From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-12-28 07:51:57 PST Path: archiver1.google.com!news2.google.com!newsfeed2.dallas1.level3.net!news.level3.com!crtntx1-snh1.gtei.net!news.gtei.net!chcgil2-snh1.gtei.net!news.bbnplanet.com!wn13feed!worldnet.att.net!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail Message-ID: <3FEEE0ED.468933FD@yahoo.com> From: CBFalconer Reply-To: cbfalconer@worldnet.att.net Organization: Ched Research X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com> <2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com> <20619edc.0312221020.3fd1b4ee@posting.google.com> <20619edc.0312222106.3b369547@posting.google.com> <45cs9hAbLc6$EAAx@phaedsys.demon.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 28 Dec 2003 15:51:57 GMT NNTP-Posting-Host: 12.76.138.11 X-Complaints-To: abuse@worldnet.att.net X-Trace: bgtnsc05-news.ops.worldnet.att.net 1072626717 12.76.138.11 (Sun, 28 Dec 2003 15:51:57 GMT) NNTP-Posting-Date: Sun, 28 Dec 2003 15:51:57 GMT Xref: archiver1.google.com comp.arch.embedded:6225 comp.lang.ada:3887 Date: 2003-12-28T15:51:57+00:00 List-Id: Peter Amey wrote: > Chris Hills wrote: > > writes > > > >> Some more interesting reading (note that MISRA acknowledges that > >> there are better languages than C for safety-critical work): > > ... snip ... > > Wrong. We did. Unfortunately the rather stern view we took of > what was needed to make C fully-analyseable (basically, a Pascal > subset in C syntax) was not seen as being compatible with the > apparent aim of the comittee: as much C as possible with the > minimal restrictions needed to plug the biggest holes. This may be just as well, since IMO part of the C problem is the extreme reuse and terseness of tokens and the perverse precedence rules. No language can be proof against errors, it can only supply extra redundancy and increase the likelihood of detection at compile time or detection at run time via appropriate checks. Unfortunately the latter will always require a means of disablement, and the psychology of programmers is such that that will be used unnecessarily. > ... snip ... > > We don't rubbish C. We rubbish magic where logic is to be > preferred. We have well-articulated reasons for saying that C is > not well suited for constructing high-integrity systems. The > proponents of C for this purpose never seem to present their > reasons. All we ever hear are: "there are lots of C programmers > around"; "we only ever employ the best people and they don't > make those kinds of mistakes"; and, the falsehood, "C, with > suitable support tools, is as good as anything else". Again, I consider splint annotatated C to be another language, with an even more unnatural syntax. Also, the best people DO make those kinds of mistakes, and I present myself as evidence. Unfortunately many of the best programmers are somewhat sot in their ways, and will reach for the C system as opposed to learning an Ada or Pascal system, just as not too long ago they reached for the assembler rather than learn Fortran, PL/I, Pascal, or C. Availability also has a hand in here. I consider the ideal mixture for embedded systems to be a combination of assembly, C, and Pascal. The result can be trimmed down to the abilities of highly incapable hardware, and yet can be made mutually compatible. I think (and I am willing to be corrected) that Ada cannot be trimmed substantially and still be Ada, and even if it can the extra verbiage will deter users. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address!