Re: Ada and Automotive Industry

[jsa@alexandria (Jon S Anthony)]

In article <32a442b1.2110383@news.geccs.gecm.com> andy.ashworth@gecm.com (Andy Ashworth) writes:

> FWIW my two-penn'orth on the issue of safety and languages. Safety is
> a property of a system, i.e. the combination of software, hardware,
> hydraulics, and other bits you can kick. I agree with Chris that the
> safety of a language is a moot point if the tool support is buggy -
> while the code source file may be inherently "safer" (i.e. perception
> of correctness is higher) for Ada or Modula 2 than for C or C++, when
> compiled with buggy tools the safety of the overall system is
> degraded.

I don't see how this (and even more especially, the [to be charitable]
"peculiar views" of Chris) are in any way relevant to the issue of
whether a language can foster safty by exhibiting features and
structure which promote easier and more rigorous specification and
implmentation of design.

Second, C++ implementations tend to have a rather, shall we say, large
number of bugs in them.  None even seem to implement the language as
currently and tentatively "defined".  C implementations also have
their fair share of bugs.

If you have shitty tools, you will indeed have problems.  But in this
day and age, the readily available Ada compilers seem to be rather
more robust than any C++ compilers.  Indeed, in many respects C++
implementations are sort of where Ada compilers were ten years ago.
There are indeed some good C implementations, but I wouldn't class
them as any better at what they do than what GNAT or ObjectAda are at
what they do.


>  Having spent a number of years assessing real industrial safety
> critical systems, I have come to the conclusion that the language
> used is not an issue; rather, it is how it is used that can
> significantly affect the ultimate safety levels.

Of course it is an issue.  It may not be as big an issue as some other
aspects, but it definitely can affect how well, and especially how
easily, some of the other things (design, team coordination,
integration, etc) can be accomplished.

> How the language is used is one function of management and IMHO it
> is weak management that is the greatest threat to public safety
> where software is              ^^^^^^^^

Here, we agree.  I would include "weak mangagement" wrt to poor
choices vis-a-vis implementation - including language choice.


> concerned and not the use of a language with weak semantics. I
> believe that ADA, Modula 2 and other so called safe languages can
> produce and unsafe result just as the unsafe languages like C can be
> used to produce a safe system.

Sure, you can not take advantage, misuse, or otherwise abuse the
capabilities of anything to produce an inferior result.  You can
intentionally or through ignorance not use a tool as it was intended
and thereby not make use of what it has to offer.  It is the old
story, "you can make it fool proof, but can you make it damn fool
proof?"  It's not clear how this should somehow imply that you should
thus use an inferior tool.


/Jon

-- 
Jon Anthony
Organon Motives, Inc.
Belmont, MA 02178
617.484.3383
jsa@organon.com