From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,74b55538385b7366 X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: Ada safety road Was: Which is right ... Date: 1999/06/06 Message-ID: <7jf1ik$8v6$1@nnrp1.deja.com>#1/1 X-Deja-AN: 486458056 References: <928083159.436.79@news.remarQ.com> <928174549.336.98@news.remarQ.com> <7iuqkc$ln6$1@nnrp1.deja.com> <928529202.956.79@news.remarQ.com> <928569312.951.42@news.remarQ.com> <7jb1l9$694$1@nnrp1.deja.com> <928703068.617.98@news.remarQ.com> X-Http-Proxy: 1.0 x37.deja.com:80 (Squid/1.1.22) for client 166.72.70.236 Organization: Deja.com - Share what you know. Learn what you don't. X-Article-Creation-Date: Sun Jun 06 23:51:50 1999 GMT Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I) Date: 1999-06-06T00:00:00+00:00 List-Id: In article <928703068.617.98@news.remarQ.com>, "Vladimir Olensky" wrote: > I was just thinking about different aspects of providing some > general kind of "foolproofness" to program written in Ada in places where RM > define program behavior as erroneous. > I think nobody would like to be on a plane that performed > erroneous flight > """' ' ' ^~\_+. > Anyone would prefer to be accidentally on board of the wrong > flight instead. Don't worry, safety critical software of this type is certified, and typically written in a small safe subset of Ada. It would be VERY unusual to allow Unchecked_Deallocation *at all* in such an application, and if it was allowed, it would have to verified that all possible calls were safe. It is VERY important for Ada programmers to be aware of the situations which lead to erroneous programs. You can easily search through the RM to find all such cases. In fact I will repeat again my thought here. This is a VERY marginal case of erroneousness. If you want to get into the business of writing a "checkout" compiler that spends extra time and space to check for as many erroneous situations as possible, this is not at the top of the list for cases that are useful to check! Remember though, that runtime checks, while very useful, are not a panacea. I don't want to be on a plane that executes erroneous code, but I also don't want the captain to get a message saying that Constraint_Error was raised at such and such a location :-) (in fact run time checks are in my experience usually turned off for safety critical code, since they cause trouble with deactivated code in verification protocols). Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't.