From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_05,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,2c6139ce13be9980 X-Google-Attributes: gid109fba,public X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1014db,3d3f20d31be1c33a X-Google-Attributes: gid1014db,public From: donh@syd.csa.com.au (Don Harrison) Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/15 Message-ID: #1/1 X-Deja-AN: 256944531 Sender: news@syd.csa.com.au X-Nntp-Posting-Host: dev50 References: <5q45af$kjs$1@flood.weeg.uiowa.edu> Organization: CSC Australia, Sydney Reply-To: donh@syd.csa.com.au Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel,comp.lang.c,comp.lang.c++ Date: 1997-07-15T00:00:00+00:00 List-Id: Robert S. White wrote: :In article , gwinn@res.ray.com :says... : ...snip... :>However, there was a lot more to it than to say it was Ada: We were :>required to use a special safety-critical-code subset of Ada, which was :>*sharply* smaller than Ada83. (I no longer recall the details, but I :>could dig them up, given a week or three. It seems to me that it was a :>commercial product.) :> :>Perhaps aside from the strong typing, it was not clear just what was left :>that was particular to Ada, or why one couldn't do the same radical :>simplification to any language one might choose, to much the same effect. :> :>So, I don't know that I buy the theory that Ada83 or Ada95 is the only :>choice for safety-critical systems, as what survives isn't really either :>language, and one can do the same surgery on any reasonable language. : ...snip... : : Sorry Joe I do not agree! Well, you're both right. Joe is right is saying that when you strip out (read don't use) the powerful features of languages for safety-critical applications, they start to look the same. You're also right in saying that what's left over become the distinguishing features. :Even if you strip down Ada 83 to a small :subset you still benefit from a lot of the design requirements :that went into the language. Even more so with Eiffel because you're still have, among other things, the reliability/reuse enhancing facilities of: - Built-in, general purpose, inheritable contracts. - A rigorous, fine-grained encapsulation model. : I have been implementing software solutions in industry since 1978 :so I think I qualify as an equal curmudgeon to yourself as far is to :what works and what does not work. No silver bullets, although a good :problem domain understanding, actual software _design_ with peer :reviews, and software inspections with checklists, and finally :low level whitebox software module tests (along with final qual :tests to requirements) work best for safety-critical software. Ada is :still an aid, IMO for the end safety-critical objective. Eiffel has :yet to prove its advantages to me. All these things are good. Adding Design by Contract to them helps you even more. Don. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Don Harrison donh@syd.csa.com.au