From: bobduff@world.std.com (Robert A Duff)
Subject: Re: Can OO be successful in real-time embedded systems?
Date: 1996/05/09
Date: 1996-05-09T00:00:00+00:00 [thread overview]
Message-ID: <Dr58I4.6Go@world.std.com> (raw)
In-Reply-To: m0uHHBP-0000ztC@crash.cts.com
In article <m0uHHBP-0000ztC@crash.cts.com>,
Robert C. Leif, Ph.D. <rleif@MAIL.CTS.COM> wrote:
>Worse yet, how do you test dynamic binding for a medical or similar critical
>application.? I suspect that any savings in code creation cost would be
>offset by the testing costs . I do not see an obvious way to do white box
>testing of run-time dispatching.
Run-time dispatching is just like a case-statement, except the branches
are scattered all over the code. To do white-box testing, you have to
track down all overridings of a given procedure. Having done that, it's
no harder than testing a case statement. So, I think you want a tool to
do that tracking down. I use "grep" for that purpose, but one could
imagine something more helpful.
>... I do want to employ a tool to tell me did
>anyone in the group do run-time dispatching.
I think you *really* want a tool that tells you, for any given call,
which subprogram bodies might get executed. Once you have that
information, testing is no harder than testing a case statement.
Timing analysis is similar: for a case statement, you need to worry
about the worst case, over all branches of the case statement. For a
polymorphic call, you need to worry about the worst case, over all
overridings. The only difference is that it's harder to track down all
the overridings, because they're scattered about. (I have no idea how
you can really do worst-case timing analysis on modern machines, with
all kinds of complicated caching and whatnot. But that's a separate
issue.)
Proofs are similar: you need to track down all overridings.
Alternatively, you can take the Eiffel approach, where you assert
something about the original operation, and prove that all overridings
obey that assertion.
You also need to deal with modifications to code. For a case statement,
if somebody adds a new branch, you need to re-analyze, if your analysis
depends on that information. Likewise, if you add a new overriding, you
need to re-analyze if your original analysis depended on tracking down
all overridings.
>... I know that I could buy a
>compiler with the Safety and Security Annex. However, that is ridiculous
>over-kill. You have provably heard my line, that Ada 95 is the Safety and
>Security annex of C++.
That's an amusing typo. How can you "prove" that I've heard your line?
Well, I guess if you read *this*, you can prove it beyond a reasonable
doubt. ;-)
>... First one switches a C or C++ developer to Ada 95,
>then, latter on, one can start discussion of the Safety and Security Annex.
But beware: there's a lot more to safety than is codified in the SS Annex.
- Bob
next prev parent reply other threads:[~1996-05-09 0:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <m0uHHBP-0000ztC@crash.cts.com>
1996-05-09 0:00 ` Can OO be successful in real-time embedded systems? Jon S Anthony
1996-05-09 0:00 ` Robert A Duff [this message]
1996-05-09 0:00 ` Ken Garlington
1996-05-09 0:00 ` Robert A Duff
1996-05-10 0:00 ` Ken Garlington
1996-05-09 0:00 ` Richard Riehle
1996-05-10 0:00 ` Robert A Duff
1996-05-13 0:00 ` Richard Riehle
[not found] <316BF0C5.1FE1@condat.de>
1996-04-11 0:00 ` Jon S Anthony
[not found] ` <RMARTIN.96Apr11113222@rcm.oma.com>
[not found] ` <31749A27.3949@ag01.kodak.COM>
[not found] ` <4lggff$r56@gaia.ns.utk.edu>
[not found] ` <4mhh3m$h8m@globe.indirect.com>
1996-05-07 0:00 ` Richard Riehle
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox