From: "Robert C. Leif, Ph.D." <rleif@RLEIF.COM>
Subject: Re: Not intended for use in medical devices
Date: 1997/05/03
Date: 1997-05-03T00:00:00+00:00 [thread overview]
Message-ID: <3.0.32.19970503111453.007174bc@mail.4dcomm.com> (raw)
To: Kaz Kylheku et al.
From: Bob Leif, Ph.D.
Ada_Med
I have very strong reservations about reviewing object code. Although
configuration management tools could be configured to prevent changes in
the object code, I believe that there would be a very strong temptation for
some of the programmers to hand optimize the object code. This would
result in having to maintain the object code, which would be very
expensive. I must emphasize that the skill level of most of the readers of
Comp.Lang.Ada is much higher than that of most medical device programmers.
The obvious proof of this statement is that most medical device software
is programmed in C or C++. What other newsgroups do you propose posting
medical software discussions?
----------------------------------------------------------------------------
------
Kaz Kylheku wrote
Date: Tue, 29 Apr 1997 19:34:10 GMT
From: Kaz Kylheku <kaz@VISION.CREST.NT.COM>
Subject: Re: Not intended for use in medical,
In article <dewar.862270256@merv>, Robert Dewar <dewar@merv.cs.nyu.edu> wrote:
>John said
>
><<If it were me designing life support systems for medical use I'd:
>Make use of Appendix H (Safety and Security) in Ada95.
>Review the object code.
>And then test the hell out of it like my life depended on it.>>
>
>This sounds like depending on testing too much, and on formal methods
>too little -- there is a balance sure, but the above seems unbalanced.
Reviewing the object code is (or can be) a formal method. Maybe the
use of the word ``hell'' shifts the perception of balance. :)
It's a pity that this discussion was confined to comp.lang.ada, because I
missed a lot of it, even though I sparked it with quote from the Intel
document.
Reviewing object code is important. I do it all the time, no matter what
langauge I'm using. Compiler bugs do exist; I have discovered a few in
GNU C. (just read gnu.gcc.bug over some time and you will see).
SNIP
----------------------------------------------------------------------------
---------------------
next reply other threads:[~1997-05-03 0:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-05-03 0:00 Robert C. Leif, Ph.D. [this message]
1997-05-03 0:00 ` Not intended for use in medical devices Robert Dewar
-- strict thread matches above, loose matches on Subject: below --
1997-05-04 0:00 Robert C. Leif, Ph.D.
1997-05-05 0:00 ` Kaz Kylheku
1997-05-06 0:00 ` Robert Dewar
1997-05-06 0:00 ` Kaz Kylheku
1997-05-12 0:00 ` Ken Garlington
1997-05-06 0:00 ` Michael F Brenner
1997-05-06 0:00 ` Kaz Kylheku
1997-05-07 0:00 ` Robert Dewar
1997-05-08 0:00 ` Matthew Heaney
1997-05-10 0:00 ` Robert Dewar
1997-05-14 0:00 ` Richard Kenner
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox