[OneWingedShark]

As a C/C++ weenie, I agree entirely. Mission critical code that involves lives need to be in Ada or MISRA C or something safer than C/C++. Barring that, a *whole* lot more testing and review need to be done than what appears to have been done so far on this codebase.

I hear what you're saying; from my POV though it seems that design is what's skimped on in "the industry" -- granted, I've never been involved in a safety-critical codebase such as aviation, but there seems to be a lot of we don't have time to do it right, we need to do it quick mentality that seems to discourage up-front planning. (Indeed, it seems to discourage using the right-tool-for-the-job and encouraging a "sledgehammer"/continuous-debugging method of development and discourage training.)

I'm very impressed/excited about the new Ada 2012 standard which lets you do something like this:

    -- SSN format: ###-##-####
    Subtype Social_Security_Number is String(1..11)
      with Dynamic_Predicate =>
        (for all Index in Social_Security_Number'Range =>
          (case Index is
           when 4|7 => Social_Security_Number(Index) = '-',
           when others => Social_Security_Number(Index) in '0'..'9'
          )
         );

Which ensures a SSN is properly formatted on parameters and return-values of the Social_Security_Number subtype (you can also check with String_Var in Social_Security_Number); there's also pre-/post-conditions, type-invariants and other nice design-by-contract stuff that (unlike annotated comments) won't go stale.

[PrairieDawg]

Maybe the availability of the GNAT toolchain will get people to play more with Ada. The 2012 version has some OO constructs AND all the safety (Ravenscar profile, etc) stuff that is needed. Plus, in my experience (limited though it is) I've seen that if you can *compile* an Ada program, it'll almost always do what you thought it would (less debug due to more stringent compiler). Hmm. Maybe I'll go download the latest and do some playing...

Fregards,
PrairieDawg