From: Ken Garlington <GarlingtonKE@lfwc.lockheed.com>
Subject: Re: Computer beats Kasparov
Date: 1996/02/26
Date: 1996-02-26T00:00:00+00:00 [thread overview]
Message-ID: <3131C32A.391C@lfwc.lockheed.com> (raw)
In-Reply-To: dewar.825305853@schonberg
Robert Dewar wrote:
>
> "As long as generated code is identical each time you compile the same
> code, it doesn't matter if the code generator uses AI. We use an Ada
> compiler to generate safety critical embedded SW and have seen
> code generation errors with code generators using common optimization
> techniques."
>
> Well the issue of whether the code generator "uses AI" (whatever the
> heck that might mean) is a red herring.
>
> The issue is whether the code generated is "reviewable" in the sens
> of annex H of the RM. Achieving reviewability may involve inhibiting
> some optiizations (regardless of how they are done).
I think what Mike was trying to say was that using extremely complex
optimization techniques -- including, possibly, using AI-type heuristics --
to try to capture the process by which experienced programmers generate
"tight" assembly code would not necessarily be a problem from a safety-critical
standpoint. Assuming that Reviewable would give you information to understand
the relationship of the generated object code to the source (which is what
I expected it to do), then such advanced optimizations may be tolerable in
safety-critical applications.
This assumes, of course, that the Ada toolset generates the same code given the
same initial conditions (a set of source code compiled in some determinable
and consistent order, I guess). The task would be more complicated if, for
example, the toolset "learns" with each compilation, such that compiling the
same code six months later generates "tighter" but possibly incorrect code.
The bottom line is that we don't usually know exactly how the toolset does
optimizations, and don't care (within some limits). We assume that we will
have to validate the resulting code, using Reviewable and other
techniques, to assure its reliability and safety regardless.
The key phrase with respect to disabling optimizations, from the Rationale:
"...some optimizations could be disabled when the pragma Reviewable is in
force, rather than enhancing the compiler to meet the requirements with full
optimization." With Ada 83, we pay to get these "enhancements," and I suspect
that we will continue to do so with Ada 95. As a result, we would not disable
optimizations to get reviewable code. After all, safe code that won't fit in
the box is a little _too_ safe for our needs!
next prev parent reply other threads:[~1996-02-26 0:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4g29e2$ea0$1@mhadg.production.compuserve.com>
1996-02-17 0:00 ` Computer beats Kasparov Cordes MJ
1996-02-24 0:00 ` Tore Joergensen
1996-02-26 0:00 ` Cordes MJ
1996-02-25 0:00 ` Robert Dewar
1996-02-26 0:00 ` Ken Garlington [this message]
1996-02-26 0:00 ` Cordes MJ
1996-02-27 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox