From: Jim Chelini <jchelini@east.thomsoft.com>
Subject: Re: C++ Should not be used for Medical Devices
Date: 1997/01/23
Date: 1997-01-23T00:00:00+00:00 [thread overview]
Message-ID: <32E788E5.6009@east.thomsoft.com> (raw)
In-Reply-To: 01bc06d4$04745ee0$198c71a5@dhoossr.iquest.com
David C. Hoos, Sr. wrote:
>
> Dr. Robert Leif <rleif@RLEIF.COM> wrote in article
> <3.0.32.19970119225145.006fce98@mail.4dcomm.com>...
> The best help you can get from Comp.Lang.Ada, where this appeared, is not
> how to find the best C++ Debugger; but, the simple statement, Try Ada 95.
>
> Date: Thu, 16 Jan 1997 22:22:29 -0500
> From: Macarthur Drake <drake@BME.RI.CCF.ORG>
> Subject: Help you C++ Debuggers!
>
> I am in the mist of completing a major piece of code in C++. However I
> keep comming across a particularly difficult bug. Can you help?
>
> I am simply trying to declare a three D array:
>
> float objects[9000][10][10];
>
> Hi Macarthur,
>
> I cannot agree too strongly with Robert Leif that you should use Ada95 for
> safety-critical systems.
>
> However, there is one aspect of the problem -- i.e., the runtime
> segmentation faults which could happen even with Ada, since you are
> declaring the variable on the stack, or in the static data segment of your
> program (you didn't provide enough context to show which). The size of
> your array amounts to 3,600,000 bytes and could be more than is allowed by
> the default stack size of your program.
>
> Dynamic allocation (as you suggest) is the solution to the run-time
> problem.
>
When it comes to safety critical software, I would certainly agree with the use of Ada.
However, I would avoid a number of features including tasking and dynamic allocation. In the
cases where a life is at risk whether it is a medical device, aircraft, or a rail system, stick
to deterministic constructs. Once the program has completed elaboration, it should not perform
dynamic operations. Also, make sure the run-time is developed, documented, and TESTED to the
same degree as the application. If you don't, you have left a very large hole in the system.
This limits some of the more interesting features of the language, but the goal is to develop a
safe system.
Jim Chelini
jchelini@aonix.com
> E.g., in C/C++ you could write:
> #define DIM_1 9000
> #define DIM_2 10
> #define DIM_3 10
> void main (void)
> {
> float * * * objects;
> objects = malloc (
> DIM_1 * DIM_2 * DIM_3 * sizeof (float)
> );
> exit (0);
> }
>
> Or in Ada, you could write
> procedure Macarthur is
> Dim_1 : constant Natural := 9000;
> Dim_2 : constant Natural := 10;
> Dim_3 : constant Natural := 10;
> type Object_Array_Type is
> array (0 .. Dim_1 - 1, 0 .. Dim_2 - 1, 0 .. Dim_3 - 1) of Float;
> type Object_Array_Access_Type is access Object_Array_Type;
> Objects : Object_Array_Access_Type := new Object_Array_Type;
> begin
> null;
> end Macarthur;
>
> In Ada you would raise an exception any time you attempted to access
> outside the array.
>
> As to why the compile-time failures, it's difficult to say without knowing
> the compiler/platform, but maybe it's because the compiler is written in C?
>
> Hope this helps
>
> --
> David C. Hoos, Sr.,
> http://www.dbhwww.com
> http://www.ada95.com
>
next prev parent reply other threads:[~1997-01-23 0:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-01-19 0:00 C++ Should not be used for Medical Devices Dr. Robert Leif
1997-01-20 0:00 ` David C. Hoos, Sr.
1997-01-20 0:00 ` Ted Dennison
1997-01-23 0:00 ` Jim Chelini [this message]
1997-01-27 0:00 ` Stephen Bull
-- strict thread matches above, loose matches on Subject: below --
1997-01-25 0:00 Dr. Robert Leif
1997-01-26 0:00 ` Matthew Heaney
1997-01-26 0:00 ` Robert Dewar
1997-01-27 0:00 Dr. Robert Leif
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox