Re: Beware: Rep spec on an enumeration type causes code explosion

[Rakesh Malhotra <rakesh.malhotra@safetran.com>]

Matthew Heaney wrote:
> 
> In article <66po35$1a1$1@gte2.gte.net>, Rakesh Malhotra
> <rakesh.malhotra@safetran.com> wrote:
> 
>[snip]
> >
> >Hence type SIGNAL_TYPE is (RED, GREEN);
> >for SIGNAL_TYPE use (RED => 16#00#, GREEN => 16#03#);
> >[snip]
> >Pretty horrible eh ?
> 
> This is a seriously wrong way to build safety-critical software.  As a
> matter of fact, it's a wrong way to build *any* software.  You are quite
> correct in pointing out that it is "pretty horrible."

It may be a wrong way of building safe software but it (seems to be ?)
is not uncommon.  I know of and have worked in 3 different companies in
3 different countries who have chosen to implement their enumeration
types this way. And successfully.  1 project was in Pascal and 3 in Ada
and all did it the same way for enum types.

Just as an aside safety can be implemented on a project in many
different ways.  One of the best ways is to implement safety as high up
in the system as possible - so maybe one chooses a diverse or redundant
design.  However this tends to be expensive as one duplicates hardware.

So for cost reasons we had to implement safety at a fairly low level and
one of the areas is consideration of what would happen if an alpha
particle from the sun hit the RAM chip and corrupted your signal state
from RED to GREEN due to a 1 bit corruption.  Would you now turn your
signal GREEN ?

Obviously bit separation of enums is not the only thing we do, however
it is one of the tools in our cupboard.

--
Rakesh