* "Ravenscar-like" profile for C/C++
@ 2004-04-25 13:23 Marc Le Roy
2004-04-25 19:43 ` Marc Le Roy
` (3 more replies)
0 siblings, 4 replies; 16+ messages in thread
From: Marc Le Roy @ 2004-04-25 13:23 UTC (permalink / raw)
Hello,
ADA Ravenscar is a restricted subset of the ADA language that has been
defined for real-time software development in safety critical applications.
Completed with additional restrictions like the ones defined in the SPARK
profile, it allow to build very deterministic applications that support
automatic static code analysis and schedulability analysis.
http://www.acm.org/pubs/articles/proceedings/ada/289524/p1-dobbing/p1-dobbing.pdf
I would like to know if there is a similar standard for C / C++. I found
only MISRA-C and EC++, but they are rather permissive with respect to the
Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
that are out of the scope of the C/C++ standards, I suppose that an
equivalent of the Ravenscar profile in C/C++ should make reference to an
RTOS.
Marc
--
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: "Ravenscar-like" profile for C/C++
2004-04-25 13:23 "Ravenscar-like" profile for C/C++ Marc Le Roy
@ 2004-04-25 19:43 ` Marc Le Roy
2004-04-25 20:30 ` Jack Klein
` (2 subsequent siblings)
3 siblings, 0 replies; 16+ messages in thread
From: Marc Le Roy @ 2004-04-25 19:43 UTC (permalink / raw)
Sorry for the incorrect link, the reference document about the Ravenscar
profile is here:
"Guide for the use of the Ada Ravenscar Profile in high integrity systems"
http://polaris.dit.upm.es/~str/proyectos/ork/documents/RP_ug.pdf
Marc
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: "Ravenscar-like" profile for C/C++
2004-04-25 13:23 "Ravenscar-like" profile for C/C++ Marc Le Roy
2004-04-25 19:43 ` Marc Le Roy
@ 2004-04-25 20:30 ` Jack Klein
[not found] ` <c6gked$1ha4$1@ulysses.noc.ntua.gr>
[not found] ` <c6gkip$1hhv$1@ulysses.noc.ntua.gr>
3 siblings, 0 replies; 16+ messages in thread
From: Jack Klein @ 2004-04-25 20:30 UTC (permalink / raw)
On Sun, 25 Apr 2004 15:23:32 +0200, "Marc Le Roy"
<invalide@invalide.com> wrote in comp.lang.c:
> Hello,
>
> ADA Ravenscar is a restricted subset of the ADA language that has been
> defined for real-time software development in safety critical applications.
> Completed with additional restrictions like the ones defined in the SPARK
> profile, it allow to build very deterministic applications that support
> automatic static code analysis and schedulability analysis.
> http://www.acm.org/pubs/articles/proceedings/ada/289524/p1-dobbing/p1-dobbing.pdf
>
> I would like to know if there is a similar standard for C / C++. I found
> only MISRA-C and EC++, but they are rather permissive with respect to the
> Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
> that are out of the scope of the C/C++ standards, I suppose that an
> equivalent of the Ravenscar profile in C/C++ should make reference to an
> RTOS.
>
> Marc
Why do you think that you have the right to hijack any replies from
comp.lang.c++ or comp.lang.ada and prevent their authors from seeing
them in the group where they posted them? Either your question is
topical in those groups and replies belong there as well, or it is not
topical in those groups and you shouldn't have cross-posted there in
the first place.
The question is certainly off-topic in comp.lang.c, where all of
"Ravenscar", "ADA", and "C++" are irrelevant, as are real time
operating systems, or indeed any operating systems at all. MISRA and
any or all other third-party standards are also not topical, the only
standard that is relevant here is ISO.
The newsgroup comp.lang.c discusses the features and use the C
language as defined by the various versions of the ISO/ANSI standards,
and prior to that by the first edition of the "C Programming Language"
by Kernighan & Ritchie. Subsets or auxiliary standards from any
source are off-topic.
If you want inter-language comparisons, and discussions of software
development methodologies (which is what MISRA-C is, after all) such
groups as news:comp.programming and news:comp.software-eng are
appropriate. Cross-posting to multiple language groups is not.
--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~ajo/docs/FAQ-acllc.html
^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <c6gked$1ha4$1@ulysses.noc.ntua.gr>]
* Re: "Ravenscar-like" profile for C/C++
[not found] ` <c6gked$1ha4$1@ulysses.noc.ntua.gr>
@ 2004-04-25 20:31 ` Jack Klein
2004-04-26 1:14 ` Ioannis Vranos
0 siblings, 1 reply; 16+ messages in thread
From: Jack Klein @ 2004-04-25 20:31 UTC (permalink / raw)
On Sun, 25 Apr 2004 18:11:10 +0300, "Ioannis Vranos"
<ivr@guesswh.at.emails.ru> wrote in comp.lang.c:
> "Marc Le Roy" <invalide@invalide.com> wrote in message
> news:c6gdub$j92$1@news-reader4.wanadoo.fr...
> > Hello,
> >
> > ADA Ravenscar is a restricted subset of the ADA language that has been
> > defined for real-time software development in safety critical
> applications.
> > Completed with additional restrictions like the ones defined in the SPARK
> > profile, it allow to build very deterministic applications that support
> > automatic static code analysis and schedulability analysis.
> >
> http://www.acm.org/pubs/articles/proceedings/ada/289524/p1-dobbing/p1-dobbing.pdf
> >
> > I would like to know if there is a similar standard for C / C++. I found
> > only MISRA-C and EC++, but they are rather permissive with respect to the
> > Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
> > that are out of the scope of the C/C++ standards, I suppose that an
> > equivalent of the Ravenscar profile in C/C++ should make reference to an
> > RTOS.
>
>
> There is no reason for such a subset in C++. Use the part of C++ that fits
> your needs. The whole language is designed for maximum run-time/space
> efficiency. I place here the contents of a page of my old web site which i
> think you will find useful:
[large snip]
You have completely mis-understood the question.
The issues here have nothing at all to do with run-time/space
efficiency, but about, as the OP specifically stated, "safety critical
applications". The phrase you used in the part of your overly long
pedantic message that I snipped, "mission critical applications", is
not, never has been, and never will be remotely similar. In fact, it
is nothing more than a marketing buzz word.
This renders your answer meaningless in the context.
--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~ajo/docs/FAQ-acllc.html
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: "Ravenscar-like" profile for C/C++
2004-04-25 20:31 ` Jack Klein
@ 2004-04-26 1:14 ` Ioannis Vranos
2004-04-26 5:48 ` Martin Krischik
0 siblings, 1 reply; 16+ messages in thread
From: Ioannis Vranos @ 2004-04-26 1:14 UTC (permalink / raw)
"Jack Klein" <jackklein@spamcop.net> wrote in message
news:ev7o80lpud3gfmicusomjs5std2a0dimga@4ax.com...
>
> The phrase you used in the part of your overly long
> pedantic message that I snipped, "mission critical applications", is
> not, never has been, and never will be remotely similar. In fact, it
> is nothing more than a marketing buzz word.
Why marketing buzz word? You can do something like:
#include <fstream>
#include <string>
#include <cctype>
class DictionaryFileException
{
};
class dictionaryFile
{
std::ifstream dicFile;
std::string dicFileName;
public:
dictionaryFile(const std::string &filePath) throw (DictionaryFileException)
{
dicFileName=filePath;
dicFile.open(filePath.c_str());
if(dicFile.fail())
throw DictionaryFileException();
FileValidation();
}
void FileValidation() throw (DictionaryFileException)
{
using namespace std;
char input[256];
do
{
dicFile.get(input,256);
if(isspace(input[0]) or (input[0]=='\\' and input[1]=='\\'))
continue;
else if(!isalpha(input[0]) and !isdigit(input[0]))
throw DictionaryFileException();
}while(!dicFile.eof());
}
};
C++ provides the necessary structures to built very reliable, efficient and
mission critical systems. In the above i define what exceptions are expected
from each member function, and we can also use the Resrource Aquisition is
Initializatization technique which the standard library itself also uses.
Ioannis Vranos
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: "Ravenscar-like" profile for C/C++
2004-04-26 1:14 ` Ioannis Vranos
@ 2004-04-26 5:48 ` Martin Krischik
2004-04-26 11:06 ` Michiel Salters
0 siblings, 1 reply; 16+ messages in thread
From: Martin Krischik @ 2004-04-26 5:48 UTC (permalink / raw)
Ioannis Vranos wrote:
> C++ provides the necessary structures to built very reliable, efficient
> and mission critical systems. In the above i define what exceptions are
> expected from each member function, and we can also use the Resrource
> Aquisition is Initializatization technique which the standard library
> itself also uses.
The problem with savety critical programming in C or C++ is not what is
allowed or possible but what should not be allowed and should be
impossible. And for that I just need two line:
char X[10];
X[10]='A';
With Regards
Martin
--
mailto://krischik@users.sourceforge.net
http://www.ada.krischik.com
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: "Ravenscar-like" profile for C/C++
2004-04-26 5:48 ` Martin Krischik
@ 2004-04-26 11:06 ` Michiel Salters
2004-04-26 11:08 ` Vinzent 'Gadget' Hoefler
0 siblings, 1 reply; 16+ messages in thread
From: Michiel Salters @ 2004-04-26 11:06 UTC (permalink / raw)
Martin Krischik <krischik@users.sourceforge.net> wrote in message news:<1082964421.KuB1viW3U1@linux1.krischik.com>...
> Ioannis Vranos wrote:
>
> The problem with savety critical programming in C or C++ is not what is
> allowed or possible but what should not be allowed and should be
> impossible. And for that I just need two line:
>
> char X[10];
> X[10]='A';
What's the problem with that code, from a safety perspective? Certainly
a C compiler which is supposed to be suited for safety-critical programs
will diagnose this. The base C and C++ languages have quite a number
of "undefined behavior - no diagnostic required" cases, but a similar
profile may very well tighten that to "undefined behavior - must be
rejected at compile time".
The base philosophy in C and C++ is that flexibility can be traded
for safety, but not vice versa. Certainly, in C++ it is easy to
create a verifiable subset. For instance, it is possible to define
a range template and with it a <int,0,10> type. The toolset would
be hard pressed to prove that the range template is correct and
overflow-free. However, this could be proven by humans. The tool
chain instead only has to check that all possible overflows are
located in this checked range< > code. Together, this would prove
that a body of code is overflow-free.
Regards,
Michiel Salters
^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <c6gkip$1hhv$1@ulysses.noc.ntua.gr>]
end of thread, other threads:[~2004-05-15 2:27 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-04-25 13:23 "Ravenscar-like" profile for C/C++ Marc Le Roy
2004-04-25 19:43 ` Marc Le Roy
2004-04-25 20:30 ` Jack Klein
[not found] ` <c6gked$1ha4$1@ulysses.noc.ntua.gr>
2004-04-25 20:31 ` Jack Klein
2004-04-26 1:14 ` Ioannis Vranos
2004-04-26 5:48 ` Martin Krischik
2004-04-26 11:06 ` Michiel Salters
2004-04-26 11:08 ` Vinzent 'Gadget' Hoefler
2004-04-26 11:13 ` Vinzent 'Gadget' Hoefler
[not found] ` <fcaee77e.0405050140.6d3a5b7b@posting.google.com>
[not found] ` <p8ih90tob4d617h6tjev9d0jmj20h716lu@jellix.jlfencey.com>
2004-05-05 17:44 ` Martin Dowie
2004-05-06 17:22 ` Peter Amey
2004-05-06 21:06 ` Martin Dowie
2004-05-15 2:27 ` Alexander Kopilovitch
[not found] ` <c6gkip$1hhv$1@ulysses.noc.ntua.gr>
[not found] ` <408c0ce4$0$15674$626a14ce@news.free.fr>
2004-04-25 20:37 ` Jack Klein
2004-04-26 5:40 ` Martin Krischik
2004-05-05 6:22 ` Craig Carey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox