From: reason67@my-deja.com
Subject: Re: Help Me Please :)
Date: 2000/03/29
Date: 2000-03-29T00:00:00+00:00 [thread overview]
Message-ID: <8bt1t4$qvs$1@nnrp1.deja.com> (raw)
In-Reply-To: 8brgcd$5kp$1@nnrp1.deja.com
In article <8brgcd$5kp$1@nnrp1.deja.com>,
Robert Dewar <robert_dewar@my-deja.com> wrote:
> Well there was no smiley there, so let's assume the (rather
> hard to believe) point is being made seriously.
>
> In that case it is way way off base. Any safety critical
> software is validated and verified at the object level. You
> never depend on the correctness of the compiler, or the
> correctness of understanding of the high level language
> semantics.
Not the point I was making and also not always the case. I have seen
safty critical systems that wrote their SRS's such that they did not
have to do V&V on the Object level. And they did not. I agree that they
should, but should and do are not always the same.
> Furthermore, in most safety critical software, one would never
> have such a handler? Why not because it might typically be the
> case that the handler code is deactivated, and deactivated code
> is not permitted in many SC protocols.
Since I have worked in Safty Critical software for 11 years with several
Aerospace Companies (I am a contract engineer), I can safely say that
while you may have reason to think that what you are saying is true, in
reality, it is not the way the code is delivered. In fact, one aircraft
that I worked on required that all exceptions be caught at the lowest
levels and propagated out of subprograms as status.
I expect you can quote more reasons why this is an incorrect way to do
Safty Critical software. I can state that your discription is inaccurate
for code I have seen and the code I have written for several aircraft
(military and otherwise).
Now where I have seen the kind of thing you are talking about is when
doing hard real-time embedded stuff (Greater that 256 MHz cycle time
with limited memory with no OS, but where I did that was in a simulator
which is definitely not safty critical).
> Finally, 11.6 is about optimization, it is almost always the
> case that you want *no* optimization for SC code. Why? Because
> you want the best possible correspondence between source code
> and object code.
That I agree with. The same is true with hard real-time (which on first
glace seems backwards).
---
Jeffrey S. Blatt
Sent via Deja.com http://www.deja.com/
Before you buy.
next prev parent reply other threads:[~2000-03-29 0:00 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-02-29 0:00 Help Me Please :) Will Mann
2000-03-01 0:00 ` Robert Dewar
2000-03-03 0:00 ` Florian Weimer
2000-03-03 0:00 ` tmoran
2000-03-04 0:00 ` Richard D Riehle
2000-03-05 0:00 ` Steve Arnold
2000-03-17 0:00 ` Robert A Duff
2000-03-18 0:00 ` Richard D Riehle
2000-03-18 0:00 ` James S. Rogers
2000-03-19 0:00 ` Robert A Duff
2000-03-20 0:00 ` Brian Rogoff
2000-03-20 0:00 ` Tucker Taft
2000-03-20 0:00 ` Florian Weimer
2000-03-22 0:00 ` Mats Weber
2000-03-27 0:00 ` Robert A Duff
2000-03-27 0:00 ` Hyman Rosen
2000-03-28 0:00 ` reason67
2000-03-28 0:00 ` Robert Dewar
2000-03-29 0:00 ` Simon Wright
2000-03-29 0:00 ` reason67 [this message]
2000-04-06 0:00 ` Simon Pilgrim
2000-04-07 0:00 ` Robert Dewar
2000-04-10 0:00 ` r_c_chapman
2000-03-28 0:00 ` Robert Dewar
2000-03-30 0:00 ` Mats Weber
2000-04-06 0:00 ` Exceptions (was: " Wes Groleau
2000-04-07 0:00 ` Mats Weber
2000-03-29 0:00 ` Richard D Riehle
2000-03-29 0:00 ` Robert Dewar
2000-03-31 0:00 ` Richard D Riehle
2000-03-31 0:00 ` Jean-Pierre Rosen
2000-03-31 0:00 ` Pascal Obry
2000-03-30 0:00 ` Mats Weber
2000-03-31 0:00 ` Richard D Riehle
2000-04-06 0:00 ` Wes Groleau
2000-03-30 0:00 ` Mats Weber
2000-03-30 0:00 ` Tucker Taft
[not found] ` <2000Mar3.183321.69279@ludens>
2000-03-03 0:00 ` Larry Kilgallen
2000-03-04 0:00 ` Robert Dewar
-- strict thread matches above, loose matches on Subject: below --
2000-02-29 0:00 Will Mann
2000-02-29 0:00 ` Stanley R. Allen
2000-02-29 0:00 ` Al Johnston
2000-03-01 0:00 ` Robert Dewar
2000-03-01 0:00 ` Al Johnston
2000-03-01 0:00 ` Stanley R. Allen
2000-03-01 0:00 ` tmoran
2000-03-01 0:00 ` Al Johnston
2000-03-02 0:00 ` Aidan Skinner
2000-03-01 0:00 ` Robert Dewar
2000-03-01 0:00 ` James Bean
2000-03-01 0:00 ` tmoran
[not found] <df481109.0106140310.5d923746@posting.google.com>
[not found] ` <9gb1uu$87u7o$1@ID-52877.news.dfncis.de>
2001-06-19 2:59 ` help me please! Ken Garlington
2001-06-16 10:20 ` C.D.Damron
2001-06-20 6:06 ` John Keeney
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox