new | ask | show | jobs
phoehne 3 days ago  [ - ]

Yes, we re-invent the wheel. The more time you spend writing software for a living, the more you will see the wheel re-invented. But Ada and Rust are safe under different definitions of safety. I view Rust as having a more narrow definition of safety, but a very important notion of safety, and executed with brutal focus. While Ada's definition of safety being broader, but better suited to a small subset of use cases.

I write Rust at work. I learned Ada in the early 1990s as the language of software engineering. Back then a lot of the argument against Ada was it was too big, complex, and slowed down development too much. (Not to mention the validating Ada 83 compiler I used cost about $20,000 a seat in today's money). I think the world finally caught up with Ada and we're recognizing that we need languages every bit as big and complex, like Rust, to handle issues like safe, concurrent programming.

afdbcreid 2 days ago  [ - ]

I don't know Ada; care to explain why its definition of safety is broader than Rust?

I agree Rust's safety is very clearly (and maybe narrowly) defined, but it doesn't mean there isn't focus on general correctness - there is. The need to define safety precisely arises because it's part of the language (`unsafe`).

yukeabu 2 days ago  [ - ]

Rust’s built-in notion of safety is intentionally focused on memory + data-race properties at compile time. logic, timing, and determinism are left to libraries and design. Ada (with SPARK & Ravenscar) treats contracts, concurrency discipline, and timing analysis as first-class language/profile concerns hence a broader safety envelope.

You may choose to think from safety guarantee hierarchy perspective like (Bottom = foundation... Top = highest assurance)

Layer 6: FORMAL PROOFS (functional correctness, no RT errors) Ada/SPARK: built-in (GNATprove) Rust: external tools (Kani, Prusti, Verus)

Layer 5: TIMING / REAL-TIME ANALYSIS (WCET, priority bounds) Ada: Ravenscar profile + scheduling analysis Rust: frameworks (RTIC, Embassy)

Layer 4: CONCURRENCY DETERMINISM (predictable schedules) Ada: protected objects + task priorities Rust: data-race freedom; determinism via design

Layer 3: LOGICAL CONTRACTS & INVARIANTS (pre/post, ranges) Ada: Pre/Post aspects, type predicates (built-in) Rust: type states, assertions, external DbC tools

Layer 2: TYPE SAFETY (prevent invalid states) Ada: range subtypes, discriminants Rust: newtypes, enums, const generics

Layer 1: MEMORY SAFETY & DATA-RACE FREEDOM Ada: runtime checks; SPARK proves statically Rust: compile-time via ownership + Send/Sync

naasking 2 days ago  [ - ]

As the OP mentioned, restricted number ranges:

    with Ada.Text_IO; use Ada.Text_IO;

    procedure Restricted_Number_Demo is

        -- Define a restricted subtype of Integer
        subtype Small_Positive is Integer range 1 .. 100;

        -- Define a restricted subtype of Float
        subtype Probability is Float range 0.0 .. 1.0;

        -- Variables of these restricted types
        X : Small_Positive := 42;
        P : Probability    := 0.75;

    begin
        Put_Line("X = " & Integer'Image(X));
        Put_Line("P = " & Float'Image(P));

        -- Uncommenting the following line would raise a Constraint_Error at runtime
        -- X := 200;

    end Restricted_Number_Demo;