From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_20,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,d1df6bc3799debed
X-Google-Attributes: gid103376,public
From: John Apa <japa@DIE_SPAMMER.dasd.honeywell.com>
Subject: Re: Not intended for use in medical,
Date: 1997/04/28
Message-ID: <3364C8EC.4879@DIE_SPAMMER.dasd.honeywell.com>#1/1
X-Deja-AN: 237940813
References: <3.0.32.19970423164855.00746db8@mail.4dcomm.com>
Organization: Honeywell DASD
Newsgroups: comp.lang.ada
Date: 1997-04-28T00:00:00+00:00
List-Id: <comp.lang.ada>


Robert C. Leif, Ph.D. wrote:
> 
> To: Tim Behrendsen, Kaz Kylheku et al.
> From: Robert C. Leif, Ph.D.
> Vice President Ada_Med
{snip}
> 
> This quote may provide an excellent opportunity in the medical device
> business, which is NOT puny.  My question is, Does validation of an Ada
> compiler on a platform provide significant evidence that the processor
> produces valid object code?  Would any of the other Ada test suites help?
> I deliberately used the word significant rather than sufficient.  If anyone
> knows how to prove sufficiency, I would also like a comment.  Any other
> suggestions that would permit realistic development of medical devices
> would be appreciated.
> 

If it were me designing life support systems for medical use I'd:
Make use of Appendix H (Safety and Security) in Ada95.
Review the object code.
And then test the hell out of it like my life depended on it.

Ada95 provides wonderful tools, but it is still up to the engineer to
make sure the fnal product does what it is supposed to do.


-- 
***********************************
Standard Disclaimers Apply
John Thomas Apa
Replace "DIE_SPAMMER" with "delphi" to email.
Honeywell Defense Avionics Systems
Albuquerque, New Mexico.
***********************************