This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Converting GCC to compilation with C++

From: Robert Dewar <dewar at gnat dot com>
To: Mike Stump <mrs at apple dot com>
Cc: nathan at codesourcery dot com, Paolo Bonzini <bonzini at gnu dot org>,gdr at acm dot org, gcc at gcc dot gnu dot org, Joe Buck <joe dot buck at synopsys dot com>,Mark Mitchell <mark at codesourcery dot com>
Date: Tue, 13 Jul 2004 23:40:40 -0400
Subject: Re: Converting GCC to compilation with C++
References: <40F2C9D5.20703@codesourcery.com> <"32805.::ffff:128.194.146.35.1089667109.squirrel"@webmail.nerim.net> <20040712142843.A7657@synopsys.com> <40F34A8D.2010601@gnat.com> <"32794.::ffff:24.250.169.187.1089704266.squirrel"@webmail.nerim.net> <40F3F25F.4070507@gnat.com> <40F3F75A.409@gnu.org> <"33027.::ffff:24.250.169.187.1089738114.squirrel"@webmail.nerim.net> <40F45358.5010004@gnat.com> <72487752-D51E-11D8-A2A3-000393941EE6@apple.com>

Mike Stump wrote:

On Jul 13, 2004, at 2:25 PM, Robert Dewar wrote:
Well it is interesting to note that the use of dynamic dispatching
in safety-critical programs is extremetly problematic
And callback functions and function pointers then are a breeze? Or, are they just as hard?

They are easier. Why? Because the typical structure is that several callers pass a callback, and then the callback occurs. At the point where the callback occurs, the possible paths of control are delineated by the several possible calls, and MCDC testing can trace each of these possible paths of control.

For dynamic dispatching, every call of a virtual function can conceptually call any of the instances of the function. But in practice many of these paths of control will not be excercizable due to (arbitrarily difficult and complex) logic constraints of the program. It will then be necessary to prove that these paths are impossible to justify not testing them. That can be very tricky.

People are working hard to figure out how to address this problem,
but there is a fundamental clash. In a certain sense, dynamic
dispatching is about NOT being sure where the path of control
will lead, but rigorous testing requires that all possible
paths be understood and tested.

Now why is this relevant? Well the danger is that the same
features that make a program hard to test can make it hard
to understand. It is of course not the case that all uses of
dynamic dispatching are difficult to understand, and indeed
in some cases, the judicious use of this and other similar
features can indeed make code easier to read and maintain
(the only objective that is interesting to me :-) However,
lots of programmers seem to make a horrible mess of
inheritance structures, and I continue to worry about
allowing these general approaches in the context of a
project on which many people work.

Maybe we should all wait for the new gcj code to see how we
all react to this experiment.

After all, I certainly do not insist that all components
of gcc be written in C (or we would have to do a big rewrting
job for GNAT :-)

Follow-Ups:
- Re: Converting GCC to compilation with C++
  - From: Kai Henningsen

References:
- Converting GCC to compilation with C++
  - From: Mark Mitchell
- Re: Converting GCC to compilation with C++
  - From: Joe Buck
- Re: Converting GCC to compilation with C++
  - From: Robert Dewar
- Re: Converting GCC to compilation with C++
  - From: Robert Dewar
- Re: Converting GCC to compilation with C++
  - From: Paolo Bonzini
- Re: Converting GCC to compilation with C++
  - From: Robert Dewar
- Re: Converting GCC to compilation with C++
  - From: Mike Stump

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]