From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f948976d12c7ee33
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-06-25 11:00:49 PST
Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: snarflemike@yahoo.com (Mike Silva)
Newsgroups: comp.lang.ada
Subject: Re: Boeing and Dreamliner
Date: 25 Jun 2003 11:00:48 -0700
Organization: http://groups.google.com/
Message-ID: <20619edc.0306251000.16758c31@posting.google.com>
References: <mailman.4.1056169754.352.comp.lang.ada@ada.eu.org>
 <zN9Ja.2184$N%6.569@nwrdny02.gnilink.net> <3EF5F3F3.6000806@attbi.com>
 <e2e5731a.0306231813.35f7dd7a@posting.google.com>
 <pNOJa.9904$Kg7.2691@nwrdny01.gnilink.net>
 <slrnbfgb3u.40l.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <BaYJa.40611$hI1.26447@nwrddc01.gnilink.net>
 <f9OdnbIRp--PSGWjXTWJjA@gbronline.com>
 <Qc6Ka.14618$Kg7.12799@nwrdny01.gnilink.net>
NNTP-Posting-Host: 154.6.152.68
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1056564049 8251 127.0.0.1 (25 Jun 2003 18:00:49
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 25 Jun 2003 18:00:49 GMT
Xref: archiver1.google.com comp.lang.ada:39734
Date: 2003-06-25T18:00:49+00:00
List-Id: <comp.lang.ada>

Hyman Rosen <hyrosen@mail.com> wrote in message news:<Qc6Ka.14618$Kg7.12799@nwrdny01.gnilink.net>...
> Wesley Groleau wrote:
> > In some application domains, using C++ should be criminal.
> 
> Umm, no.
> 
> > The fact that Ada is not perfect will NEVER justify using
>  > something that's worse when lives are at stake.
> 
> C++ isn't worse. It's different. 

Here's a report that reaches a different conclusion:

&#8220;....results of the UK
Ministry of Defense&#8217;s own retrospective
IV&V program that was carried out by
Aerosystems International at Yeovil in the
UK. It should be remembered that the
code examined by Aerosystems had
already been cleared to DO-178B Level A
standards, which should indicate that it
was suitable for safety-critical flight purposes.
Key conclusions of this study follow:
&#8226; Significant, potentially safety-critical
errors were found by static analysis in
code developed to DO-178B Level A.
&#8226; Properties of the SPARK code
(including proof of exception freedom)
could readily be proved against
Lockheed&#8217;s semi-formal specification;
this proof was shown to be cheaper
than weaker forms of semantic analysis
performed on non-SPARK code.
&#8226; SPARK code was found to have only
10 percent of the residual errors of
full Ada; Ada was found to have only
10 percent of the residual errors of
code written in C. This is an interesting
counter to those who maintain that
choice of programming language does
not matter, and that critical code can
be written correctly in any language:
The claim may be true in principle but
clearly is not commonly achieved in practice.&#8221;

from http://www.sparkada.com/downloads/Mar2002Amey.pdf

Unless you are prepared to demonstrate that C++ is 10 (ref. full Ada)
to 100 (ref. SPARK Ada) times safer than C, the only reasonable
conclusion is that C++ is indeed "worse."  BTW, I imagine that the C
code in question was already based on a "safe subset" of the C
language, so that's what you'd need to show improvment over.

Mike