From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-12-26 03:29:22 PST Path: archiver1.google.com!news2.google.com!newsfeed2.dallas1.level3.net!news.level3.com!crtntx1-snh1.gtei.net!news.gtei.net!newsfeed1.easynews.com!newsfeed2.easynews.com!easynews.com!easynews!newsfeed.news2me.com!newsfeed.icl.net!newsfeed.fjserv.net!colt.net!kibo.news.demon.net!news.demon.co.uk!demon!phaedsys.demon.co.uk!chris From: Chris Hills Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems Date: Fri, 26 Dec 2003 11:21:10 +0000 Organization: Phaedrus Systems Message-ID: References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com> <2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com> <20619edc.0312221020.3fd1b4ee@posting.google.com> <20619edc.0312222106.3b369547@posting.google.com> <45cs9hAbLc6$EAAx@phaedsys.demon.co.uk> <20619edc.0312241511.3a934503@posting.google.com> NNTP-Posting-Host: phaedsys.demon.co.uk Mime-Version: 1.0 X-Trace: news.demon.co.uk 1072438162 24911 80.176.226.26 (26 Dec 2003 11:29:22 GMT) X-Complaints-To: abuse@demon.net NNTP-Posting-Date: Fri, 26 Dec 2003 11:29:22 +0000 (UTC) X-Newsreader: Turnpike Integrated Version 5.01 M <7y9ouFdz6gbBVVTek6rkWKl0do> Xref: archiver1.google.com comp.arch.embedded:6119 comp.lang.ada:3810 Date: 2003-12-26T11:21:10+00:00 List-Id: In article <20619edc.0312241511.3a934503@posting.google.com>, Mike Silva writes >Chris Hills wrote in message news:<45cs9hAbLc6$EAAx@phaedsy >s.demon.co.uk>... >> Sil1 Sil2 Sil3 Sil4 >> Ada HR HR R R >> ADA (subset) HR HR HR HR >> C R - NR NR >> >> as expected BUT >> >> C (subset, codinng standard and static analysis) >> HR HR HR HR > >I had a thought about this also. In the Ada case we see a change from >R (recommended) to HR (highly recommended) at SIL3 and SIL4. In the C >case we see a change from NR (not recommended), past - (no >recommendation) and R to HR. To go from Ada to SPARK is one step >(i.e. good to best) while to go from C to SIL4-C is three steps (i.e. >worst to best). btw not "worst to best" I agree to a point. I think this reflects the engineering profession is maturing and the support tools are coming of age. >How will that (3 step improvement vs. 1 step >improvement) manifest itself in the complexity, cost and lack of >errors in the tools, the expressiveness and ease of use of the >resulting language subset, etc, etc. I think that there are now tools and methods in place that there were not previously. The sheer weight of the commercial pressure has improved quality in the compilers and support tools. It has generated a lot of safety related support for a language that was not originally designed to be a safety critical language. This does not mean it can't be used for safety related projects just that initially the users were not working in that sort of a field so the mind set was not there. You could write appalling code in Ada but the average practitioner has been taught Ada with a view to safety related systems. The majority of C programmers were not. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/\ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/