Ada vs. the JSF C++ Coding Standard

In this article I compare safety critical C++ coding rules for arrays with built in Ada array capabilities.

Use of Arrays

C and C++ array indexing always begins at 0 because that indicates a 0 offset from the address of the start of the array. The array name is actually a pointer the the start of the array. The index value is used to calculate the memory address offset from the beginning of the array. It is implied that array index values should always be non-negative. Neither the C nor C++ languages provide rules for compilers to check the validity of array indices. Any offset from the beginning of the array is allowed, including negative offsets, which will access memory locations with lower memory addresses than the beginning of the array.

AV Rule 96

Arrays shall not be treated polymorphically. See Meyers [7], item 3.
Rationale: Array indexing in C/C++ is implemented as pointer arithmetic. Hence, a[i] is equivalent to a+i*SIZEOF(array element). Since derived classes are often larger than base classes, polymorphism and pointer arithmetic are not compatible techniques.

AV Rule 97

Arrays shall not be used in interfaces. Instead, the Array class should be used.
Rationale: Arrays degenerate to pointers when passed as parameters. This “array decay” problem has long been known to be a source of errors.

Ada Alternative

Ada array indexing is not implemented as pointer arithmetic. The index type and index range of an Ada array is always available wherever the array is visible. Ada array index type may be specified to be any discrete type, which includes signed integers, modular integers, and enumerated types.

Ada arrays are first class types, not merely pointers to an address in memory. When an Ada array is passed as a parameter to a subprogram the array does not decay to a pointer as in C or C++. The abstract behavior of Ada arrays is similar to the abstract behavior of the C++ Array class, although there are some very different implementation details.

Circular Buffer Example

------------------------------------------------------------------------
-- Demonstration of a circular array buffer in Ada                    --
------------------------------------------------------------------------
with Ada.Text_IO; use Ada.Text_IO;

procedure Circular_Buffer is
   type Buffer_Index is mod 10;
   type Buffer_Type is array(Buffer_Index) of Integer;

   procedure Alter_Buffer(Item : out Buffer_Type) is
      Index : Buffer_Index := Buffer_Index'First;
   begin
      for I in 1..15 loop
         Item(Index) := I;
         Index := Index + 1;
      end loop;
   end Alter_Buffer;

   Buffer : Buffer_Type := (1,2,3,4,5,6,7,8,9,10);

begin
   Put_Line("Initial Buffer Values:");
   for Element of Buffer loop
      Put_Line(Integer'Image(Element));
   end loop;

   Alter_Buffer(Buffer);

   Put_Line("Final Buffer Values:");
   for Element of Buffer loop
      Put_Line(Integer'Image(Element));
   end loop;
end Circular_Buffer;

Program Output:

Initial Buffer Values:
1
2
3
4
5
6
7
8
9
10
Final Buffer Values:
11
12
13
14
15
6
7
8
9
10

Comments

Popular posts from this blog

Comparing Ada and High Integrity C++

An Ada Publish-Subscribe Producer-Consumer Exercise

Ada vs C++ Bit-fields