From: Ken Garlington <garlingtonke@lfwc.lockheed.com>
Subject: Re: Ada Core Technologies and Ada95 Standards
Date: 1996/04/03
Date: 1996-04-03T00:00:00+00:00 [thread overview]
Message-ID: <31623F5E.4EAE@lfwc.lockheed.com> (raw)
In-Reply-To: dewar.828492539@schonberg
Robert Dewar wrote:
>
> But maybe I am mistaken, are you in fact using formal specifications,
> and formal methods to guarantee the correctness of the software,
> reasoning at the generated code level (this is normal procedure
> for safety critical software).
Well, not for DoD software! MIL-STD-882B says nothing about formal
reasoning. My reading of DO-178A says it can be used, but doesn't
appear to assume it is "normal procedure" by any stretch.
Not that I'm saying formal reasoning _shouldn't_ be normal procedure,
but I suspect that, at least in the U.S., it's not used to the extent
you imply.
> Obviously any customer demands proof at some level that the software
> meets all the requirements, but the standards of proof vary a lot,
> from an essentially informal testing process to a rigorous formal
> demonstration of correctness.
And I went to the trouble to agree with you that you could not prove the
correctness of software. Rats, misled again! :)
But seriously, since you appear to accept the use of the phrase "proof at
some level" as a reasonable phrase, let's return to what I think was the
topic at hand: What should be a reasonable minimum "standard of proof" for
the quality of an Ada compiler: a commercial product, but one that is often
advertised as suitable for use in building high-integrity software?
So far, you've mentioned that:
1. The ACVC is not an adequate standard of proof, because of inherent
limitations of a general certification test suite. I'm not sure I fully
accept that rationale, but as we've already agreed, you're far more
knowledgeable of the ACVC than I, so I'll have to bow to your expertise.
2. The real standard of proof should come from the actions of the individual
vendors. In particular, you said that GNAT has a development and test
process, and that this process was probably common to other vendors.
I requested a description of this process. Is this an unreasonable demand
from potential customers like Mr. McCabe and myself? I know that any
potential customer can ask for my company's process at any time (in fact,
we have booths at conferences like the Software Technology Conference
_promoting_ our process).
next prev parent reply other threads:[~1996-04-03 0:00 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
1996-03-25 0:00 Ada Core Technologies and Ada95 Standards Kenneth Mays
1996-03-25 0:00 ` Robert Dewar
1996-03-28 0:00 ` John McCabe
1996-03-28 0:00 ` Robert Dewar
1996-03-29 0:00 ` John McCabe
1996-03-29 0:00 ` Robert Dewar
1996-04-01 0:00 ` Ken Garlington
1996-04-01 0:00 ` Robert Dewar
1996-04-02 0:00 ` John McCabe
1996-04-02 0:00 ` Ken Garlington
1996-04-02 0:00 ` John McCabe
1996-04-02 0:00 ` Robert Dewar
1996-04-03 0:00 ` Ken Garlington [this message]
1996-04-04 0:00 ` Robert Dewar
1996-04-04 0:00 ` Ken Garlington
1996-04-05 0:00 ` Robert Dewar
1996-04-10 0:00 ` Ken Garlington
1996-04-02 0:00 ` Robert A Duff
1996-04-10 0:00 ` Robert Dewar
1996-04-10 0:00 ` Robert Dewar
1996-04-12 0:00 ` Philip Brashear
1996-04-12 0:00 ` Robert Dewar
1996-04-15 0:00 ` Tiring Arguments Around (not about) Two Questions Ken Garlington
1996-04-15 0:00 ` Gary McKee
1996-04-16 0:00 ` Ken Garlington
1996-04-17 0:00 ` Kenneth Almquist
1996-04-18 0:00 ` Ada Core Technologies and Ada95 Standards John McCabe
1996-04-19 0:00 ` Robert Dewar
1996-04-22 0:00 ` Ken Garlington
1996-04-22 0:00 ` John McCabe
1996-04-23 0:00 ` Ken Garlington
1996-04-24 0:00 ` Robert Dewar
1996-04-26 0:00 ` Ken Garlington
1996-04-24 0:00 ` John McCabe
1996-04-24 0:00 ` Robert Dewar
1996-04-26 0:00 ` Ken Garlington
1996-04-26 0:00 ` John McCabe
1996-04-26 0:00 ` John McCabe
1996-04-25 0:00 ` Ken Garlington
1996-04-24 0:00 ` Robert Dewar
1996-04-26 0:00 ` Ken Garlington
1996-04-27 0:00 ` Robert Dewar
1996-04-15 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-16 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-02 0:00 ` John McCabe
1996-04-02 0:00 ` Robert A Duff
1996-04-16 0:00 ` John McCabe
1996-04-16 0:00 ` Robert Dewar
1996-04-22 0:00 ` John McCabe
1996-04-23 0:00 ` Ken Garlington
1996-04-24 0:00 ` Robert Dewar
1996-04-26 0:00 ` Ken Garlington
1996-04-27 0:00 ` Robert Dewar
1996-04-29 0:00 ` Cordes MJ
1996-04-29 0:00 ` Robert Dewar
1996-05-06 0:00 ` John McCabe
1996-05-06 0:00 ` Robert Dewar
1996-05-08 0:00 ` John McCabe
1996-05-08 0:00 ` TARTAN and TI Tom Robinson
1996-05-09 0:00 ` Arthur Evans Jr
[not found] ` <Dr46LG.2FF@world.std.com>
1996-05-09 0:00 ` Ada Core Technologies and Ada95 Standards John McCabe
1996-05-07 0:00 ` Mike Cordes
1996-05-07 0:00 ` Mike Cordes
1996-04-10 0:00 ` Robert Dewar
1996-04-15 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-16 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-18 0:00 ` Ken Garlington
1996-03-31 0:00 ` Geert Bosch
1996-04-01 0:00 ` Robert Dewar
1996-04-01 0:00 ` Mike Young
1996-04-03 0:00 ` Robert Dewar
1996-03-29 0:00 ` steved
1996-03-29 0:00 ` Applet Magic works great, sort of Bob Crispen
1996-03-29 0:00 ` Vince Del Vecchio
1996-04-03 0:00 ` Ada Core Technologies and Ada95 Standards Robert I. Eachus
1996-04-03 0:00 ` Ken Garlington
1996-04-04 0:00 ` Robert Dewar
1996-04-04 0:00 ` John McCabe
1996-04-05 0:00 ` Robert Dewar
1996-04-06 0:00 ` Ada validation is virtually worthless Raj Thomas
1996-04-06 0:00 ` Robert Dewar
1996-04-08 0:00 ` Arthur Evans Jr
1996-04-07 0:00 ` Ada Core Technologies and Ada95 Standards John McCabe
1996-04-05 0:00 ` Robert I. Eachus
1996-04-10 0:00 ` Cordes MJ
1996-04-10 0:00 ` Robert Dewar
1996-04-15 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-16 0:00 ` Ken Garlington
1996-04-16 0:00 ` Robert Dewar
1996-04-11 0:00 ` Robert I. Eachus
1996-04-11 0:00 ` Robert I. Eachus
1996-04-19 0:00 ` Laurent Guerby
1996-04-25 0:00 ` Tiring Arguments Around (not about) Two Questions [VERY LONG] Laurent Guerby
1996-04-26 0:00 ` Ken Garlington
1996-04-29 0:00 ` Philip Brashear
-- strict thread matches above, loose matches on Subject: below --
1996-04-01 0:00 Ada Core Technologies and Ada95 Standards Simon Johnston
1996-04-24 0:00 W. Wesley Groleau (Wes)
1996-04-25 0:00 ` Robert Dewar
1996-04-25 0:00 ` Theodore E. Dennison
1996-04-25 0:00 ` Ken Garlington
1996-04-29 0:00 Marin David Condic, 407.796.8997, M/S 731-93
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox