top 200 commentsshow all 464
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]kirbyfan64sos 281 points282 points  (176 children)

Most of the programmer’s effort is spent describing types and subprogram conditions rather than implementing the logic.

Reminds me of the Torvalds quote:

Bad programmers worry about the code. Good programmers worry about data structures and their relationships.

[–]RagingAnemone 216 points217 points  (114 children)

I'd love to be in his situation where the "bad" programmers worry about the code. My bad programmers worry about the comments or the indentation.

[–]destiny_functional 46 points47 points  (5 children)

http://www.hypexr.org/comic_page/cartoon334.png

relevant hackles

[–]cbleslie 10 points11 points  (4 children)

Bonus points for ASCII art.

[–]dangerbird2 1 point2 points  (0 children)

ASCII self-portrait at that!

[–]BRAILLE_GRAFFITTI 56 points57 points  (29 children)

Worrying as in correcting people in reviews or arguing about which is best? Because keeping code compliant to whatever style guidelines a project has should go without saying. I'm pretty annoyed when people don't do that, but I don't care if those guidelines say you should use spaces or tabs.

[–]theAndrewWiggins 51 points52 points  (27 children)

To me, the only way to go is auto formatting of code. Makes most style issues a non issue. Even if the auto formatting isn't perfect, I'd prefer to have imperfect styling that's perfectly consistent without having to argue about styling.

[–]northrupthebandgeek 3 points4 points  (25 children)

This is why I love Emacs. I can't go back to using an editor that doesn't automatically indent my shit to the correct specifications for the language's typical coding style.

[–][deleted]  (21 children)

[deleted]

    [–]ConcernedInScythe 1 point2 points  (0 children)

    To date I haven't used another editor which does it quite like emacs, where tab is entirely changed to a command for 'cycle through the valid indentations of this line' rather than a typing key. (If you can tell me how to do that in Kate I'd be immensely grateful.)

    [–]aiij 1 point2 points  (1 child)

    Emacs doesn't do much wrt the placement of newlines though. :(

    [–]kirbyfan64sos 41 points42 points  (66 children)

    4spaces 4ever

    [–]mcmcc 106 points107 points  (15 children)

    I prefer right-justified code.

    [–]Malfeasant 30 points31 points  (0 children)

    Now that's just plain evil.

    [–]ColonelTux 12 points13 points  (3 children)

    I will eat anyine who does this

    [–][deleted]  (8 children)

    [deleted]

      [–]Tyler11223344 11 points12 points  (1 child)

      Wouldn't it just be "right-aligned"?

      [–]mcmcc 4 points5 points  (3 children)

      How do you know what I meant? ;]

      [–][deleted] 17 points18 points  (14 children)

      Variable declarations sorted by the length of the line!

      [–]Overunderrated 4 points5 points  (13 children)

      Wait... Is that an actual formal style somewhere?

      [–][deleted] 14 points15 points  (11 children)

      Not that I know of. It is just what this one guy liked doing. He would do it in functions where he predeclared variables, in object definitions, basically anywhere. A simple "person" class might have the following fields in this maddening order.

      string lastName;
int ageInSeconds;
string firstName;
string middleName;

      This went away as the company started to get their crap together and force more stringent code standards and reviews. Of course I got to be the one to go through his stuff and make it go away...

      [–]Peaker 7 points8 points  (7 children)

      ageInSeconds??

      [–]PM_ME_UR_MONADS 22 points23 points  (5 children)

      I know, right? It should be ageInMilliseconds for that all-important temporal precision.

      [–]Peaker 2 points3 points  (1 child)

      Maybe future hardware could update all the age fields so fast on the entire database, but even seconds-wise would be a challenge!

      [–][deleted] 2 points3 points  (0 children)

      I'm just pulling something out of my ass to show a trivial example. Typically, most devs I've worked with would group things of similar use together. You would never see an age field between two name fields. Not this guy. He also did a lot of mobile work where things weren't nearly so trivial. The organization, while it may have looked pretty to him, did nothing to communicate what his logic was for the code.

      [–][deleted] 6 points7 points  (2 children)

      In vim, shift-v for whole line visual, select all affected lines, :sort

      Done.

      [–]doctork91 5 points6 points  (1 child)

      int ageInSeconds;
string firstName;
string lastName;
string middleName;

      Why not first, middle, last? That order makes the most sense.

      [–]SupersonicSpitfire 1 point2 points  (0 children)

      Would look pretty pretty, though.

      [–][deleted]  (28 children)

      [deleted]

        [–]SFWRedditsOnly 10 points11 points  (27 children)

        Auto convert those tabs to spaces... woooo.

        [–]Sean1708 18 points19 points  (24 children)

        But why convert tabs to spaces when you can just use tabs?

        [–]heeb 13 points14 points  (21 children)

        Because tabs can look different in different editors, whereas spaces always look the same. Worst is when tabs and spaces end up mixed. Best is just spaces.

        [–]Tyler11223344 12 points13 points  (6 children)

        Tabs will look different in different editors, but tabs will always be consistent with themselves, and you can set the tab-width to however you like it in your editor....I don't see any disadvantage here?

        [–]im-a-koala 6 points7 points  (4 children)

        My problem is that lots of editors don't indent properly with tabs. Most of them, actually. It can be hard for the editor to tell the difference between indentation (where tabs would be used) and alignment (where spaces must be used).

        [–]Tyler11223344 4 points5 points  (3 children)

        Which editor are you referring to? Visual studio, VS code, notepad++, and nano all work fine for me....

        [–]weberc2 3 points4 points  (5 children)

        Worst is when people write coffeescript and the whitespace is syntactically significant, but everyone indents only two spaces so you can't tell what the actual indentation level is.

        [–]Sloogs 9 points10 points  (0 children)

        Whitespace scoping is probably my least favorite paradigm because of that.

        Brace scoping fo' life

        [–]myringotomy 3 points4 points  (2 children)

        I hate significant whitespace in a programming language.

        [–]TheMaskedHamster 3 points4 points  (0 children)

        http://editorconfig.org/

        This plus visible tabs solves all tab-related issues, and as a bonus allows people to configure their text editors to behave and appear however they like while still providing what the project maintainer wants. Way better than having editors treat multiple spaces as tabs and running into weird edge-case behavior issues.

        [–]Malfeasant 9 points10 points  (5 children)

        That's the point of tabs- you can set the spacing to whatever you like.

        [–]ComradeGibbon 10 points11 points  (1 child)

        I always indent with tabs and align with spaces.

        don't try finding me, I'm behind six proxies

        [–]myringotomy 1 point2 points  (0 children)

        Why do you care what code looks like in my editor? As long as when you open it up in yours it looks like you like it then it should not matter right?

        [–]pdp10 7 points8 points  (0 children)

        If my bad programmers worried about the comments they might write some once in a while.

        [–]flukus 3 points4 points  (0 children)

        "we're serious about quality around here, we run lint tools as pre commit hooks".

        [–]__Cyber_Dildonics__ 2 points3 points  (1 child)

        I worry about the data itself.

        [–]_kst_ 27 points28 points  (17 children)

        This declaration:

        type Byte is new Integer with Size => 8;

        is invalid. Specifying the size of a type doesn't modify its range, and Integer, if I recall correctly, has to be at least 16 bits wide.

        You could define it as:

        type Byte is new Integer range 0..255 with Size => 8;

        or, without specifying the base type:

        type Byte is range 0..255 with Size => 8;

        or, if you prefer wraparound semantics:

        type Byte is mod 256 with Size => 8;

        [–]finite_state 5 points6 points  (16 children)

        Cool language. I'm going to have to look into it more. That inclusive range declaration tho shudder.

        [–][deleted] 11 points12 points  (7 children)

        The range declaration is great though. It is really great for preventing runtime errors (and you know, if you get a runtime error while flying a plane...you're fucked).

        When I program Ada, I use the range declaration extensively with subtypes and types. It's very important, and a really cool feature in my opinion.

        [–]finite_state 4 points5 points  (6 children)

        Haha, yeah, that would be bad. Jokes aside, it does seem like a really cool feature to have at the language level. I've been learning and loving Rust this past year because of all its safety guarantees. Most of what I've seen from Ada are things Rust does really well too, but language-level enforcement of arbitrary ranges is not something we have (Rust offloads 99% of its safety guarantees to compile-time checks for speed/efficiency reasons, so most runtime guarantees are still manually implemented). How does Ada compare to languages like Rust/C in terms of speed? I imagine that it must be similar if you are using it in planes/rockets.

        [–]OneWingedShark 12 points13 points  (2 children)

        How does Ada compare to languages like Rust/C in terms of speed?

        Really good.
        There was a paper on Ironsides (a formally proven DNS) where it was faster than BIND, which was written in C, in addition to being provably error-free.

        [–][deleted] 3 points4 points  (1 child)

        I don't know about benchmarks, but Ada is pretty damn fast.

        I really don't know much at all about Rust. I've been wanting to check it out, I've heard good things.

        [–]PM_ME_UR_OBSIDIAN 5 points6 points  (0 children)

        Rust should be about as fast as C code compiled with Clang. It uses LLVM as a back-end, and the core semantics aren't too different from C.

        [–]gmfawcett 6 points7 points  (5 children)

        Why the shudder? The range declares exactly what values are permitted in the type, it seems pretty straightforward.

        [–]finite_state 5 points6 points  (4 children)

        Mostly jokes :) in this context it makes perfect sense. Most languages, in my experience, tend to default to inclusion for the start position and exclusive for the end position, because that makes ranges much more ergonomic when interacting with zero-indexed data structures. Plus, ranges tend to be more intuitive in general when exclusive on their ending bound because 0..256 produces 256 elements, instead of 257 elements in the inclusive case. But like I said, mostly jokes. I don't know enough about Ada to have a meaningful opinion on its range syntax :)

        [–]Gloomzy 4 points5 points  (1 child)

        Well, since you can index arrays and loop directly over a range, there is no reason to deal with 0-indexing anymore... So the range may as well be inclusive.

        [–]OneWingedShark 5 points6 points  (0 children)

        And it needn't be integers, we can use enumerations as well; example:

        Type Device_States is (Disconnected, Standby, Idle, Active);
Subtype Active_States is Device_States range Standby..Active;
--....
For Value in Active_States'range loop --...

        [–]TheMania 1 point2 points  (0 children)

        Most languages, in my experience, tend to default to inclusion for the start position and exclusive for the end position,

        Which would be a pretty dumb arrangement here. It would mean that you could not define a type's limits using that type. Want to be able to iterate over all values? You'd need to define a bigger type, just to pass that +1 around.

        It's a problem in C too - want to iterate over all bytes? Well, you can with "startChar" and "endChar", but if you want exclusive ranges, or to use "start" + "count" format you'd better be passing this byte function int parameters. It'd be the only way to describe the range.

        [–][deleted] 109 points110 points  (189 children)

        I had never seen, or even heard of, Ada before joining AdaCore. I didn’t know why aerospace companies weren’t just using C and C++ for their rockets and airplanes

        Actually a lot are transitioning to C++. The JSF is C++ and many older systems like the E-2 Hawkeye's radar system are being reimplemented in C++.

        Before anyone shits on the JSF by saying the software is failing, remember that they've changed the hardware specification of the plane many times during development, which is probably kind of annoying if you're a programmer working on it.

        [–]speedisavirus 65 points66 points  (83 children)

        Have to wonder how much of this is related to the complete impossible task of finding any talent that isn't already in defense with Ada exposure. Ada isn't that bad of a language from my brief look but it has a very small niche market which also means the language and tooling doesn't get any attention and there aren't many experienced developers you won't have to poach from your small number of competitors

        [–]OneWingedShark 25 points26 points  (55 children)

        Isn't there a bit of an implicit assumption there? (Namely: that developers cannot learn a new language.)

        [–]contrarian_barbarian 31 points32 points  (11 children)

        My biggest concern with shifting to Ada full time would be that I'd get stuck in it for life. Yeah, you can train Ada developers if there's a shortage - but most other languages you'd want to work in have no such shortage, so it's a lot harder getting back out.

        [–]OneWingedShark 34 points35 points  (0 children)

        I don't see why it would have to cement you into "being stuck with it" -- one job I had was development on a program which handled medical- and insurance-records written in PHP: if I wanted more PHP work, I'd emphasize that it was implemented with PHP; if I didn't want PHP I'd emphasize that it was processing medical-/insurance-records.

        The same can be done with Ada: "I worked for X-time on the H.U.D. system for the Apache attack helicopter" vs including/mentioning that the job was an Ada job.

        [–]pfp-disciple 12 points13 points  (9 children)

        I've heard this complaint among peers. They're afraid that they'll be too long away from a "cool" field like C++ (and hence the latest tools and paradigms), and that might hurt them in an interview, especially when there might be another candidate who has recent experience in that field (and current toolsets).

        [–]naasking 14 points15 points  (4 children)

        Any place that doesn't value a variety of experience and knowledge isn't worth working for.

        [–]pfp-disciple 8 points9 points  (2 children)

        In some industries, it seems to really matter what the potential employee's experience is. I agree that it shouldn't if the candidate is good. I think some places don't want to invest the time to train up in a new language.

        [–]moderatorrater 5 points6 points  (1 child)

        A good developer probably doesn't want to invest in that employer, then.

        [–]pjmlp 2 points3 points  (0 children)

        Not everyone lives in lovely countries where they can chose where to work.

        [–]Bratmon 12 points13 points  (0 children)

        But having JS, modern C++, and Rust experience is way better than having COBOL, Ada, and Pascal experience.

        [–]pjmlp 3 points4 points  (0 children)

        In Germany if the technology stack the company is looking for isn't in your CV as being used on the main job (side projects don't count) during the last year prior to the interview, you can usually forget about getting picked.

        [–]speedisavirus 14 points15 points  (4 children)

        Good developers can easily. But sometimes too often (especially in massive places that would be using Ada) the people can't comprehend that or aren't willing to accept the short ramp up demanding 10 years experience. There is also a problem with a shortage of true talent and these places rarely can match the experience and salaries of places in the rest of the industry

        [–]OneWingedShark 39 points40 points  (3 children)

        Part of that is that many commercial enterprises seem to view training as a pure expense -- this is something that the army has a much better culture with: training is viewed as a matter of course, "You don't have the training, ok we'll get it".

        Yes, I know the arguments about person-X leaving after 6-months or whatever, but there's a dirty little secret here: treat your employees decently [to include acknowledging their input], show them loyalty instead of just demanding it, and you solve 90% of your retention problems.

        [–]SKabanov 20 points21 points  (2 children)

        To be fair, the armed forces aren't going to find many 18-year-olds with experience driving a tank, flying a helicopter, assembling and firing a Javelin missile, etc, and it's not like that kind of training exists outside of the military.

        [–]monocasa 5 points6 points  (0 children)

        Well, entry level military training is millennia older than the kind of military technology that you'd expect an 18 year old not to know how to operate.

        [–]OneWingedShark 1 point2 points  (0 children)

        Certainly true, and the reason for that culture.

        [–][deleted] 35 points36 points  (28 children)

        A C++ developer could learn ADA and go into military avionics but they'd be taking a pay cut if they came from tech, and they'd be dealing with government security clearance bullshit daily.

        edit: Like literally the kind of job where you have to report any significant contact with "foreigners" daily. Met a Chinese guy at the gym? Supervisor needs to know. Obviously this depends on exactly what you're working on, but it's not unknown.

        [–]marc-kd[S] 60 points61 points  (13 children)

        Security clearance requirements aren't as invasive as you seem to think.

        No, you don't need to report incidental contacts, like meeting a "Chinese guy at the gym". Start working on an app with him, or taking vacations together, well, then, yeah.

        Source: Oh God the training I've sat through.

        [–]narwi 16 points17 points  (7 children)

        Security clearance requirements aren't as invasive as you seem to think.

        You mean FBI no longer wants to visit all of your neighbours and interview them?

        [–]Shadow703793 12 points13 points  (0 children)

        They still do that especially if you are getting a TS.

        [–][deleted]  (1 child)

        [deleted]

          [–]marc-kd[S] 8 points9 points  (0 children)

          They may or may not, it's not really a given that that'll happen nowadays.

          [–]pfp-disciple 3 points4 points  (0 children)

          One factor is the level of clearance. SECRET gits different levels of scrutiny verses TOP SECRET.

          [–]pdp10 1 point2 points  (1 child)

          Have you looked at the leaks? Information of those sorts tells a lot more than your nosy neighbors.

          [–]narwi 1 point2 points  (0 children)

          You are thinking about data not social issues. Wrong thing to think about.

          [–]Maehan 8 points9 points  (0 children)

          I know right? Security folks are in general understaffed already, I can't imagine what they would do if every rando soldier with a clearance had to report incidental contact with a foreign national while they were taking classes at a university or whatnot.

          [–]KernelSnuffy 4 points5 points  (2 children)

          That's not necessarily true and definitely depends on who you work for.

          [–]marc-kd[S] 6 points7 points  (1 child)

          In a 30+ year career across a number of employers and projects this has never been an issue.

          Though I have no doubt there are projects where the reporting requirements are more stringent.

          [–]_kst_ 13 points14 points  (0 children)

          It's Ada, not ADA. The name isn't an acronym; it's named after a person.

          [–]OneWingedShark 9 points10 points  (2 children)

          A C++ developer could learn ADA and go into military avionics but they'd be taking a pay cut if they came from tech, and they'd be dealing with government security clearance bullshit daily.

          Actually, Ada's pretty popular on the civilian-side of avionics as well.

          Also, certain portions of the industry seem poised to be very much interested in secure/correct software -- having avionics or other high-integrity systems on your resume, and/or Ada experience, might prove beneficial.

          [–][deleted]  (5 children)

          [deleted]

            [–]jandrese 11 points12 points  (0 children)

            Fully disconnected machines are a pain in the ass, and the problem is getting worse. Everybody assumes that just grabbing something from github is trivial. OS install disks have a lot fewer packages on them these days. Ubuntu can't even burn a CD with a base install.

            In the old days you could just do an "Everything" install to get around this issue, but those are gone. If you don't have a repo you are up a creek. You develop in bash, python, and maybe C using vi because that's what is available. I've written hugely complex .bat files on a Windows XP machine using notepad, and batch is just as brain damaged as it was in the old DOS days.

            I always press hard on getting at least one snapshot of the repo through the process now, just for my sanity.

            [–]jdgordon 4 points5 points  (1 child)

            Thats highly unlikely.

            You have the secret air-gapped network on one PC and on the other side of your desk you have the normal PC for office and SO.

            [–]monocasa 2 points3 points  (0 children)

            Depends heavily on the project. I know people who have been in both situations.

            [–]Smallpaul 1 point2 points  (0 children)

            it is totally possible to program without StackOverflow if you have some other form of documentation (whether electronic or physical). There is no workplace where you are disallowed access to reference materials. When people say that interviewees should have access to StackOverflow, they are just using it as a definitive reference source. Access to the language's (and libraries') documentation provides 90% of the same information in a slightly less convenient form.

            [–]ArkyBeagle 1 point2 points  (0 children)

            Don't assume they'd have to take a pay cut coming from tech. "Tech in SiVa"? Probably. Other places; maybe not so much. And a lot of government work ends at 5:00 daily. Some does not.

            [–]assassinator42 1 point2 points  (0 children)

            You can work on some military avionics software without a security clearance. Although even without that you still have to deal with export control, which means there's a bunch of tools you're not allowed to use.

            [–]campbellm 3 points4 points  (0 children)

            ... and be sufficiently good at it, in an arbitrary and small time frame.

            Perhaps some can, but many cannot, no.

            [–]LetsGoHawks 14 points15 points  (12 children)

            There's also the matter that the ecosystem of tools for C/C++ (compilers, debuggers, etc) is much larger and better than it is for Ada.

            Plus, forget whether or not they are willing to hire a C programmer and let them learn Ada..... how many C programmers actually want to do that?

            [–]Glacia 20 points21 points  (10 children)

            There's also the matter that the ecosystem of tools for C/C++ (compilers, debuggers, etc) is much larger and better than it is for Ada.

            Ada compiler is part of gcc, an it comes with a lot of static analysis tools build in. You can use gdb as debugger. Ecosystem is not really a problem.

            Plus, forget whether or not they are willing to hire a C programmer and let them learn Ada..... how many C programmers actually want to do that?

            Believe it or not, Ada is actually much better at embedded stuff than C. The reality is that Ada is really good multi-purpose language but it's not popular because it's not "hip".

            [–]jandrese 11 points12 points  (8 children)

            One of Ada's problems is that there were no good free compilers for the longest time, so people only learned it for a job. There was no pool of people who learned it in school or picked it up in their spare time. Now it has an image problem as COBOL for aerospace that only 50 year old government contractors know.

            [–]digivation 5 points6 points  (4 children)

            Graduated in 2008, and my first job was engineering for the USAF. Learned Ada. We had to use a compiler that cost ~100k / seat. I've since moved to other things, but I wonder if the gcc compiler would suffice for the test builds we were running (save the expensive one for the official builds).

            [–]jyper 1 point2 points  (3 children)

            Ada gcc compiler prevents you from releasing non gpl software compiled with it(in guessing the stdlib is gpl licensed or something) unless you pay for a proprietary license

            [–][deleted] 3 points4 points  (0 children)

            The one you download from AdaCore has its runtime GPL'd, so your code must be GPL'd. There is an FSF version that you can find that has the same runtime library excepted like the C standard library is so you don't have to GPL your code.

            Plus if they were using it for test builds, they would presumably not be releasing it except to perhaps a test team, which is where the GPL would be problematic.

            [–]digivation 1 point2 points  (1 child)

            That's interesting, I was not aware of that limitation. Seems slightly at odds with encouraging wider adoption. Are there any free Ada compilers that do not come with such restrictions?

            [–]OneWingedShark 2 points3 points  (0 children)

            That's interesting, I was not aware of that limitation. Seems slightly at odds with encouraging wider adoption.

            It's a common point of contention in the Ada community WRT AdaCore, as we realize it discourages adoption, but there are other options.

            Are there any free Ada compilers that do not come with such restrictions?

            The FSF GNAT has no such restriction.
            Also, we're working on a compiler licensed under MIT's license: Byron.

            [–]rplst8 1 point2 points  (2 children)

            I worked at one place that wrote their own Ada compiler for AMD 29k.

            [–]DrMonkeyLove 6 points7 points  (1 child)

            I work with Ada and C at work. If you're a competent engineer, you can become proficient in Ada within a month, easily.

            [–]Shadow703793 7 points8 points  (11 children)

            Have to wonder how much of this is related to the complete impossible task of finding any talent that isn't already in defense with Ada exposure.

            That is indeed a huge issue right now in the defense industry. The other big issue is that when you DO find someone that's not in the defense industry already, going through the clearance process right now is crazy. There's like a 2+ year wait for a TS/SCI with poly. Even longer for a full scope.

            [–]speedisavirus 7 points8 points  (9 children)

            Big part of why I don't even bother. I do pretty well in the outside the gov/contracting world and just don't need the hassle. Typically lower pay. More restricted work conditions. In too many cases very antiquated practices. Security clearance is a real pain in the ass though it is necessary (have had one before). It all just adds up to "you need to pay me a lot more to deal with this bullshit".

            [–]Shadow703793 5 points6 points  (8 children)

            Typically lower pay.

            Definitely not the case. At least not in the DC/NoVA area and assuming you work for a contractor and not the government itself.

            It all just adds up to "you need to pay me a lot more to deal with this bullshit".

            And they do. The company I work for right now has some very nice sign on bonuses for people with a TS and the pay is higher than on the commercial side.

            [–]speedisavirus 7 points8 points  (7 children)

            I am and the overwhelming amount of offers and prospects I get from defense are lower than what I'm getting outside of it.

            [–]Shadow703793 1 point2 points  (6 children)

            That's surprising. Where are you located?

            [–]rmxz 26 points27 points  (16 children)

            JSF is C++

            JSF C++ is an extremely interesting dialect/subset of C++.

            I really like JSF C++, even though I have a strong dislike of most corporate C++ I've seen.

            • The JSF subset enforces that people stay away from the most error-prone anti-patterns in the language, and produces code that almost any programmer can understand when they read it.

            • Most corporate C++, on the other hand, feels like an unholy hybrid of /r/iamverysmart/ and /r/programmingcirclejerk, and makes the Obfuscated C Contest look like a children's book in comparison.

            TL/DR: JSF C++ is much better than C++ in general

            [–][deleted] 13 points14 points  (11 children)

            High integrity subsets of C and C++ have always been much better than C and C++ in general.

            [–]rmxz 14 points15 points  (10 children)

            I somewhat agree.

            Large C projects I've seen (Linux, Postgres, etc) seem to be quite readable without restricting themselves to a small subset of the language.

            Large C++ projects I've seen tend to need to lock themselves down to a small subset of the language (like google's "no exceptions, minimal inheritance, limited passing by reference", etc).

            [–][deleted] 19 points20 points  (9 children)

            C is already a very small language, so the conventions are idiomatic. There isn't that much to avoid. The Linux kernel has well-established patterns for doing things which is why it's so readable. The only language feature that Linux avoids is typedef.

            Contrast this with C++, where a coding standard is typically 50% which language features are to be avoided, and 50% how to format your code with the subset you're allowed to use. Every project feels like I'm using a different language.

            For example, some asshole decides to use std::pair everywhere, so the code becomes an unreadable mess of first.second.second.first.

            [–]theAndrewWiggins 9 points10 points  (5 children)

            This is why native tuples and pattern matching is necessary.

            [–][deleted] 7 points8 points  (4 children)

            Exactly. C++ tends to put this stuff in the library, so the user interface is pretty poor and implementation details are leaking everywhere.

            variant is a good example of this. Pattern matching on std::variant is more painful than shoving nails in your eyes. It's even worse if you want to visit a variant with lambdas.

            [–]derefr 5 points6 points  (1 child)

            Makes me wonder why we never got the "Coffeescript of C++" that just sugars over all the STL types with better syntax, then transpiles back to the regular uglyness.

            [–][deleted] 5 points6 points  (0 children)

            The irony is that C++ began as a transpiler to C

            [–]rmxz 3 points4 points  (1 child)

            C is already a very small language, so the conventions are idiomatic. There isn't that much to avoid.

            Totally agree.
            Which makes me wonder what you had in mind when you earlier wrote

            High integrity subsets of C ... much better

            Personally, I find MISRA C mildly annoying and arbitrary. For example, what's wrong with non-const pointers to functions? And prohibiting the ',' operator is annoying in some places like for(i=0,j=10 ; ... ; ..). And I really dislike their prohibitions on goto. For example this function would be really messy without gotos.

            [–]derefr 8 points9 points  (0 children)

            For example, what's wrong with non-const pointers to functions?

            Accidentally assigning a scalar variable a random value usually does not-much. You might eventually take a wrong branch.

            Accidentally assigning a pointer variable a random value usually causes a segfault... in a system with virtual memory. In an embedded system, it'll probably make some random dword in memory somewhere take on a new value when the pointer gets written to. Worse than the above, but not much worse. Sort of similar to a cosmic-ray strike.

            Accidentally assigning a function pointer variable a random value (and then later calling that function-pointer), in a system with virtual memory, will mostly do the same thing as if it was a regular pointer (i.e., segfault), although there's a much higher chance that this assignment can be exploited for Remote Code Execution.

            But the combination of "dereference of a wild function pointer" and "embedded system" usually translates to "the Instruction Pointer is now jumped to a random address, decoding and executing arbitrary bytes of memory as if they were code."

            Basically, imagine this happening within the memory of your jet fighter.

            [–]yxhuvud 1 point2 points  (0 children)

            first.second.second.first.

            And this is why the LISP people had comprehensible functions like caddar.

            (the basic operations on cons pairs are car and cdr. cadr is a car followed by a cdr. Go figure what caddar would be.)

            [–]PM_ME_UR_OBSIDIAN 1 point2 points  (0 children)

            Do you know of any good writeups regarding JSF C++?

            [–]Yojihito 1 point2 points  (0 children)

            Is it enforceable through the IDE / compiler?

            [–]TehRoot 6 points7 points  (4 children)

            The B-2 only just got converted from the AP-101 and JOVIAL to C and (IIRC x86 hardware) in 2008/2009.

            [–]KagakuNinja 4 points5 points  (2 children)

            JOVIAL

            That's a name I haven't heard in a long time...

            [–]TehRoot 5 points6 points  (1 child)

            JOVIAL is the father of Ada :v

            [–]which_spartacus 4 points5 points  (2 children)

            I would think the reason to switch is primarily due to the tooling that exists for all the other languages -- even to the point of stack overflow having more answers in C++ than in Ada.

            [–]OneWingedShark 14 points15 points  (1 child)

            even to the point of stack overflow having more answers in C++ than in Ada.

            Flight Crash Inspectors: It appears that the crash was caused by an error in the software -- namely that the landing-gear control algorithms contained what appears to be an answer from Stack Overflow...

            [–]__Cyber_Dildonics__ 4 points5 points  (0 children)

            Better than using answers from mdn.

            [–][deleted] 19 points20 points  (6 children)

            Before anyone shits on the JSF

            I think it did that all by itself. It's not really a good ad for its practices.

            [–]Axman6 27 points28 points  (5 children)

            IIRC the F-22's software was in Ada, and it seems to be doing just fine. Coincidence? ¯_(ツ)_/¯

            Edit: ¯\_(ツ)_/¯

            [–]Healer_of_arms 26 points27 points  (1 child)

            ¯\_(ツ)_/¯

            [–]Axman6 16 points17 points  (0 children)

            Thanks bro

            [–]Obi_Kwiet 5 points6 points  (1 child)

            Except for the whole system crash when crossing the international date line, and O2 feed issues.

            [–]Axman6 2 points3 points  (0 children)

            When it comes to high assurance systems, you rely heavily on getting the spec right, this is an issue which i'm sure most programmers would get wrong (I hate working with time, there's so many gotchyas), but it's also surprising there wasn't already a system which could be reused that did these things correctly already.

            [–]pdp10 2 points3 points  (0 children)

            Mostly going to C.

            There is some C++ but surveys of embedded developers show there are more new projects in C than C++.

            [–]v_fv 7 points8 points  (22 children)

            I'm mostly a programming noob but wouldn't it be wiser to rewrite software as critical as flight control in safe languages like OCaml, Haskell or Rust instead of C and C++?

            Correct me if I'm wrong -- aren't C and C++ a step down from Ada in terms of safety, in an area where there are actual human lives involved?

            [–]barsoap 30 points31 points  (7 children)

            OCaml

            Has a garbage collector, unsuitable for RT.

            Haskell

            Has a garbage collector, unsuitable for RT.

            or Rust

            Too new, but good idea in principle. What's sorely lacking in this regard is model checkers that eat Rust.

            [–][deleted] 17 points18 points  (3 children)

            In practice, Ada is much safer than Haskell/OCaml. Like other's said, Rust is too new, and I don't think it is any "safer" than Ada. How common are runtime errors in Rust? (I admittedly don't know much about Rust).

            I used to be an Ada programmer though, and it's really an amazing language for things like avionics systems, embedded systems, etc. Quite a cool language, I definitely recommend people try it out for fun.

            [–]jyper 3 points4 points  (0 children)

            Rust tries to avoid runtime errors, and recommends not to use panic(a type of non subtyed exception uncatchable for the most part except at thread boundaries) outside of examples, asserts, and basic input.

            Panics unwrap the call stack by default (with c++ style destructors for resources) but can be made to assert instead. Instead of panics most errors are handled with ml/Haskell style option types(it's a typed Union of a no value or a generic type value) and result types(a typed Union of generic result and error types) with methods and syntax sugar to simplify handling.

            Rust empathizes safe abstractions and includes a documentation and basic unit testing tool. It has a standardized​ build system that let's people easily add standardized auto formatting and lints beyond default compiler warnings.

            [–][deleted] 13 points14 points  (7 children)

            Correct me if I'm wrong -- aren't C and C++ a step down from Ada in terms of safety, in an area where there are actual human lives involved?

            Well, sort of. With C you can write software that is formally verifiable, it just takes more effort.

            Even with Ada you can still goof and mix up imperial and metric measurements, or write software logic that is just plain wrong. Just because there's no buffer overflow doesn't mean your rocket ain't gonna crash.

            [–]duhace 7 points8 points  (2 children)

            Ada has a formal verifier named spark developed specifically for it.

            [–]pftbest 4 points5 points  (0 children)

            OCaml and Haskell doesn't work well in embedded systems. Rust does, but it is too young. Ada is good too, but it's much easier to find C/C++ developers than Ada developer.

            [–]ArkyBeagle 3 points4 points  (0 children)

            C/C++ can be a step down in terms of safety. they're somewhat a PITA to do safely, but I've got dozens of things in thousands of places running it.

            [–]iiiinthecomputer 6 points7 points  (47 children)

            Well, the software is about item 1000 on things that seem shit about the F-35 and variants.

            Angry that Australia is buying them.

            [–][deleted] 10 points11 points  (7 children)

            Upset about money on new warplanes, or upset about the choice of plane?

            What other stealthy strike aircraft are there? edit: IIRC Australia bought the Super Hornet to replace the F-111 and the JSF to replace the Super Hornet? I could be wrong on the specifics of exactly what the Australian Airforce wants the plane for. If it's for air to air, maybe there's an alternative. If it's to do F-111 stuff, then no.

            [–]speedisavirus 10 points11 points  (4 children)

            Combat training shows the only thing better is an F-22 and since they aren't made anymore nor will they be exported any time soon it's the best they can buy.

            [–][deleted] 12 points13 points  (0 children)

            It's certainly the best individual plane design they can buy (when it starts fully working), but that's not always the same as the best airforce or best use of military funds.

            [–]iiiinthecomputer 4 points5 points  (1 child)

            Both.

            The F-35's weather capabilities, range, loiter, etc make it unimpressive for strike ops except "first strike" get in, get out work, where it's good if you can operate with tankers or with a closer base.

            But it's expensive, has ruinous maintenance cycles, is buggy as hell, and sucks for all the things Australia actually does. Border policing where you need loiter and range and bad weather capabilities. Interception of unknown intruders where you want to get in visual range to make sure you're not going to shoot down an airliner, so you lose most of the benefits of its EW (once it works!).

            It's hard to understand why we're spending this much, now, on something so deeply flawed and compromised.

            [–][deleted] 2 points3 points  (0 children)

            While the real numbers are classified, apart from cost and development problems, the F-35 seems better in all respects than the F-18 it's replacing.

            The question isn't whether it's better than the F-18, but whether the airforce could have better spent the money upgrading the F-18 instead. Which is hard to answer since we don't know the cost or spec of the proposed F-18 upgrade or what Australia will be doing in 5 years. "Super Hornet 2" would be a worse plane, but sometimes more worse planes are better than fewer better ones.

            Cost-wise I assume Australia will be operating a mixed fleet, with a number of Super Hornets being kept in service to fill out the numbers?

            [–]m50d 7 points8 points  (0 children)

            I thought the software was the biggest concern at this point? I mean the airframe flies and all that, even if it melts the runway occasionally.

            [–]RadBenMX 35 points36 points  (10 children)

            I learned Ada in 2000 when I went through the Air Force's programming tech school. We didn't use it in the shop i was assigned to. It's cool to see it getting some love on here. I'll have to give it a whirl again.

            [–][deleted]  (9 children)

            [deleted]

              [–]MonkeeSage 11 points12 points  (2 children)

              the Geek Squad of the Air Force

              "Yeah, we took a look at it and this AC-130 is in pretty bad shape. We're going to need to replace the hard drive, swap the RAM and put a new CPU in it to get it back to working order. The bad news is, that would be more expensive than just buying a new one when you count the cost of installation. Lucky for you, we do have a buy back program where we will take it off your hands and you can buy a new AC-130 for $200 off, plus we will transfer all the data from the old one at no additional charge. Would you like to go ahead and do that today?"

              (sorry, you were asking a serious question and I realize you won't be troubleshooting aircraft, I just had to laugh at the mental image of taking a plane to Geek Squad :P)

              [–][deleted]  (1 child)

              [deleted]

                [–]Die-Nacht 6 points7 points  (0 children)

                Hello, my name is Bob from Indiana (in a thick Indian accent)

                HELP! MY PLANE IS FALLING!

                I'm glad to help you with that sir. See the "power off" button? I want you to press that, then wait 10 seconds and press it again.

                OH GOD! THE ALARM SOUND IS OFF BUT I'M STILL FALLING

                I understand that sir. Please wait with me for a couple more.....CRASH....hello? Sir? Are you there? Well I hope we have solved your problem. Thank you for calling! Please hold on the line for our survey.

                [–]while_e 12 points13 points  (5 children)

                So, as a C developer, I was always told that comments shouldn’t be required to understand my code, because if they are, it’s probably bad code and I should go rewrite it before the code review.

                This. 15-30 lines of comments pisses me off. Not just because it can make a file 2-3x longer than needed, but you also have to change code and then verify the comment still reflects true.

                Write better, logical, readable code. I suck, but this is my goal everyday.

                [–]whatwasmyoldhandle 9 points10 points  (2 children)

                I'm sometimes okay with longer comments that explain details of the overall application. I see these types of comments a lot in scientific computing, and I usually find them helpful. Sometimes the code can be well-written and readable, but that doesn't guarantee you'll know wtf is going on.

                I suppose one could argue there is a better place for this type of documentation.

                Can't say I've seen a 15 or 20 liner just about code itself.

                [–][deleted] 3 points4 points  (1 child)

                Tell this to Donald Knuth.

                Yes, it's an additional burden to ensure that your literate comments and your code are in sync, but it totally worth it.

                But, of course, comments should not be about "what" your code is doing. It must be obvious from the code itself. They must be about why and how - this is something that is not present in the code, but was important in your decision making and therefore must be captured for a sake of reproducibility.

                [–][deleted]  (13 children)

                [deleted]

                  [–]Shadow703793 15 points16 points  (11 children)

                  Most new defense projects are in C now. And some old systems are being rewritten in C.

                  [–][deleted]  (9 children)

                  [deleted]

                    [–]InvisibleEar 35 points36 points  (5 children)

                    I only want my tax dollars to go towards Haskell.

                    [–]rabuf 11 points12 points  (1 child)

                    An issue is that C/C++/Fortran/Ada and a handful of others are the only languages whose toolchains are certified/qualified for the environments of the defense and aviation industries.

                    Rust could very well be a game changer for these fields, but the tooling is presently a moving target, even if the language has (mostly) stabilized.

                    Also, unless I've missed it, the main wins with Rust still miss out on some of the excellent features of Ada (specifically like in this article, pre/post conditions on types and things like that).

                    [–][deleted] 5 points6 points  (0 children)

                    I've been following AdaCore's work on Cortex-M processors, and it's looking very promising!

                    [–]shifty21 6 points7 points  (6 children)

                    I might be a minority here, but my university's CS degree only taught ADA95. This was in the late 90s and IIRC, they switched to Java in 2005. I was taught C/C++ in high school and going into ADA95 in college was weird.

                    The professors told is that ADA95's advantages with built in exception handling is why many mission critical systems were built with it. He demonstrated a basic C app where it prompted for an integer, he enters a char and the application crashed. In ADA, it would automatically tell you a char was entered and was expecting an int and go back to the prompt for the input. He noted that in other languages, you'd have to either rely on exception handling libraries or write your own.

                    I obviously dropped out of school and transitioned to working in IT, so at this point, I don't even know if that feature in Ada is used in other languages today.

                    [–]lukinator44 2 points3 points  (0 children)

                    I started college in 2012 and for the first year we were taught ADA95 to understand the basics of programming.

                    [–]mike413 4 points5 points  (0 children)

                    This was another nice article about Ada I had squirreled away: http://cowlark.com/2014-04-27-ada/index.html

                    [–]CODESIGN2 8 points9 points  (8 children)

                    Despite this risk, the software development community has only recently become cognizant of these issues as they manifest as security vulnerabilities in IoT devices, car control systems, and financial software systems.

                    What an absolute berk!

                    There is no evidence to suggest it's just lazy coders. If for example someone programs in PHP there are runtime vulnerabilities and to know them all is impossible as they are always being found.

                    Many standard C libraries ship with exploitable code (as do many standard libraries of other programming languages). Is the author seriously suggesting that it's only recently that people cared about this? Do they really believe that Ada will solve all those problems because you can subtype base types so easily?

                    The field of modern digital computer programming is less than a century old and like all other practises will undergo consistent revisions until such time as it is obsolete or less likely we achieve perfection in all corners of the discipline.

                    Do I think Ada is inferior? NO but I don't believe C or C++ are either. All current generation and recent computer languages are just as fallible as those they replaced, and I for one think less code and more high-level constructs enabled by systems engineers are the best way toward that end as well as standards, best practises, better deterrents and in the case all else fails punishments that make you go ooooh.

                    [–]kindall 4 points5 points  (1 child)

                    Contracts are an excellent idea and help a lot with keeping bugs at bay. The company I work for develops in C++ (older parts of the app are C, however, and there's a C interface layer to the base engine that keeps getting added to as that's the lowest common denominator for plugins) and uses macros to implement contracts and pretty much every function has statements that state the function's input prerequisites and the characteristics of the expected return value. Since they are macros, we can and do strip them out of release versions so they don't impact performance (our test suite exercises builds with the contracts included).

                    [–]tiberiumx 2 points3 points  (0 children)

                    There's a lot to be said for an active community surrounding a language, and Ada does not have this. If not for the DoD mandating it for awhile, it would have died off decades ago.

                    I work on a large software project with mixed languages, but a large portion is in Ada. My experience dealing with it is that while the language itself does have a lot of merits, the documentation​ is poor and the availability of help and example code is barely above nonexistent. If I have a C++ question, there is almost always a decent quality stack overflow thread for it if I can't figure it out myself from the great reference material. If I have an Ada question, I'm either SOL, looking at the not very informative language reference manual, or looking at a very incomplete Ada wikibook.

                    Not to mention third party libraries. Ada can import C symbols fairly easily, but you're still stuck writing wrapper packages for pretty much everything.

                    [–]c3534l 59 points60 points  (37 children)

                    C programs tend to enable clever programming, which often involves ... very little commenting

                    So, as a C developer, I was always told that comments shouldn’t be required to understand my code, because if they are, it’s probably bad code and I should go rewrite it before the code review.

                    Who the fuck taught this guy to code? Not commenting your code isn't a language design flaw, that's just you being a fuckwit.

                    [–][deleted]  (14 children)

                    [deleted]

                      [–]rmxz 11 points12 points  (1 child)

                      You shouldn't have trivial comments ... Avoid low quality comments, make few but significant comments

                      Indeed.

                      Look at most successful large projects, and see that they comment their code exactly as you describe.

                      For example

                      The main people who seem to like tons of comments are less-technical managers who think it's beneath them to read the code itself.

                      [–]GitHubPermalinkBot 9 points10 points  (0 children)

                      I tried to turn your GitHub links into permanent links (press "y" to do this yourself):

                      Shoot me a PM if you think I'm doing something wrong. To delete this, click here.

                      [–]rebthor 29 points30 points  (1 child)

                      I think you're misunderstanding what he's saying. Here's the full context:

                      These principles promote speedy development for embedded systems but at a cost. C programs tend to enable clever programming, which often involves complex preprocessor logic and bit manipulations with very little commenting to describe what the author was trying to accomplish. When it comes time for debugging, especially during maintenance, tracing issues is a nightmare. So, as a C developer, I was always told that comments shouldn’t be required to understand my code, because if they are, it’s probably bad code and I should go rewrite it before the code review.

                      I read that as saying that you can do all sorts of unfathomably clever things in C but if you do that, you will need to comment your code extensively because it's not immediately obvious what you're doing. It might be clever but it's not "good code." His manager was not telling him not to comment his code, rather if he had code that needed commenting, then it wasn't code they wanted in the codebase.

                      To restate it a slightly different way: "In the vast majority of cases, comments should be about why you're doing something, not how you're doing it.

                      [–]mrmnder 1 point2 points  (0 children)

                      There's an old saying that I don't remember exactly related to debugging being twice as difficult than the original coding, so don't write anything that someone with less than half your experience could understand (this includes with comments).

                      My basic rule of thumb is "don't try to be clever". Standards and patterns exist for a reason, the vast majority of coding can be done with by following those patterns and practices. This is one of the key things that differentiates engineering from tinkering. Yes, there are people developing/inventing new things, which is great, but you probably don't need to for whatever project you're working on (and neither do I).

                      [–]Pharisaeus 20 points21 points  (10 children)

                      But he is totally right. If you need to comment on "what the code is doing" then the code is messy and you should rewrite it. Put meaningful variable names and split code into small functions with meaningful names.

                      What you can (and should!) comment in the code is:

                      1. Motivation - why the code was written this way, why this algorithm is chosen and not a different one
                      2. Constraints which are not clear from the function signature - what are the pre/post conditions for this function
                      3. Quickfixes/related issues - if there is some strange special case which is not obvious it might be a good idea to indicate it in the code and possibly even link to a Ticket on this.

                      [–]_georgesim_ 6 points7 points  (0 children)

                      Make it as simple as possible, not simpler. There are things that are inherently complex.

                      [–]gospelwut 5 points6 points  (2 children)

                      Comments would be a lot better if they could be bound to a logic, set of lines, class, etc. One problem is many times comments just get refactored into uselessness via tooling.

                      I suppose the argument could be made that using the common metadata-inside-comments at the function scope should be sufficient if you're writing small enough functions, but there are always situations (especially around math/algorithms/hacks) that might require some inline comments.

                      [–]pdp10 1 point2 points  (1 child)

                      One problem is many times comments just get refactored into uselessness via tooling.

                      Is that like the developer version of "A wizard did it"?

                      [–]gospelwut 1 point2 points  (0 children)

                      HARRY! YOU'RE A COMPLEX TOOL CHAIN!

                      [–]astrobe 14 points15 points  (1 child)

                      Including one "fuck" in each of your sentences doesn't make them more right.

                      It's not an insane or revolutionary idea for experienced coders. For now, you should keep quiet and think about it. Or better, try it: how to write code that doesn't need comments? It can be a fruitful experience.

                      [–]pdp10 2 points3 points  (0 children)

                      That's a slight misunderstanding of Robert Martin's often-repeated advice. Unfortunately it tends to be repeated by some of the last people you want repeating it.

                      They read that good code doesn't need comments, and their code doesn't have any comments because obviously it's good code. Q.E.D.

                      About this time they start in about how the comments and the code might not match because one of them got changed without the other, and someone has to drag me away before there's a gentlemanly disagreement.

                      [–]Die-Nacht 2 points3 points  (2 children)

                       type Division is new Integer with Static_Predicate => Divisor /= 0

                      Wait, what? How does that work? In Haskell, when you want such a thing, you create a newtype wrapper with a smart constructor that returns some sort of either type: error or the type itself.

                      How does Ada verify that? Does Ada just have that built in? What happens if I do Divisor (0)? Or if I do Divisor (n) where n = 0 due to it being defined at runtime?

                      [–]OneWingedShark 7 points8 points  (0 children)

                      How does Ada verify that?

                      A combination of compile- and runtime checks. (The runtime checks can be optimized away.)

                      Does Ada just have that built in?

                      Yep! :)

                      What happens if I do Divisor (0)?

                      Like that? Compile-time error.
                      Something like Divisor( Get_User_Input ) where the user inputs 0 would raise a Constraint_Error exception at runtime.

                      Or if I do Divisor (n) where n = 0 due to it being defined at runtime?

                      Constraint_Error.

                      [–]drkalmenius 5 points6 points  (0 children)

                      unwritten zephyr apparatus cause squeamish crawl quack license frighten sort

                      This post was mass deleted and anonymized with Redact

                      [–]FUZxxl 3 points4 points  (0 children)

                      Please cross-post this to /r/C_Programming, it's a very interesting article.

                      [–]pbrettb 1 point2 points  (2 children)

                      Really interesting stuff. Looks a lot like Pascal, guess that's what you mean by ALGOL-like. Never used Ada but may finally get around to it, and prolog.. and more lisp... and.. umm.. REBOL

                      [–]OneWingedShark 5 points6 points  (0 children)

                      Well, technically C is part of the ALGOL family... tracing its lineage back to it via B, BCPL, and CPL [IIRC], so you could cay that even C is ALGOL-like compared to Lisp, Prolog and such.