From: bobduff@world.std.com (Robert A Duff)
Subject: Re: Can OO be successful in real-time embedded systems?
Date: 1996/05/09
Date: 1996-05-09T00:00:00+00:00 [thread overview]
Message-ID: <Dr5MHs.J4B@world.std.com> (raw)
In-Reply-To: 3191DE76.130F@lmtas.lmco.com
In article <3191DE76.130F@lmtas.lmco.com>,
Ken Garlington <garlingtonke@lmtas.lmco.com> wrote:
>For safety-critical systems, you might also want to use pragma
>Reviewable, coupled with a tool that reads the resulting analysis file,
>to examine the object code for each dispatch and verify that the
>case-ish object code meets certain criteria. We do this now for case
>statements, and I would expect that we would extend the technique for
>dispatching.
The definition of pragma Reviewable is pretty vague. We'll have to rely
on people who really care about this pragma, to admonish vendors to
produce useful information.
>The real difference between dispatching and case statements, in my
>mind, is that case statements usually only generate different code if
>the case statement itself is changed. Even if the range of the case
>selector is changed, for example, the case itself usually has the same
>object code. Thus, you can sometimes limit the scope of analysis for
>regression test purposes.
Right. To test polymorphic code in this way, you have to track down all
overridings.
>For dispatching, this isn't going to be the case (so to speak.) We're
>going to have to be more careful about doing analysis of dispatch
>points. However, with reasonable tools and CM practices, this should
>not be insurmountable.
Dispatching calls are like case statements, except that the case
branches are open-ended. One just needs to take that open-endedness
into account.
>That's certainly true. Further, I don't see the annex as being all that
>much "over-kill." Except for Normalize_Scalars and 'Valid, you can
>pretty much have the whole annex with current Ada 83 tools (although
>the implementation is not the same, of course). I would like to believe
>that, for safety and security related applications, the annex would
>serve as a perfectly reasonable tool kit.
The SS annex is very much UNDER-kill, and intentionally so. If you say,
"my program obeys the SS annex, and therefore can be used safely", I'll
think you're a crackpot. If you say, "my program uses the SS annex
(among other things) to ensure safety", then I'll take it more
seriously.
- Bob
next prev parent reply other threads:[~1996-05-09 0:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <m0uHHBP-0000ztC@crash.cts.com>
1996-05-09 0:00 ` Can OO be successful in real-time embedded systems? Robert A Duff
1996-05-09 0:00 ` Ken Garlington
1996-05-09 0:00 ` Robert A Duff [this message]
1996-05-10 0:00 ` Ken Garlington
1996-05-09 0:00 ` Richard Riehle
1996-05-10 0:00 ` Robert A Duff
1996-05-13 0:00 ` Richard Riehle
1996-05-09 0:00 ` Jon S Anthony
[not found] <316BF0C5.1FE1@condat.de>
1996-04-11 0:00 ` Jon S Anthony
[not found] ` <RMARTIN.96Apr11113222@rcm.oma.com>
[not found] ` <31749A27.3949@ag01.kodak.COM>
[not found] ` <4lggff$r56@gaia.ns.utk.edu>
[not found] ` <4mhh3m$h8m@globe.indirect.com>
1996-05-07 0:00 ` Richard Riehle
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox