From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a3ca574fc2007430 X-Google-Attributes: gid103376,public X-Google-Thread: 115aec,f41f1f25333fa601 X-Google-Attributes: gid115aec,public From: George Romanski Subject: Re: Ada and Automotive Industry Date: 1996/12/03 Message-ID: <32A46EE6.82F@east.thomsoft.com>#1/1 X-Deja-AN: 202145058 sender: news@thomsoft.com references: <55ea3g$m1j@newsbf02.news.aol.com> <3280DA96.15FB@hso.link.com> content-type: text/plain; charset=us-ascii organization: Thomson Software Products mime-version: 1.0 newsgroups: comp.lang.ada,comp.realtime x-mailer: Mozilla 2.0 (Win95; I) Date: 1996-12-03T00:00:00+00:00 List-Id: Chris Hills wrote: > > In article , Robert Dewar > writes > >Chris says > > > >"I am ammussed by the comment "for saftey reasons" ADA is no safer than > >any other language. It is only safer in theroy. It depends on the > >standard of the compilers and tools etc. The quality of a compiler and the associated tools are an important factor. There are however no "Qualified" compilers that I am aware of. (DO-178B definition of Development tool qualification) so verification must be performed on the result of the compilation process. There are "Qualified" verification tools, and indeed under FAA (JAA in Europe) a verification tool must be qualified before it can be used in testing for credit. There are Qualified Ada verification tools, there may be some for C but I don't know of any. > >--snip > > >Chris says > >>"I was once told to use Modula 2 because it was "safe" It turned out > >>that the compiler suite had been written in Intel assembler > >>(supposedly a very unsafe language) and was full of bugs! In the end --snip > > I may not understand "AT ALL the concept of saftey in the design of a > language" but my sw has to run and work without error day in day out. > (My current Sw when finished is expected to run for 15 years from switch > on (24 hours a day) with down time of 15 min a year for planned > upgrades). The last system I did (also in C) has run for 2 years without > problems. Look in the safety guidelines and standards for software. IEC 1508 (current Draft) says subsets of Modula, Pascal and Ada are Highly recommended for systems at all integrity levels. C and subsets of C are not. MISRA guidelines - "Motor Industry Software Reliability Association" Report 1: "Some safetycritical software pundits deprecate the use of C due to its poor IOS definition resulting in many aspects of the language being undefined, unspecified or implementation specific. In these aspects it is vieved as being weaker than assembler. Languages recommended for high integrity applications are ISO Pascal subset, Modula-2 subset or Ada subset." > > The Ariane 5 rocket had Ada Sw (a "Safe" language) and crashed after 39 > seconds (a bit of a red herring as Ada was not directly to blame and the > same could have been done in C or Mod2) SO what is the excuse here? the > Sw team did not understand the use of the language? If it is that hard > to use and that easy to miss use it is unsafe in practice. It was a system design/reuse error. The exception was triggered correctly, handled correctly ont the first computer and had inappropriate code in the handler of the second computer. Note that in C it would not have been detected in the first place. > > As I repeatedly say the theory is fine (it's what accademics are good at > :-) but is it safe in practice? Ada is safe in practice. Having been involved with the development and verification of Nuclear Shut-down systems, Flight control systems, automatic brake control systems and so on I understand the requirements of software verification and the costs associated with demonstrating this to the certification authorities. I feel confident of this with Ada, verifying C code scares me silly. George Romanski Director Safety Critical Software Aonix.