From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,d1df6bc3799debed X-Google-Attributes: gid103376,public From: John Apa Subject: Re: Not intended for use in medical, Date: 1997/04/30 Message-ID: <3367CE1E.5ED1@DIE_SPAMMER.dasd.honeywell.com>#1/1 X-Deja-AN: 238586112 References: <3.0.32.19970423164855.00746db8@mail.4dcomm.com> <3364C8EC.4879@DIE_SPAMMER.dasd.honeywell.com> <5k5ifi$8db@bcrkh13.bnr.ca> Organization: Honeywell DASD Newsgroups: comp.lang.ada Date: 1997-04-30T00:00:00+00:00 List-Id: Kaz Kylheku wrote: > > In article , Robert Dewar wrote: > >John said > > > >< >Make use of Appendix H (Safety and Security) in Ada95. > >Review the object code. > >And then test the hell out of it like my life depended on it.>> > > > >This sounds like depending on testing too much, and on formal methods > >too little -- there is a balance sure, but the above seems unbalanced. > > Reviewing the object code is (or can be) a formal method. Maybe the > use of the word ``hell'' shifts the perception of balance. :) Yes, perhaps I added emphasis to the wrong part. Formal methods are a great thing if you can get everyone to follow them. To me it seems as if many people talk about it yet few actually follow it. This is bad. A team using a well defined and accepted development process and formal methods can do great things. But it only takes one of the team to "just make a quick fix" and then the fun begins. In any case if my life depended on it, I would still test it beyond what many would consider "acceptable". I have slipped my own schedules in order to do a little extra testing or desk checking when I (or others) felt it was required for safety (life and/or data) purposes. I think we owe our end users that, especially the ones who trust our work to keep their planes in the air. To bad MS didn't feel that way about their products. > > It's a pity that this discussion was confined to comp.lang.ada, because I > missed a lot of it, even though I sparked it with quote from the Intel > document. > snipped a good example -- *********************************** Standard Disclaimers Apply John Thomas Apa Replace "DIE_SPAMMER" with "delphi" to email. Honeywell Defense Avionics Systems Albuquerque, New Mexico. ***********************************