From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f849b,b8d52151b7b306d2
X-Google-Attributes: gidf849b,public
X-Google-Thread: 103376,a00006d3c4735d70,start
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-12-22 21:06:08 PST
Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: snarflemike@yahoo.com (Mike Silva)
Newsgroups: comp.arch.embedded,comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
Date: 22 Dec 2003 21:06:08 -0800
Organization: http://groups.google.com
Message-ID: <20619edc.0312222106.3b369547@posting.google.com>
References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com>
 <x0%Db.16$_l6.25998@news.uswest.net>
 <3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com>
 <2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com> <bs62ph$giu$1@newshost.mot.com>
 <20619edc.0312221020.3fd1b4ee@posting.google.com>
 <b5feuv06s2nmpakq0o1b7v0kpd450v3eli@4ax.com>
NNTP-Posting-Host: 165.121.195.135
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1072155968 2696 127.0.0.1 (23 Dec 2003 05:06:08
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Tue, 23 Dec 2003 05:06:08 +0000 (UTC)
Xref: archiver1.google.com comp.arch.embedded:5984 comp.lang.ada:3735
Date: 2003-12-22T21:06:08-08:00
List-Id: <comp.lang.ada>

Alan Balmer <albalmer@att.net> wrote in message news:<b5feuv06s2nmpakq0o1b7v0kpd450v3eli@4ax.com>...
> On 22 Dec 2003 10:20:04 -0800, snarflemike@yahoo.com (Mike Silva)
> wrote:
> 
> >"tanya" <tanya.anne@bigpond.com> wrote in message news:<bs62ph$giu$1@newshost.mot.com>...
> >
> >> As for using C, it is a simple language that can be and is used safely by
> >> many people.
> >
> >I think a more interesting question is: given a particular quality of
> >programming talent and fixed amounts of time and money, how will
> >software written in C fare against software written in "better" (as
> >determined by safety-critical industry concensus) languages?  I think
> >the evidence is overwhelming that it will fare quite badly, meaning it
> >will cost more and/or take more time and/or and have more residual
> >errors.
> >
> Sounds interesting. Can you provide references to such evidence,
> obtained under the stated conditions?

I think the Ada and SPARK communities can, which is why I've added
comp.lang.ada to this thread.  For example, here's reference to a
100:1 residual error reduction between C and SPARK, and a 10:1
reduction between C and Ada, with all code having been previously
certified to DO178B level A:

http://www.sparkada.com/downloads/Mar2002Amey.pdf

Some more interesting reading (note that MISRA acknowledges that there
are better languages than C for safety-critical work):

http://www.sparkada.com/downloads/misracatsil4reader.pdf

This document has a table of language recommendations (search for
"Language Recommendations (IEC 1508)" ).  C is only recommended for
SIL1, while it is not recommended for SIL3 and SIL4:

https://www.cis.strath.ac.uk/teaching/ug/classes/52.422/programming.languages.doc

Mike