From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,6405eefbf080daa6 X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: Is an RTOS Required for Ada? Date: 1999/05/20 Message-ID: <7i1b7p$3nb$1@nnrp1.deja.com>#1/1 X-Deja-AN: 480145900 References: <373B2927.7B22F898@pop.safetran.com> <19990514155120.03860.00000396@ng-cr1.aol.com> <7hmc18$jr6$1@nnrp1.deja.com> X-Http-Proxy: 1.0 x39.deja.com:80 (Squid/1.1.22) for client 129.37.79.153 Organization: Deja.com - Share what you know. Learn what you don't. X-Article-Creation-Date: Thu May 20 15:54:35 1999 GMT Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I) Date: 1999-05-20T00:00:00+00:00 List-Id: In article , Robert A Duff wrote: > Robert Dewar writes: > > That makes no sense to me. Why couldn't you just certify > those run-time routines that you use? Isn't it easier to > certify the bcopy routine, than to certify many inlined copies > of the same algorithm? Well, certification issues often make no sense to technical people not aware of the special requirements :-) First of all, you cannot in general certify existing code, because part of (at least some of the protocols) for certification is to document (in exhausting and exhaustive) detail, the procedures and protocols used to develop and manage the code during the production process. Certification is a very heavy and expensive process (I heard one company quote an average productivity of one machine instruction per day per person in this context). You can get some idea of the expense of certifying a run-time by looking at some of the products on the market today. They are not inexpensive! To reimplement under certification conditions, and to actually certify even a small part of the run-time library would be an expensive process that would have to be passed on to the user. In the case of bcopy, as Tarjei points out, the code is inline in most cases anyway. The added certification of inlining the few cases that do not get inlined in the normal case is negligible compared to the cost of generating a special certified library. Another issue is that there are several different protocols for safety-critical certification. It is not possible to provide a pre-certified run-time that adheres 100% too all possible protocols, so one has to choose a commonly used one. We find that many customers far prefer a model in which they have custody over 100% of the code in the application, and can make sure that all of the code meets their particular certification requirements. This is certainly a very specialized field, and we expect the GNORT capability to be relevant only in those situations where the 100% code certification issue is critical. Robert Dewar Ada Core Technologies --== Sent via Deja.com http://www.deja.com/ ==-- ---Share what you know. Learn what you don't.---