From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Preventing type extensions
Date: Wed, 22 Sep 2010 21:30:05 +0200
Date: 2010-09-22T21:30:05+02:00 [thread overview]
Message-ID: <87r5gl8tky.fsf@ludovic-brenta.org> (raw)
In-Reply-To: 5c0d7798-ba09-4bd0-a28f-f1b028cce927@y3g2000vbm.googlegroups.com
Cyrille Comar writes on comp.lang.ada:
> On Sep 22, 10:01 am, "J-P. Rosen" <ro...@adalog.fr> wrote:
>> Ada is unique in that you can have true methods (aka primitive
>> operations) that belong to a specific type, and class-wide operations
>> that are unique for a whole subtree.
>
> what is unique about that? In C++ you also have methods and other
> subprograms taking a class as a parameter. I don't see any fundamental
> difference between the latter and what you call "classwide
> operations" (and by which I suppose you simply mean a subprogram with
> classwide parameters, right?)
>
>> Because they are unique, coverage testing drops from N to 1.
>
> No idea of what you are talking about... I suppose this is a reference
> to what OOTiA calls "pessimistic testing" but I still don't understand
> your claim.
>
>>>> For inlining, I was referring to the corresponding chapter of OOTiA
>>
>>> That's what I supposed.... There is little to be reused in that part
>>> of the document...
>>
>> I agree that there is nothing here specific to OO. However, inlining is
>> a problem when you need level A (code) coverage, because it creates
>> often dead code or hard to test paths.
>
> Level A requires statements+mcdc coverage. inlining doesn't impact any
> of those coverage metrics. It might impact object coverage, which can
> be used as an alternative method (with additional work to show
> equivalene with the aboce mentioned metrics)
My understanding (from the days when I worked at Barco Avionics) was
that level A requires full path (MC/DC) coverage at the object level,
not the source level. This includes proof of absence of dead object
code. The only practical way to achieve this is source-level MC/DC
coverage *plus* complete source-to-object traceability, including proof
of absence of object code not corresponding to any source. In fact,
this is the essential difference between levels A and B.
> and it might also impact
> source-to-object traceability analysis. This is just a potentially
> complicating factor that you have to take into account when you make
> your plans and define your coding standard...
Oh, you said "just"!
>>> It is not the case. There is very little of OOTiA left in the OO
>>> supplement. It was an input to the process but the subcommittee soon
>>> realized that little could be reused. For one thing, most of the
>>> material is at the level of "coding standard" material and thus not at
>>> the right level for a standard such as DO-178.
>>
>> Sure. I would expect DO-178C to be more objectives-driven, while the
>> OOTiA was more about processes and issues. Can't OOTiA be considered as
>> a document that explores possible ways to achieve the objectives of DO-178C?
>
> not really. OOTiA raised all the issues that people had in mind when
> the document was written. Most of the issues come from either
> - people from the certif community not knowing OO very well (the
> fear factor)
> - people from the OO community not mastering DO-178
And people not knowing Ada and thinking that the only OO language was
C++. I totally agree with Jean-Pierre that Ada has made a very
important contribution to OO technology in distinguishing class-wide
from specific types; C++ does not have class-wide types, it only has
class-wide *pointer* (and reference) types; and it conversely does not
have specific pointer or reference types. Consider:
type T is tagged private;
function Construct return T'Class;
type T_Access is access all T; -- no equivalent in C++
type T_Class_Access is access all T'Class; -- equivalent to T* in C++
Object : T'Class := Construct; -- no equivalent in C++; you need a pointer
Another area where Ada helps certification is where it distinguishes
pool-specific from general access types. C and C++ are both completely
helpless in this respect. Consider:
type T_Access is access T'Class; -- no equivalent in C++
type T_General_Access is access all T'Class; -- equivalent to T* in C++
Hey, just a wild idea: how about
type T_Stack_Access is access aliased T;
which indicates that access values of this type can *only* designate
aliased objects that are on the stack, and never on the heap?
--
Ludovic Brenta.
next prev parent reply other threads:[~2010-09-22 19:30 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-12 10:18 Preventing type extensions Florian Weimer
2010-09-12 11:59 ` Ludovic Brenta
2010-09-12 12:53 ` Florian Weimer
2010-09-12 21:23 ` Maciej Sobczak
2010-09-13 5:32 ` Florian Weimer
2010-09-13 7:13 ` Dmitry A. Kazakov
2010-09-13 9:19 ` Georg Bauhaus
2010-09-13 9:42 ` Dmitry A. Kazakov
2010-09-13 10:23 ` Niklas Holsti
2010-09-13 12:55 ` Cyrille
2010-09-13 13:55 ` Dmitry A. Kazakov
2010-09-13 21:13 ` J-P. Rosen
2010-09-21 13:57 ` Cyrille
2010-09-21 14:19 ` Dmitry A. Kazakov
2010-09-21 14:44 ` Cyrille
2010-09-21 16:25 ` Dmitry A. Kazakov
2010-09-21 17:11 ` Georg Bauhaus
2010-09-21 18:11 ` Dmitry A. Kazakov
2010-09-23 20:00 ` Simon Wright
2010-09-23 20:49 ` Dmitry A. Kazakov
2010-09-24 9:10 ` Georg Bauhaus
2010-09-24 10:24 ` Dmitry A. Kazakov
2010-09-24 13:30 ` Niklas Holsti
2010-09-24 16:27 ` Dmitry A. Kazakov
2010-09-24 17:47 ` Niklas Holsti
2010-09-24 19:42 ` Dmitry A. Kazakov
2010-09-21 14:32 ` J-P. Rosen
2010-09-21 15:02 ` Cyrille
2010-09-21 15:26 ` J-P. Rosen
2010-09-21 16:18 ` Cyrille
2010-09-22 8:01 ` J-P. Rosen
2010-09-22 17:28 ` Cyrille
2010-09-22 19:30 ` Ludovic Brenta [this message]
2010-09-22 19:51 ` Florian Weimer
2010-09-22 20:14 ` Dmitry A. Kazakov
2010-09-22 20:25 ` Florian Weimer
2010-09-22 20:38 ` Dmitry A. Kazakov
2010-09-22 21:25 ` Vinzent Hoefler
2010-09-22 21:20 ` Georg Bauhaus
2010-09-22 20:16 ` Ludovic Brenta
2010-09-22 20:34 ` Florian Weimer
2010-09-22 22:45 ` Britt Snodgrass
2010-09-23 8:02 ` Ludovic Brenta
2010-09-23 16:51 ` Pascal Obry
2010-09-23 18:37 ` Florian Weimer
2010-09-23 18:55 ` Pascal Obry
2010-09-23 20:28 ` Ludovic Brenta
2010-09-24 9:20 ` Ludovic Brenta
2010-09-24 14:49 ` Simon Wright
2010-09-24 15:09 ` Ludovic Brenta
2010-09-24 16:21 ` Robert A Duff
2010-09-25 7:10 ` Pascal Obry
2010-09-25 12:03 ` Brian Drummond
2010-09-24 8:16 ` J-P. Rosen
2010-09-24 8:39 ` Cyrille
2010-09-24 9:27 ` Cyrille
2010-09-29 16:47 ` J-P. Rosen
2010-09-30 10:08 ` Cyrille
2010-10-05 17:02 ` J-P. Rosen
2010-10-08 7:50 ` Cyrille
2010-10-08 13:58 ` Cyrille
2010-10-08 20:12 ` Dmitry A. Kazakov
2010-10-11 7:57 ` Cyrille
2010-10-11 8:24 ` Dmitry A. Kazakov
2010-10-12 5:23 ` Shark8
2010-10-13 9:06 ` J-P. Rosen
2010-10-13 17:37 ` Cyrille
2010-10-13 18:50 ` Dmitry A. Kazakov
2010-09-21 14:50 ` (see below)
2010-09-21 17:37 ` Cyrille
2010-09-21 19:07 ` (see below)
2010-09-13 13:05 ` Dmitry A. Kazakov
2010-09-13 20:21 ` Niklas Holsti
2010-09-13 21:00 ` Dmitry A. Kazakov
2010-09-13 21:10 ` J-P. Rosen
2010-09-14 12:16 ` Niklas Holsti
2010-09-14 16:46 ` Dmitry A. Kazakov
2010-09-14 18:08 ` Niklas Holsti
2010-09-14 18:32 ` Niklas Holsti
2010-09-15 8:18 ` Dmitry A. Kazakov
2010-09-14 17:04 ` J-P. Rosen
2010-09-13 15:12 ` Securing type extensions (was: Preventing type extensions) Georg Bauhaus
2010-09-13 15:29 ` Securing type extensions Dmitry A. Kazakov
2010-09-13 17:23 ` Simon Wright
2010-09-13 20:22 ` Georg Bauhaus
2010-09-13 20:41 ` Dmitry A. Kazakov
2010-09-14 10:02 ` Georg Bauhaus
2010-09-14 12:22 ` Dmitry A. Kazakov
2010-09-14 21:18 ` Georg Bauhaus
2010-09-15 8:15 ` Dmitry A. Kazakov
2010-09-15 20:47 ` Georg Bauhaus
2010-09-16 7:47 ` Dmitry A. Kazakov
2010-09-16 11:52 ` Georg Bauhaus
2010-09-16 12:45 ` Dmitry A. Kazakov
2010-09-16 20:53 ` Georg Bauhaus
2010-09-16 21:37 ` Dmitry A. Kazakov
2010-09-17 8:45 ` Georg Bauhaus
2010-09-17 9:39 ` Dmitry A. Kazakov
2010-10-05 5:59 ` Randy Brukardt
2010-09-13 18:32 ` Preventing " Florian Weimer
2010-09-13 20:30 ` Dmitry A. Kazakov
2010-09-22 19:41 ` Florian Weimer
2010-09-22 20:34 ` Dmitry A. Kazakov
2010-09-22 21:10 ` Georg Bauhaus
2010-09-17 0:16 ` Shark8
2010-09-17 7:04 ` AdaMagica
2010-09-17 21:05 ` Shark8
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox