From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,7a58195927ccb785,start X-Google-Attributes: gid103376,public From: "Robert C. Leif, Ph.D." Subject: Re: Not intended for use in medical devices Date: 1997/05/03 Message-ID: <3.0.32.19970503111453.007174bc@mail.4dcomm.com>#1/1 X-Deja-AN: 239145487 Sender: Ada programming language X-Sender: rleif@mail.4dcomm.com Comments: To: Kaz Kylheku Newsgroups: comp.lang.ada Date: 1997-05-03T00:00:00+00:00 List-Id: To: Kaz Kylheku et al. From: Bob Leif, Ph.D. Ada_Med I have very strong reservations about reviewing object code. Although configuration management tools could be configured to prevent changes in the object code, I believe that there would be a very strong temptation for some of the programmers to hand optimize the object code. This would result in having to maintain the object code, which would be very expensive. I must emphasize that the skill level of most of the readers of Comp.Lang.Ada is much higher than that of most medical device programmers. The obvious proof of this statement is that most medical device software is programmed in C or C++. What other newsgroups do you propose posting medical software discussions? ---------------------------------------------------------------------------- ------ Kaz Kylheku wrote Date: Tue, 29 Apr 1997 19:34:10 GMT From: Kaz Kylheku Subject: Re: Not intended for use in medical, In article , Robert Dewar wrote: >John said > ><Make use of Appendix H (Safety and Security) in Ada95. >Review the object code. >And then test the hell out of it like my life depended on it.>> > >This sounds like depending on testing too much, and on formal methods >too little -- there is a balance sure, but the above seems unbalanced. Reviewing the object code is (or can be) a formal method. Maybe the use of the word ``hell'' shifts the perception of balance. :) It's a pity that this discussion was confined to comp.lang.ada, because I missed a lot of it, even though I sparked it with quote from the Intel document. Reviewing object code is important. I do it all the time, no matter what langauge I'm using. Compiler bugs do exist; I have discovered a few in GNU C. (just read gnu.gcc.bug over some time and you will see). SNIP ---------------------------------------------------------------------------- ---------------------