On 12-09-2015 18:09, MRAB wrote: > On 2015-09-12 17:29, Dennis Lee Bieber wrote: >> But no one had tested the algorithm with the rate of change the >> Ariane >> 5 could produce -- so an algorithm that was developed for, and safe with, >> the smaller Ariane suddenly went "something's wrong -- abandon ship" >> >> Nothing inherent in the language... >> > What would C++ have done in the same situation? Would Ariane still have > failed? Probably... >
And that's exactly the point. C++, or Ada, for that matter have decades old documented best practices and code patterns to deal with those aspects of the language that can induce in error. Integer overflow is a well documented problem. And relying on it, is documented as a bad idea for several reasons, including the changes in the underlying system that eventually led to Ariane incident. For all that is worth, C++ issues with all sorts of overflows and unchecked memory are documented from the very first beginning of the language. Same with C and same with Ada own particular issues. A safe(r) language just presents different ways of shooting one's foot. We can discuss how much of a bad boy C++ is, but at the end of the day programers will just keep on make mistakes and eventually on those very areas the safer language doesn't provide a safety net. One can argue that by offering more ways to shoot one's foot, C and C++ are more dangerous to use than other considered safer languages. But that doesn't gel with the operative history of C or C++ that are running mission critical systems, from stock markets to nuclear power plants. These languages just demand a different breed of programmers and different methods of testing. -- https://mail.python.org/mailman/listinfo/python-list
