From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,313a106b8dd38f30 X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: RATIONAL TESTMATE for ADA Testing - Any experiences to share ? Date: 1999/05/25 Message-ID: <7ifa35$l03$1@nnrp1.deja.com>#1/1 X-Deja-AN: 482063028 References: <374667df@news.compd.com> <7i99ls$lv$1@ins8.netins.net> <7i9du6$1a2$1@lure.pipex.net> <7ia9uj$30r$1@nnrp1.deja.com> <7id9ss$r41$1@ins8.netins.net> X-Http-Proxy: 1.0 x26.deja.com:80 (Squid/1.1.22) for client 205.232.38.14 Organization: Deja.com - Share what you know. Learn what you don't. X-Article-Creation-Date: Tue May 25 23:00:55 1999 GMT Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I) Date: 1999-05-25T00:00:00+00:00 List-Id: In article <7id9ss$r41$1@ins8.netins.net>, "Brian Collins" wrote: > Robert, > > Having a validated compiler, as I think > you mean the word, is important to say that functionally the > compiler will produce the correct code, but that is only a > very minor step. I know perfectly well what is involved in verification of safety-critical code, but I am afraid you miss my point. Validation of the compiler does NOT "say" that "functionally the compiler will produce the correct code". Validation of a compiler is neither necessary nor sufficient to make such a guarantee. That was my point, I am always worried that people read more into validation than is there, and the folks who REALLY know what verification is about are all too quick to assume that precisely that validation means that you have this assurance. it does not, it merely means that a set of tests have passed. These tests are *entirely* black box tests, so nothing like coverage or branch testing of the compiler is assured by the fact that it passes the ACVC tests. Robert Dewar P.S. Here at Ada Core Technologies, we are indeed quite aware of what is involved in certifying and verifying code. That is why our approach to safety-critical systems is to provide GNORT, a version of GNAT with absolutely no run-time at all (which means we don't have to certify our run-time!) --== Sent via Deja.com http://www.deja.com/ ==-- ---Share what you know. Learn what you don't.---