From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-ArrivalTime: 2003-12-27 09:34:27 PST Path: archiver1.google.com!news2.google.com!newsfeed2.dallas1.level3.net!news.level3.com!crtntx1-snh1.gtei.net!news.gtei.net!newsfeed1.easynews.com!easynews.com!easynews!elnk-pas-nf1!elnk-nf2-pas!newsfeed.earthlink.net!attbi_feed3!attbi.com!attbi_s54.POSTED!not-for-mail From: "Jeff C," Newsgroups: comp.arch.embedded,comp.lang.ada References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <$km9afA3DB7$EAYO@phaedsys.demon.co.uk> <3feda44e_3@mk-nntp-1.news.uk.worldonline.com> Subject: Re: Certified C compilers for safety-critical embedded systems X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: NNTP-Posting-Host: 24.34.215.119 X-Complaints-To: abuse@comcast.net X-Trace: attbi_s54 1072546467 24.34.215.119 (Sat, 27 Dec 2003 17:34:27 GMT) NNTP-Posting-Date: Sat, 27 Dec 2003 17:34:27 GMT Organization: Comcast Online Date: Sat, 27 Dec 2003 17:34:27 GMT Xref: archiver1.google.com comp.arch.embedded:6165 comp.lang.ada:3854 Date: 2003-12-27T17:34:27+00:00 List-Id: "Georg Bauhaus" wrote in message news:bskd67$6me$1@a1-hrz.uni-duisburg.de... > In comp.lang.ada Ian Bell wrote: > :James Rogers> foo : My_Array_Type; > :> > :> for num in 0..99 loop > :> foo(num) := num; > :> end loop; > :> > :> All Ada compilers will correctly identify the error in the for loop. > :> [...] > : > : I know nothing about ada so this is a genuine query rather than a ctiticism. > : The above example is fine as long as literals are used - even a C compiler > : could be devised to make this check - but what happens when the array index > : is computed? > > Wouldn't that become a famous compiler that finds out, at compile > time, which value a certain variable is going to have? :-) > > If you want a hole in your foot, you can make one, though it might > not be easy: Again, tools like this do exist. One can argue over how well they work but they do exist. Tools like Polyspace Verifier can at times tell you statically that you have a problem in your code. For example the following psuedo code fragment would likely be flagged as a potential error by polyspace A, b : float; C : integer; D : array(1 .. 10) of float; begin A := random_float; B := cos(a); C := integer(C * 9.0) + 1; D(C) := 0; end; while code like A, b : float; C : integer; D : array(1 .. 10) of float; begin A := random_float; B := cos(a); C := integer(C * 9.0) + 1; if C >= D'first and C <= D'last then D(C) := 0; end if; end; Would not generate an error during static analysis. (at least not for the obvious error I intended to introduce in the first case ... :) These tools exist now and have existed for some years.