From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-12-24 08:50:45 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!kibo.news.demon.net!news.demon.co.uk!demon!phaedsys.demon.co.uk!chris From: Chris Hills Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems Date: Wed, 24 Dec 2003 16:46:19 +0000 Organization: Phaedrus Systems Message-ID: <45cs9hAbLc6$EAAx@phaedsys.demon.co.uk> References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com> <2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com> <20619edc.0312221020.3fd1b4ee@posting.google.com> <20619edc.0312222106.3b369547@posting.google.com> NNTP-Posting-Host: phaedsys.demon.co.uk Mime-Version: 1.0 X-Trace: news.demon.co.uk 1072284641 28407 80.176.226.26 (24 Dec 2003 16:50:41 GMT) X-Complaints-To: abuse@demon.net NNTP-Posting-Date: Wed, 24 Dec 2003 16:50:41 +0000 (UTC) X-Newsreader: Turnpike Integrated Version 5.01 M <7y9ouFdz6gbBVVTek6rkWKl0do> Xref: archiver1.google.com comp.arch.embedded:6068 comp.lang.ada:3781 Date: 2003-12-24T16:46:19+00:00 List-Id: In article <20619edc.0312222106.3b369547@posting.google.com>, Mike Silva writes > >Some more interesting reading (note that MISRA acknowledges that there >are better languages than C for safety-critical work): That will change. >http://www.sparkada.com/downloads/misracatsil4reader.pdf Praxis has a vested interest in not letting C be used for SIL 4 BTW slide 3 is erroneous. slide 5 is also erroneous. AFAIK Praxis are not "involved" with MISRA-C they may have been some years ago in the original version but much work has been done since then. AFAIK they have not taken much, if any part, in this. AFAIK they did not make their SPADE C results available to the MISRA-C working group who for the last 3 years have been working on MISRA-C2. Praxis don't have a unique view of MISRA-C. They are one of many who were involved in MISRA-C1. They are not one of the main companies who were promoting and working with it in the last 5 years. Slide 6 is interesting. The quotes are out of context and misleading. The Praxis presentation is clearly written with a (commercial) axe to grind. I was at the MISRA-C 2002 forum. In fact I did one of the presentations that has been misquoted.... As it goes on they rubbish C and surprise surprise come up with a solution that is their tools.... :-) The Ada (tools) community must be rattled if it needs to spend time trying to rubbish MISRA-C. Perhaps it is just sour grapes as they no longer push a MISRA-C tool? Since the 2002 meeting MISRA-C2 has been reviewed by the SAE and JSAE several major automotive companies, aerospace companies, also members of WG14 the ISO-C panel and met with approval. MISRA-C2 will be available at the end of Q1 2004 >This document has a table of language recommendations (search for >"Language Recommendations (IEC 1508)" ). C is only recommended for >SIL1, while it is not recommended for SIL3 and SIL4: > >https://www.cis.strath.ac.uk/teaching/ug/classes/52.422/programming.languages.do Yet C is used in some of the highest integrity systems around. Other languages that are recommended hardly exist and certainly not on many platforms. Empirical evidence and a glance at 61508 may require a change in the table D2.... BTW table D2 in the lecturers notes is NOT in 61598. In CEI/IEC 61508:1998 Part 7 Table C1 (page 79), yes I do have my own copy of 61508, all 7 parts. We find a similar table to "D2" above: Sil1 Sil2 Sil3 Sil4 Ada HR HR R R ADA (subset) HR HR HR HR C R - NR NR as expected BUT C (subset, codinng standard and static analysis) HR HR HR HR So whilst straight ADA *is* better than vanilla C. No one would debate that! Spark ADA is no better than C with a subset, coding standard and using static analysis.... IE much the same constraints as SPARK ADA has over ADA... I know of projects using C in Railway, space, aero and medical projects. PASCAL and Mod2 are mentioned but you will be hard pressed to find tool for these for many targets. BTW is there ADA for the PIC, AVR and 8015? I come back to my comment previously that the ADA tools vendors must be worried if they are spending this much effort trying to rubbish MISRA-C which is an automotive guide. Though it has gained widespread use outside the automotive industry due to those involved with it. Regards Chris /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/\ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/