Should I choose Ada, SPARK, or Rust over C/C++?
Should I choose Ada, SPARK, or Rust over C/C++?
by Quentin Ochem – Sep 26, 2024. At AdaCore, we’re in the business of supporting people who develop high-integrity software, in particular for embedded systems. In terms of programming languages, this means supporting the most commonly found candidates, which in 2024 include C/C++, Ada/SPARK, and…
While it's great to have the ability to write proofs, I feel like the article makes it sound like it's some magic bullet that solves all the problems you have with mistakes and bugs in other languages. But really, there's nothing forcing you to even write said proofs, or define them properly, or turn spark mode on... so you can still make very large mistakes IMO that won't be caught by the compiler.
agreed, and you have to get the proofs perfect, in whatever language in which they are expressed, to be useful. like you have to get the code correct twice to make sure it works once.
i think having safe patterns/apis where the compiler can automatically spot classes of potential error is a better approach
strong typing "Limited" in Rust? hmm :)
They're comparing it to Ada so maybe it's arguable. I'm not too familiar with Ada but I think it does have some type features that Rust doesn't. Though the example they gave (newtypes) is fairly easy in Rust too, and I'm sure Rust has type features Ada doesn't too.
Might be relevant to mention that Rust has formal verification methods available as well, similar to SPARK, but also optional. One that looks pretty appealing is this one: https://verus-lang.github.io/verus/guide/overview.html