From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-ArrivalTime: 2003-12-26 06:58:06 PST Path: archiver1.google.com!news2.google.com!fu-berlin.de!uni-berlin.de!69.26.224.5!not-for-mail From: Alan Balmer Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems Date: Fri, 26 Dec 2003 07:58:03 -0700 Organization: Balmer Consulting Message-ID: <1riouv4pi49nqjl5r4vsn71bh69891ips7@4ax.com> References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com> <2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com> <20619edc.0312221020.3fd1b4ee@posting.google.com> <20619edc.0312222106.3b369547@posting.google.com> <45cs9hAbLc6$EAAx@phaedsys.demon.co.uk> <20619edc.0312241459.65106afe@posting.google.com> Reply-To: albalmer@spamcop.net NNTP-Posting-Host: 69.26.224.5 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: news.uni-berlin.de 1072450684 13763736 69.26.224.5 ([162642]) Cancel-Lock: sha1:h8/AOYfYi6NjgEW216RX9/BNmgU= X-Newsreader: Forte Agent 1.93/32.576 English (American) X-NFilter: 1.2.0 Xref: archiver1.google.com comp.arch.embedded:6122 comp.lang.ada:3813 Date: 2003-12-26T07:58:03-07:00 List-Id: On 24 Dec 2003 14:59:57 -0800, snarflemike@yahoo.com (Mike Silva) wrote: >Chris Hills wrote in message news:<45cs9hAbLc6$EAAx@phaedsys.demon.co.uk>... >> In article <20619edc.0312222106.3b369547@posting.google.com>, Mike Silva >> writes >> > >> >Some more interesting reading (note that MISRA acknowledges that there >> >are better languages than C for safety-critical work): >> >> That will change. > >I'd like to hear your thoughts on the noted 100:1 residual error >improvement between SPARK code and C code, all DO-178B level A. Do >you think the C code examined did not use "a subset, coding standards >and static analysis"? If they didn't, who does? Is your claim that, >properly used, C can yield equivalent residual error rates as SPARK? That seems obvious. It's possible to write a C program with *no* residual errors. It may be easier to write a SPARK program with no residual errors, but there's no law that says C programs have to have more errors. >If so, why do you think the code examined in the study was a 100 times >worse? > Hard to tell, from the given data. Direct access to the study would be needed. I would be surprised if the authors of the study didn't do some analysis of causes. -- Al Balmer Balmer Consulting removebalmerconsultingthis@att.net