From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc9bd88290383e6f X-Google-Attributes: gid103376,public From: Jim Chelini Subject: Re: C++ Should not be used for Medical Devices Date: 1997/01/23 Message-ID: <32E788E5.6009@east.thomsoft.com>#1/1 X-Deja-AN: 212074580 sender: news@thomsoft.com references: <3.0.32.19970119225145.006fce98@mail.4dcomm.com> <01bc06d4$04745ee0$198c71a5@dhoossr.iquest.com> content-type: text/plain; charset=us-ascii organization: Thomson Software Products mime-version: 1.0 newsgroups: comp.lang.ada x-mailer: Mozilla 2.0 (Win95; I) Date: 1997-01-23T00:00:00+00:00 List-Id: David C. Hoos, Sr. wrote: > > Dr. Robert Leif wrote in article > <3.0.32.19970119225145.006fce98@mail.4dcomm.com>... > The best help you can get from Comp.Lang.Ada, where this appeared, is not > how to find the best C++ Debugger; but, the simple statement, Try Ada 95. > > Date: Thu, 16 Jan 1997 22:22:29 -0500 > From: Macarthur Drake > Subject: Help you C++ Debuggers! > > I am in the mist of completing a major piece of code in C++. However I > keep comming across a particularly difficult bug. Can you help? > > I am simply trying to declare a three D array: > > float objects[9000][10][10]; > > Hi Macarthur, > > I cannot agree too strongly with Robert Leif that you should use Ada95 for > safety-critical systems. > > However, there is one aspect of the problem -- i.e., the runtime > segmentation faults which could happen even with Ada, since you are > declaring the variable on the stack, or in the static data segment of your > program (you didn't provide enough context to show which). The size of > your array amounts to 3,600,000 bytes and could be more than is allowed by > the default stack size of your program. > > Dynamic allocation (as you suggest) is the solution to the run-time > problem. > When it comes to safety critical software, I would certainly agree with the use of Ada. However, I would avoid a number of features including tasking and dynamic allocation. In the cases where a life is at risk whether it is a medical device, aircraft, or a rail system, stick to deterministic constructs. Once the program has completed elaboration, it should not perform dynamic operations. Also, make sure the run-time is developed, documented, and TESTED to the same degree as the application. If you don't, you have left a very large hole in the system. This limits some of the more interesting features of the language, but the goal is to develop a safe system. Jim Chelini jchelini@aonix.com > E.g., in C/C++ you could write: > #define DIM_1 9000 > #define DIM_2 10 > #define DIM_3 10 > void main (void) > { > float * * * objects; > objects = malloc ( > DIM_1 * DIM_2 * DIM_3 * sizeof (float) > ); > exit (0); > } > > Or in Ada, you could write > procedure Macarthur is > Dim_1 : constant Natural := 9000; > Dim_2 : constant Natural := 10; > Dim_3 : constant Natural := 10; > type Object_Array_Type is > array (0 .. Dim_1 - 1, 0 .. Dim_2 - 1, 0 .. Dim_3 - 1) of Float; > type Object_Array_Access_Type is access Object_Array_Type; > Objects : Object_Array_Access_Type := new Object_Array_Type; > begin > null; > end Macarthur; > > In Ada you would raise an exception any time you attempted to access > outside the array. > > As to why the compile-time failures, it's difficult to say without knowing > the compiler/platform, but maybe it's because the compiler is written in C? > > Hope this helps > > -- > David C. Hoos, Sr., > http://www.dbhwww.com > http://www.ada95.com >