RE: Education and security -- another perspective (was "ACM Queue - Content")

["David Crocker" <dcrocker () eschertech com>]

Crispin Cowan wrote:

> >
In programming language terms, Ada is grossly primitive. Its object
orientation mechanisms are crude at best. A *great* deal of progress in
language technology has been made since Ada was developed. For just
about any kind of concept or safety feature, students and developers
would be better served to consider Java, C#, or ML instead of Ada.
<<

I'm no fan of Ada (I find the language cumbersome and verbose, and it makes a
pigs ear of trying to be fully O-O) - but I have to defend Peter Amey in this
case.

There is a tendency to regard every programming problem as an O-O problem.
Sometime last year I read a thread on some programming newsgroup in which
contributors argued about the correct way to write a truly O-O "Hello world"
program. All the solutions provided were cumbersome compared to the traditional
"printf("Hello, world!")" solution. The point is, printing "Hello, world!" is
not an O-O problem!

Although for most commercial application packages an O-O architecture is the
best choice at present, for many embedded systems there is absolutely no reason
to use polymorphism with dynamic binding - which are the main language features
that distinguish the O-O approach from earlier methods. Ada has always provided
the other benefits associated with O-O languages (encapsulation, information
hiding, genericity). In safety-critical work there is a good case for regarding
dynamic binding as dangerous unless you formally prove it to be safe using
rigorous methods. And much as I dislike Ada, I have to admit that if you don't
intend to use dynamic binding and don't need the low-level features of C, Ada is
one of the safest languages around.

BTW there is probably more embedded programming being done using C rather than
anything more modern. Java is ruled out for most real-time embedded applications
because garbage collection pauses cannot be tolerated. [My own preference for
embedded work is MISRA C extended with a few features from C++ - but it needs
good tool support in order to ensure that all the worst unsafe features of C/C++
are avoided.]

> >
Java, C#, and ML are strictly better than Pascal and Ada for almost
everything. But they did not spring out of the earth, they were built on
the progress of previous languages. Java in particular contains no novel
features at all, but rather shows good taste in the features it borrows
from others. What made Java interesting was the accident of history that
caused it to become the first strongly typed polymorphic programming
language to become widely popular.
<<

I disagree with your "almost everything" because there is a huge amount of
embedded software developed for which Java is unsuitable. Java is certainly a
big improvement on C++ for anyone not needing the low-level control that C++ can
give, but unfortunately the designers of Java still borrowed too much from
C/C++. In particular, mixing automatic type conversion with overloading is a
_very_ bad idea. Indeed, for safety-critical work, almost any sort of automatic
type conversion is a very bad idea. The depressing thing about Java is that it
contains almost nothing new. In contrast, the designers of Eiffel added language
features designed to make producing correct programs easier.

> >
You *can* teach object orientation with Simula 67 or SmallTalk, if you
really want to. But teaching object orientation with Java is a lot more
approachable in the contemporary context.
<<

I certainly wouldn't advocate teaching Simula or Smalltalk. But focussing solely
on Java and O-O programming does not set students up well for embedded software
development.

David Crocker
Consultancy, contracting and tools for dependable software development
www.eschertech.com