
...
p(i); -- Never has an error
p(j); -- Can crash on call if j not in Small_Int
New Numeric Types
- Catch errors earlier
- Catch errors at compilation rather than
much later (ie long after release)
- Example range constraint:
type Temperature is range 0 .. 100;
type Pressure is range 0 .. 100;
t1, t2 : Temperature;
p1, p2 : Pressure;
r : Natural;
...
t1 := 2 * p2; -- Error
r := t1 * p1; -- Error
r := Natural(t1) * Natural(p1); -- Error
Catch usage errors
(More sophisticated systems allow specifying units)
Pre and Post Conditions
- Specify conditions checked at runtime
function factorial(n: Natural) return Natural
pre => n <= 21,
post => factorial'result in Positive;
function factorial(n: Natural) return Natural is
ans: Natural;
begin
if n = 0 then
ans := 1;
else
ans := n * factorial(n - 1);
end if;
return ans;
end fac;
Also useful in proving program properties
Numeric Literals
Ada Literals
- How do Ada literals support reliable programming?
- Based numbers: 8#232#, 16#abc0#, 2#0101#
- Underscores: 1_000_000, 2#0101_1111#, must be surrounded by digits (ie not on ends or adjacent)
- Floating point - Digit required on each side of decimal: Not allowed: 1., .1
For Loop Statement
Case Statement - Multiway Selection
- Java version - what is the output?
i = 3;
switch (i){
case 4: System.out.println("****");
case 3: System.out.println("***");
case 2: System.out.println("**");
case 1: System.out.println("*");
default: ;
}
Ada version - what is the output?
case i is
when 4 => put_line("****");
when 3 => put_line("***");
when 2 => put_line("**");
when 1 => put_line("*");
when others => null;
end case;
Some Java Code
- Check for division by 0 - what does this code mean
if (b == 0)
if (a > 0)
res = MAX_INT;
else
res = a / b;
b++;
Under what conditions is i = j
executed?
if (a == b)
if (e == f)
g = h;
else
i = j;
What about this code:
// If signal is clear, increase speed
void increase_speed_if_safe (int speed, int signal)
{
if (signal == CLEAR && speed < MAX_SPEED);
increase_speed ();
}
How many times is the S.o.p
executed?
i = 0;
while (i <= 10);
System.out.println(i++);
Some test code
and a
prettified version
How to code these in Ada?
Function vs Procedure
- C/Java can ignore return values
public class Foo{
int sqr(int i){return i * i;}
public static void main(...){
sqrt(3);
}
}
What About This?
main(){
int x;
x - 3;
}
Keyword Parameters
// Java
myCalendar.set_date(1, 10, 2014); // Jan 10 or Oct 1?
-- Ada
set_date(My_Calendar, Day => 1, Month => 10, 2014); -- Obvious
Enumerated Types
// Java
myCalendar.set_date(1, 10, 2014); // Jan 10 or Feb 10?
-- Ada
type Months is (Jan, Feb, ..., Dec);
...
set_date(My_Calendar, 1, Feb, 2014); // Obvious
Don't Do This