Re: Ada safety road Was: Which is right ...

[jpt@diphi.demon.co.uk (JP Thornley)]

In article: <37682F64.59E2@lmco.com>  William Dale 
<william.dale.jr@lmco.com> writes:

[with reference to the HRG Guidance)
> I hope the document covers the system trade-offs of going through
> such rigorous and costly certifications when a simple hardware addition 
> would make the system safe.  

Well, since I said that:
"The Guide is _aimed at_ producers of high integrity software, where the
 software supplier is (usually) required to demonstrate the integrity of
 the software",
it is difficult to see why anyone would expect to see discussions of 
system safety and the choice of hardware solutions in the Guide.

> 
> Too often the software effort is forced to shoulder the entire 
> burden of system safety.  Gutting language features to make software 
> certifiable is often coupled with irrational fear of new features 
> and technology. 

The Guide makes no recommendations based on the newness of language 
features. What it does is to analyse the interaction between the 
verification techniques used for software and the features of Ada 95, 
pointing out those language features that will make each technique 
either difficult or impossible to apply.

> 
> Many times it still does not make for a "safe" system. When safety 
> certified applications sit on top of untested operating systems 
> and amidst other COTS applications disaster is possible, 
> maybe probible. 

But surely no application can be certified other than as part of 
a complete system - which must include the operating system/other COTS 
components.

Safety is an attribute of a system, never of software.

> 
> Bill Dale 
> 
> 

Phil Thornley
-- 
------------------------------------------------------------------------
| JP Thornley    EMail jpt@diphi.demon.co.uk                           |
|                      phil.thornley@acm.org                           |
------------------------------------------------------------------------