Re: Ada safety road Was: Which is right ...

[Robert Dewar <robert_dewar@my-deja.com>]

In article <928703068.617.98@news.remarQ.com>,
  "Vladimir Olensky" <vladimir_olensky@yahoo.com> wrote:

> I was just thinking about different aspects of providing some
> general kind of "foolproofness" to program written in Ada in
places where RM
> define program behavior as erroneous.
> I think nobody would like to be on a plane that performed
> erroneous flight
> """' ' '  ^~\_+.
> Anyone would prefer to be accidentally on board of the wrong
> flight instead.

Don't worry, safety critical software of this type is certified,
and typically written in a small safe subset of Ada. It would
be VERY unusual to allow Unchecked_Deallocation *at all* in
such an application, and if it was allowed, it would have to
verified that all possible calls were safe.

It is VERY important for Ada programmers to be aware of the
situations which lead to erroneous programs. You can easily
search through the RM to find all such cases.

In fact I will repeat again my thought here. This is a VERY
marginal case of erroneousness. If you want to get into the
business of writing a "checkout" compiler that spends extra
time and space to check for as many erroneous situations as
possible, this is not at the top of the list for cases that
are useful to check!

Remember though, that runtime checks, while very useful, are
not a panacea.

I don't want to be on a plane that executes erroneous code,
but I also don't want the captain to get a message saying
that Constraint_Error was raised at such and such a location :-)
(in fact run time checks are in my experience usually turned
off for safety critical code, since they cause trouble with
deactivated code in verification protocols).


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.