From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,74b55538385b7366 X-Google-Attributes: gid103376,public From: jpt@diphi.demon.co.uk (JP Thornley) Subject: Re: Ada safety road Was: Which is right ... Date: 1999/06/19 Message-ID: <436250085wnr@diphi.demon.co.uk>#1/1 X-Deja-AN: 491395475 X-Mail2News-Path: news.demon.net!tele-post-20.mail.demon.net!diphi.demon.co.uk References: <928083159.436.79@news.remarQ.com> <928174549.336.98@news.remarQ.com> <7iuqkc$ln6$1@nnrp1.deja.com> <928529202.956.79@news.remarQ.com> <928569312.951.42@news.remarQ.com> <7jb1l9$694$1@nnrp1.deja.com> <928703068.617.98@news.remarQ.com> <375F6F0B.AD735B5B@praxis-cs.co.uk> <7jo1d2$kno$1@pegasus.csx.cam.ac.uk> <929128919.557.95@news.remarQ.com> <7jsdkf$v3p$1@nnrp1.deja.com> <489533776wnr@diphi.demon.co.uk> <37682F64.59E2@lmco.com> X-Trace: mail2news.demon.co.uk 929791515 mail2news:4929 mail2news mail2news.demon.co.uk Organization: None Reply-To: jpt@diphi.demon.co.uk Newsgroups: comp.lang.ada X-Complaints-To: abuse@demon.net Date: 1999-06-19T00:00:00+00:00 List-Id: In article: <37682F64.59E2@lmco.com> William Dale writes: [with reference to the HRG Guidance) > I hope the document covers the system trade-offs of going through > such rigorous and costly certifications when a simple hardware addition > would make the system safe. Well, since I said that: "The Guide is _aimed at_ producers of high integrity software, where the software supplier is (usually) required to demonstrate the integrity of the software", it is difficult to see why anyone would expect to see discussions of system safety and the choice of hardware solutions in the Guide. > > Too often the software effort is forced to shoulder the entire > burden of system safety. Gutting language features to make software > certifiable is often coupled with irrational fear of new features > and technology. The Guide makes no recommendations based on the newness of language features. What it does is to analyse the interaction between the verification techniques used for software and the features of Ada 95, pointing out those language features that will make each technique either difficult or impossible to apply. > > Many times it still does not make for a "safe" system. When safety > certified applications sit on top of untested operating systems > and amidst other COTS applications disaster is possible, > maybe probible. But surely no application can be certified other than as part of a complete system - which must include the operating system/other COTS components. Safety is an attribute of a system, never of software. > > Bill Dale > > Phil Thornley -- ------------------------------------------------------------------------ | JP Thornley EMail jpt@diphi.demon.co.uk | | phil.thornley@acm.org | ------------------------------------------------------------------------