From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 115aec,f41f1f25333fa601 X-Google-Attributes: gid115aec,public X-Google-Thread: 103376,a3ca574fc2007430 X-Google-Attributes: gid103376,public From: wardi@rsd.bel.alcatel.be (Ian Ward) Subject: Re: Ada and Automotive Industry Date: 1996/12/03 Message-ID: <581lj0$dk0@btmpjg.god.bel.alcatel.be>#1/1 X-Deja-AN: 202120559 distribution: world references: <32a442b1.2110383@news.geccs.gecm.com> organization: Alcatel Bell Telephone reply-to: wardi@rsd.bel.alcatel.be newsgroups: comp.lang.ada,comp.realtime Date: 1996-12-03T00:00:00+00:00 List-Id: In article 2110383@news.geccs.gecm.com, andy.ashworth@gecm.com (Andy Ashworth) writes: >FWIW my two-penn'orth on the issue of safety and languages. Safety is >a property of a system, i.e. the combination of software, hardware, >hydraulics, and other bits you can kick. I agree with Chris that the If? What if it is not, or what if the C++ compiler is more faulty than the Ada one. >safety of a language is a moot point if the tool support is buggy but what if tool support is not buggy? - >while the code source file may be "Is" inherently "safer" (i.e. perception >of correctness is higher) for Ada or Modula 2 than for C or C++, when >compiled with buggy tools the safety of the overall system is >degraded. > >Having spent a number of years assessing real industrial safety >critical systems, I have come to the conclusion that the language used >is not an issue; Then I contend that you have not learnt anything, because if nothing else (and I say "if") then software developed using these safe languages is completed quicker, which all things being equal gives engineers more time to look at the potential problem areas. rather, it is how it is used that can significantly >affect the ultimate safety levels. How the language is used is one >function of management and IMHO it is weak management that is the "Greatest threat" perhaps, but not the only threat. >greatest threat to public safety where software is concerned and not >the use of a language with weak semantics. I believe that ADA, Modula >2 and other so called safe languages can? can produce and unsafe result >just as the unsafe languages like C can? can be used to produce a safe >system. > >#define rant=off > >Andy Ashworth > >Senior Software Safety Engineer > >Opinions are mine and not GEC's - they don't pay me enough to make >policy! > Yes... I love the use of this word "can". this is the second time within a month I have heard this argument. You get to hear it all the time from systems analysts. "I know that Ada is safer than X | better for big systems | etc., but... pick one [design is [just as | more] important, if a design is faulty, then the software will not meet it's functional requirements, thereofre it is alright to use X | requirements are [just as | more] important, if the requirements are ambiguous, then the design is likely to be faulty therefore we can use X | testing is [just as | more] important, if the software is untested, the software is bound to have bugs, therefore, as we are going to test it, we can use X.] A software lifecycle, is not like a rope, where if you have one particular strand (such as design) all the rest of the strands just need to be average. A software lifecycle is just like a chain, it is as weak as the weakest link, you can have the greatest design in the world, but if you go and code your 12 million line system, in some crap language, that was never meant for big system design, then you get what you deserve. The argument gets worse, it goes on, "there is no evidence to indicate that X is any worse than Ada" so you respond with "How many companies have the money to do parallel developments just to get the metrics? (Hopefully, Tickit shall reveal some embarassing home truths in future years.) " You then get a plethora of sentences with "could", "can" and "should" in. Software "could" be written in any language. It "should" be possible to do big systems work in X. Errors "can" occur with any language, or tool, or hardware... Yes, I say, "any language". Their argument is rather like saying, I am not going to wear a crash helment, because my motor cycle has no seat belt. If I have an accident I am going to get hurt anyway. I respectfully disagree with your point Andy, completely. --- Ian Ward's opinions only : wardi@rsd.bel.alcatel.be