From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,820de86ed0dafb8a X-Google-Attributes: gid103376,public From: reason67@my-deja.com Subject: Re: Help Me Please :) Date: 2000/03/29 Message-ID: <8bt1t4$qvs$1@nnrp1.deja.com>#1/1 X-Deja-AN: 603849541 References: <89rlvr$gn9$1@nntp3.atl.mindspring.net> <38D8A607.F61F0FFF@mail.com> <8bqcu2$s0p$1@nnrp1.deja.com> <8brgcd$5kp$1@nnrp1.deja.com> X-Http-Proxy: NetCache@www-blv-proxy6.boeing.com: Version NetApp Release 3.4D6: Mon Aug 23 16:40:19 PDT 1999-Solaris, 1.0 x27.deja.com:80 (Squid/1.1.22) for client 12.13.226.16 Organization: Deja.com - Before you buy. X-Article-Creation-Date: Wed Mar 29 13:53:46 2000 GMT X-MyDeja-Info: XMYDJUIDreason67 Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.5 [en]C-CCK-MCD Boeing Kit (Win95; I) Date: 2000-03-29T00:00:00+00:00 List-Id: In article <8brgcd$5kp$1@nnrp1.deja.com>, Robert Dewar wrote: > Well there was no smiley there, so let's assume the (rather > hard to believe) point is being made seriously. > > In that case it is way way off base. Any safety critical > software is validated and verified at the object level. You > never depend on the correctness of the compiler, or the > correctness of understanding of the high level language > semantics. Not the point I was making and also not always the case. I have seen safty critical systems that wrote their SRS's such that they did not have to do V&V on the Object level. And they did not. I agree that they should, but should and do are not always the same. > Furthermore, in most safety critical software, one would never > have such a handler? Why not because it might typically be the > case that the handler code is deactivated, and deactivated code > is not permitted in many SC protocols. Since I have worked in Safty Critical software for 11 years with several Aerospace Companies (I am a contract engineer), I can safely say that while you may have reason to think that what you are saying is true, in reality, it is not the way the code is delivered. In fact, one aircraft that I worked on required that all exceptions be caught at the lowest levels and propagated out of subprograms as status. I expect you can quote more reasons why this is an incorrect way to do Safty Critical software. I can state that your discription is inaccurate for code I have seen and the code I have written for several aircraft (military and otherwise). Now where I have seen the kind of thing you are talking about is when doing hard real-time embedded stuff (Greater that 256 MHz cycle time with limited memory with no OS, but where I did that was in a simulator which is definitely not safty critical). > Finally, 11.6 is about optimization, it is almost always the > case that you want *no* optimization for SC code. Why? Because > you want the best possible correspondence between source code > and object code. That I agree with. The same is true with hard real-time (which on first glace seems backwards). --- Jeffrey S. Blatt Sent via Deja.com http://www.deja.com/ Before you buy.