From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a3ca574fc2007430 X-Google-Attributes: gid103376,public X-Google-Thread: 115aec,f41f1f25333fa601 X-Google-Attributes: gid115aec,public From: jsa@alexandria (Jon S Anthony) Subject: Re: Ada and Automotive Industry Date: 1996/12/04 Message-ID: #1/1 X-Deja-AN: 202386169 sender: news@organon.com (news) references: <55ea3g$m1j@newsbf02.news.aol.com> <3280DA96.15FB@hso.link.com> organization: Organon Motives, Inc. newsgroups: comp.lang.ada,comp.realtime Date: 1996-12-04T00:00:00+00:00 List-Id: In article <32a442b1.2110383@news.geccs.gecm.com> andy.ashworth@gecm.com (Andy Ashworth) writes: > FWIW my two-penn'orth on the issue of safety and languages. Safety is > a property of a system, i.e. the combination of software, hardware, > hydraulics, and other bits you can kick. I agree with Chris that the > safety of a language is a moot point if the tool support is buggy - > while the code source file may be inherently "safer" (i.e. perception > of correctness is higher) for Ada or Modula 2 than for C or C++, when > compiled with buggy tools the safety of the overall system is > degraded. I don't see how this (and even more especially, the [to be charitable] "peculiar views" of Chris) are in any way relevant to the issue of whether a language can foster safty by exhibiting features and structure which promote easier and more rigorous specification and implmentation of design. Second, C++ implementations tend to have a rather, shall we say, large number of bugs in them. None even seem to implement the language as currently and tentatively "defined". C implementations also have their fair share of bugs. If you have shitty tools, you will indeed have problems. But in this day and age, the readily available Ada compilers seem to be rather more robust than any C++ compilers. Indeed, in many respects C++ implementations are sort of where Ada compilers were ten years ago. There are indeed some good C implementations, but I wouldn't class them as any better at what they do than what GNAT or ObjectAda are at what they do. > Having spent a number of years assessing real industrial safety > critical systems, I have come to the conclusion that the language > used is not an issue; rather, it is how it is used that can > significantly affect the ultimate safety levels. Of course it is an issue. It may not be as big an issue as some other aspects, but it definitely can affect how well, and especially how easily, some of the other things (design, team coordination, integration, etc) can be accomplished. > How the language is used is one function of management and IMHO it > is weak management that is the greatest threat to public safety > where software is ^^^^^^^^ Here, we agree. I would include "weak mangagement" wrt to poor choices vis-a-vis implementation - including language choice. > concerned and not the use of a language with weak semantics. I > believe that ADA, Modula 2 and other so called safe languages can > produce and unsafe result just as the unsafe languages like C can be > used to produce a safe system. Sure, you can not take advantage, misuse, or otherwise abuse the capabilities of anything to produce an inferior result. You can intentionally or through ignorance not use a tool as it was intended and thereby not make use of what it has to offer. It is the old story, "you can make it fool proof, but can you make it damn fool proof?" It's not clear how this should somehow imply that you should thus use an inferior tool. /Jon -- Jon Anthony Organon Motives, Inc. Belmont, MA 02178 617.484.3383 jsa@organon.com