From: kaz@vision.crest.nt.com (Kaz Kylheku)
Subject: Re: Not intended for use in medical devices
Date: 1997/05/05
Date: 1997-05-05T00:00:00+00:00 [thread overview]
Message-ID: <5kl8g4$fcb@bcrkh13.bnr.ca> (raw)
In-Reply-To: 3.0.32.19970504232023.006f5c8c@mail.4dcomm.com
In article <3.0.32.19970504232023.006f5c8c@mail.4dcomm.com>,
Robert C. Leif, Ph.D. <rleif@RLEIF.COM> wrote:
><<I have very strong reservations about reviewing object code. Although
>configuration management tools could be configured to prevent changes in
>the object code, I believe that there would be a very strong temptation for
>some of the programmers to hand optimize the object code.>>
This is unlikely. Perhaps if assembly language output were available from the
compiler there might be a temptation. Would such an optimization effort
go unnoticed?
Secondly, it's not clear how the review process affects the temptation. Those
programmers who are likely to be tempted into modifying assembly language or
even object code will probably carry that temptation with or without the object
code review.
At some point you have to trust that your programmers can overcome temptations.
Even if someone optimizes object code, how will that go unnoticed in an
organized project? The only way for those optimizations to become a permanent
part of the project, rather than just a patch for a single build, is if
assembly language is incorporated into the source tree.
I agree with R. Dewar: your concerns are misplaced, and don't make a good case
for avoiding inspections of the object code. In a safety critical system, an
incorrect translation of a correct program could lead to death, injury or
property damage. There is no other way to catch this sort of error except to
compile the code and then inspect the results of the translation.
In some ways, this could make somewhat of a case for using assembly language in
the first place, since in the process of reviewing object code, you have to
acquire an understanding of the program at the machine language level anyway.
I can at least appreciate where this extreme viewpoint is coming from.
How many of Ada's advantages over something like C are still relevant when you
have to inspect the object code instruction by instruction?
next prev parent reply other threads:[~1997-05-05 0:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-05-04 0:00 Not intended for use in medical devices Robert C. Leif, Ph.D.
1997-05-05 0:00 ` Kaz Kylheku [this message]
1997-05-06 0:00 ` Robert Dewar
1997-05-06 0:00 ` Kaz Kylheku
1997-05-12 0:00 ` Ken Garlington
1997-05-06 0:00 ` Michael F Brenner
1997-05-06 0:00 ` Kaz Kylheku
1997-05-07 0:00 ` Robert Dewar
1997-05-08 0:00 ` Matthew Heaney
1997-05-10 0:00 ` Robert Dewar
1997-05-14 0:00 ` Richard Kenner
-- strict thread matches above, loose matches on Subject: below --
1997-05-03 0:00 Robert C. Leif, Ph.D.
1997-05-03 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox