From: Robert Dewar <dewar@gnat.com>
Subject: Re: Is an RTOS Required for Ada?
Date: 1999/05/20
Date: 1999-05-20T00:00:00+00:00 [thread overview]
Message-ID: <7i1b7p$3nb$1@nnrp1.deja.com> (raw)
In-Reply-To: wccogjh80os.fsf@world.std.com
In article <wccogjh80os.fsf@world.std.com>,
Robert A Duff <bobduff@world.std.com> wrote:
> Robert Dewar <dewar@gnat.com> writes:
>
> That makes no sense to me. Why couldn't you just certify
> those run-time routines that you use? Isn't it easier to
> certify the bcopy routine, than to certify many inlined copies
> of the same algorithm?
Well, certification issues often make no sense to technical
people not aware of the special requirements :-)
First of all, you cannot in general certify existing code,
because part of (at least some of the protocols) for
certification is to document (in exhausting and exhaustive)
detail, the procedures and protocols used to develop and
manage the code during the production process.
Certification is a very heavy and expensive process (I heard
one company quote an average productivity of one machine
instruction per day per person in this context).
You can get some idea of the expense of certifying a run-time
by looking at some of the products on the market today. They
are not inexpensive!
To reimplement under certification conditions, and to
actually certify even a small part of the run-time library
would be an expensive process that would have to be passed
on to the user. In the case of bcopy, as Tarjei points out,
the code is inline in most cases anyway. The added
certification of inlining the few cases that do not get
inlined in the normal case is negligible compared to the
cost of generating a special certified library.
Another issue is that there are several different protocols
for safety-critical certification. It is not possible to
provide a pre-certified run-time that adheres 100% too all
possible protocols, so one has to choose a commonly used
one. We find that many customers far prefer a model in which
they have custody over 100% of the code in the application,
and can make sure that all of the code meets their particular
certification requirements.
This is certainly a very specialized field, and we expect
the GNORT capability to be relevant only in those situations
where the 100% code certification issue is critical.
Robert Dewar
Ada Core Technologies
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
next prev parent reply other threads:[~1999-05-20 0:00 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-05-13 0:00 Is an RTOS Required for Ada? Tramse
1999-05-13 0:00 ` Marin David Condic
1999-05-13 0:00 ` Rakesh Malhotra
1999-05-14 0:00 ` Tramse
1999-05-16 0:00 ` Robert Dewar
1999-05-19 0:00 ` Robert A Duff
1999-05-20 0:00 ` Robert Dewar [this message]
1999-05-25 0:00 ` George Romanski
1999-05-25 0:00 ` Robert Dewar
1999-05-26 0:00 ` George Romanski
1999-05-28 0:00 ` Robert Dewar
1999-06-09 0:00 ` Robert A Duff
1999-06-09 0:00 ` Robert Dewar
1999-05-28 0:00 ` Rod Chapman
1999-05-28 0:00 ` Robert Dewar
1999-05-28 0:00 ` Richard D Riehle
1999-05-28 0:00 ` David C. Hoos, Sr.
1999-05-20 0:00 ` Tarjei Tj�stheim Jensen
1999-05-20 0:00 ` Larry Kilgallen
1999-05-20 0:00 ` Tarjei Tj�stheim Jensen
1999-05-20 0:00 ` Larry Kilgallen
1999-05-21 0:00 ` Robert Dewar
1999-05-16 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox