From: "Ludovic Brenta" <ludovic@ludovic-brenta.org>
Subject: Re: procedural vs object oriented
Date: 27 Apr 2006 03:42:10 -0700
Date: 2006-04-27T03:42:10-07:00 [thread overview]
Message-ID: <1146134530.434869.47230@t31g2000cwb.googlegroups.com> (raw)
In-Reply-To: <1xs8jrwjj0dx2$.1ksjkyqyhimw9$.dlg@40tude.net>
Dmitry A. Kazakov wrote:
> On Thu, 27 Apr 2006 07:22:21 +0200, Ludovic Brenta wrote:
>> According to Robert Dewar during FOSDEM, nobody uses OOP in avionics
>> software, because the uncertainty inherent to dynamic dispatching
>> hinders certification. Is someone on this newsgroup in a position to
>> give a counter-example?
>
> Can't tell about avionics, but what uncertainty of dynamic dispatching is
> meant? Or, maybe, "certification" is the context of? Then which
> certification, according to which criteria?
Dynamic dispatching, by definition, means that you don't know which
subprogram you call at run-time. The compiler guarantees that the call
will succeed (i.e. that there exists a subprogram to dispatch to), but
there is uncertainty about which one it is.
DO-178B does not prohibit dynamic dispatching; it only requires that
the program be completely deterministic, and it requires the software
developers to provide reasonable proof that the program is indeed
deterministic.
If you use dynamic dispatching in a program, you must therefore prove
that you know precisely which subprogram you call each time you execute
the dispatching call. At DO-178B level A, you must also prove that the
machine code in the executable program dispatches correctly and in a
deterministic way, in bounded time and memory conditions. This
additional burden of proof is on the developer. That's what I meant
when I said that dynamic dispatching hinders certification.
The question of "how to I use dynamic dispatching while keeping the
certification costs reasonable" is quite interesting, complicated, and
has received a lot of thought, but no clear answer has come out of it.
So, for now, the only clear-cut answer in the conservative world of
avionics is, "you don't."
> Talking about uncertainty in general, what about "inherent uncertainty" of
> a procedure call? Can you tell which procedures will be called and when at
> run time? If you can then, you can also do it for dispatching calls. Are
> generic bodies more certain? With "with function "*" (Left, Right : Foo)
> return Foo"? Really?
A static procedure call has no uncertainty: when you read the program
source, you know exactly which subprogram is called, even in the
presence of overloading.
When you instantiate a generic, you also know exactly which subprogram
you pass as a parameter. Again there is no inherent uncertainty here.
At Barco, our coding standards prohibit access-to-subprogram values,
and require all generics to be preelaborated. Thus they eliminate all
uncertainty and make all subprogram calls statically deterministic.
Needless to say, our coding standards also prohibit dynamic
dispatching.
--
Ludovic Brenta.
next prev parent reply other threads:[~2006-04-27 10:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-26 8:16 procedural vs object oriented Ananth the Boss
2006-04-26 9:17 ` Jean-Pierre Rosen
2006-04-26 17:44 ` Jeffrey R. Carter
2006-04-26 12:52 ` Dmitry A. Kazakov
2006-04-27 1:33 ` bh
2006-04-27 5:22 ` Ludovic Brenta
2006-04-27 7:36 ` Dmitry A. Kazakov
2006-04-27 10:42 ` Ludovic Brenta [this message]
2006-04-27 11:07 ` Maciej Sobczak
2006-04-27 12:03 ` Ludovic Brenta
2006-04-27 17:19 ` Pascal Obry
2006-04-27 15:51 ` Georg Bauhaus
2006-04-27 12:45 ` Dmitry A. Kazakov
2006-04-27 13:20 ` Ludovic Brenta
2006-04-27 14:24 ` Alex R. Mosteo
2006-04-27 15:17 ` Ludovic Brenta
2006-04-27 16:11 ` Alex R. Mosteo
2006-04-27 20:19 ` Ludovic Brenta
2006-04-27 14:01 ` Jean-Pierre Rosen
2006-04-28 7:46 ` Dmitry A. Kazakov
2006-04-27 15:38 ` Peter Amey
2006-04-27 20:20 ` Ludovic Brenta
2006-04-27 6:55 ` Ananth the Boss
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox