From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,59dddae4a1f01e1a
X-Google-Attributes: gid103376,public
From: bobduff@world.std.com (Robert A Duff)
Subject: Re: Need help with PowerPC/Ada and realtime tasking
Date: 1996/05/29
Message-ID: <Ds6M4D.E09@world.std.com>#1/1
X-Deja-AN: 157405847
references: <d-struble.107.001A95C3@ti.com> <dewar.833197805@schonberg>
 <63085717wnr@diphi.demon.co.uk> <31AC0712.29DF@lmtas.lmco.com>
organization: The World Public Access UNIX, Brookline, MA
newsgroups: comp.lang.ada
Date: 1996-05-29T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <31AC0712.29DF@lmtas.lmco.com>,
Ken Garlington  <garlingtonke@lmtas.lmco.com> wrote:
>...At least
>in my environment, the software engineer provides feedback to the domain
>engineer, so I suppose it is a software engineering job to get requirements
>changed, suggest additional safety features, etc.

A very good point.  If a brick-layer notices that laying bricks the way
the architect said is impossible or stupid or even just questionable,
then the brick-layer ought to notify the architect that something is,
perhaps, screwed up.

>It sounds like the point has already been made, but it is also good to
>remmeber that, technically, correctness and safety don't have to be related.
>You can have correct software that is unsafe, and incorrect software that
>is safe.

I suppose it depends on your definition of "correct".  The
proof-of-correctness folks define "correct" to mean "correctly obeys the
formal specification".  To me, that's a bogus definition.  In plain
English, a "correct" program is one that does what it's supposed to do,
regardless of whether the specification is wrong.  If you show me a word
processor that deletes my file when I told it to italicize a word, to
me, that's incorrect, even if you can show me a (bogus) formal spec that
says that the "italicize word" function should delete files.  If you
show me a flight-control program that crashes airplanes, that's
incorrect IMHO, despite the fact that you might show me a formal spec
saying it did what the formal spec says.

- Bob