From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,2c6139ce13be9980
X-Google-Attributes: gidfac41,public
X-Google-Thread: 1108a1,2c6139ce13be9980
X-Google-Attributes: gid1108a1,public
X-Google-Thread: 103376,3d3f20d31be1c33a
X-Google-Attributes: gid103376,public
X-Google-Thread: 109fba,2c6139ce13be9980
X-Google-Attributes: gid109fba,public
X-Google-Thread: 1014db,3d3f20d31be1c33a
X-Google-Attributes: gid1014db,public
X-Google-Thread: f43e6,2c6139ce13be9980
X-Google-Attributes: gidf43e6,public
From: furlos@alumni.rpi.edu (Steve Furlong)
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/07/13
Message-ID: <5qc53v$kb6@alumni.rpi.edu>#1/1
X-Deja-AN: 256745863
References: <ED2MuF.4n6.0.-s@inmet.camb.inmet.com> <ED3E9M.F0u@syd.csa.com.au>
 <33C56F97.1223@gsfc.nasa.gov> <slrn5scda9.3bm.abo@minkirri.apana.org.au>
Organization: Rensselaer Polytechnic Institute, Troy, NY
Newsgroups: 
 comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel,comp.lang.c,comp.lang.c++
Date: 1997-07-13T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <slrn5scda9.3bm.abo@minkirri.apana.org.au>,
Donovan Baarda <abo@minkirri.apana.org.au> wrote:
>[snip heaps of stuff about the evils of dynamic memory allocation in
>safety critical applications, and how to get around it in various
>languages such as turning off the GC!!]
>
>I can't help but think that the reason dynamic memory allocation got such
>a bad rap in the first place was there was no GC in old languages. Turning
>it off seems to me like a step backwards.
>
>Absolute control of memory allocation has been seen as necisary in safety
>critical systems because you need to be sure that you will never run out
>of memory and never write things over each other. 
...

Another reason GC wasn't or isn't used in hard-real-time systems is
because you could never tell when it was going to need a long time to
get or free memory. If your process _must_ check ports every 10 ms,
you can't be waiting half a second for memory compaction.

Modern GC presumably can get around that problem, but the purveyors
presumably can't prove its efficacy and response time to the
satisfaction of the FAA and other safety hard-noses.


Regards,
Steve Furlong