From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: Paul M Gover Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/24 Message-ID: <33D71492.6F06@uk.ibm.com>#1/1 X-Deja-AN: 258485167 References: <33CD1722.2D24@calfp.co.uk> <33D24C91.C9730CBA@munich.netsurf.de> Organization: IBM Warwick Development Group Reply-To: Paul_Gover@uk.ibm.com Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-24T00:00:00+00:00 List-Id: Joachim Durchholz wrote: > ... > Now *that* sounds bogus to me. The code should execute in exactly the > same way, wether assertions are turned on or off. If you don't have > enough confidence in the compiler to generate code that runs correctly, > why do you use a compiler at all? > ... (Sorry if I''m about to repeat an earlier part of this discussion - I've not followed this thread in detail,) By definition, the code executes differently depending on whether asserions are turned on or off - because the assertion checking _is_ code! In particular, there's likely to be some memory management going on in an OO system. Two possibilities: we could run out of memory in the assertion, or the memory management might take too long for some critical signal. (And to direct a slight breeze towards some other embers, it doesn't make a difference if the OO system uses garbage collection or not; as Chamond Liu pointed out (see http://www.browsebooks.com/Liu/Chapter16.html), garbage collectors tend to have predictable allocation times and unpredictable free (ie, collection) times, whereas heap allocation tends to have unpredictable allocation times and predictable free times; garbage collection systems have to search storage at collection time, and heaps search at allocation time.) I currently support a program where switching the diagnostic trace on breaks part of the user interface (since the program's correct, I don't need to trace, so I don't need to fix the bug!?!). This one is definitely an application fault, nothing to do with the compiler. -- Paul Gover IBM Warwick Development Group Mumbling for myself, not IBM