From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, LOTS_OF_MONEY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,42427d0d1bf647b1 X-Google-Attributes: gid103376,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: Ada Core Technologies and Ada95 Standards Date: 1996/04/05 Message-ID: #1/1 X-Deja-AN: 145939545 references: <00001a73+00002c20@msn.com> <828038680.5631@assen.demon.co.uk> <828127251.85@assen.demon.co.uk> <315FD5C9.342F@lfwc.lockheed.com> <3160EFBF.BF9@lfwc.lockheed.com> <828475321.18492@assen.demon.co.uk> <31623F5E.4EAE@lfwc.lockheed.com> <31639EA2.7AE2@lfwc.lockheed.com> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.ada Date: 1996-04-05T00:00:00+00:00 List-Id: Ken Garlington asks why it is infeasible for a compiler vendor to deliver the source code to the AVF for anaysis. Ken, you have some experience here. What would you say is the cost of analysis and thorough testing of half a million lines of someone elses code, under the conditions that the code is, throughout, extremely complex. Remember that a typical compiler has had several hundred person years invested in the code, at least this figure is right for several Ada compilers that I know of. How much more investment would be necessary from the AVF to significantly improve the level of confidence on the basis of examination of the source code. Let's suppose that for this kind of examination and white box testing, a figure of 10 lines/day is reasonable (this is ten lines of source code). I suspect this number is high, but I deliberately what to be on the high side. Then we arrive at a figure of 250 person years to evaluate the code of an Ada compiler. OK, so that's about 25 million dollars. I *think* it is ok to regard this as infeasible :-) The real point, which you did not address, is that even if you were to supply the check for $25 million, it would not solve the problem of timely delivery and verification of improvements etc. Compilers tend to be quite dynamic objects, for instance, even a mature compiler that itself is pretty stable is likely to need tinkering for a new version of an operating system. Furthermore, we are still missing a formal specifcation of Ada 95 against which to formally measure compliance. The EEC spent a couple of million dollars trying to get such a formal definition of Ada 83, and failed to produce a complete usable definition. Basically they ended up with two telephone books of formula that (a) were incomplete (b) could not be determined to be equiavlent to the RM (c) could not even be determined to be equivalent to the existing ACVC tests and (d) certainly contained at least some errors. Ken, in your message, you again refer to users expecting the ACVC suite to guarantee conformance to the standard. How many times does it have to be said? The ACVC suite cannot do this, does not attempt to do this, and anyone who thinks it does do this, or could do this, is mistaken! Once again, I refer you to John Goodenough's writings on the subject, and to the other material I mentioned before. P.S. If you would like to send a check for $25 million to ACT, I think I can promise that 5 years from now we wlil have a compiler that is much closer to conforming to the standard (of course I can also promise this if you *don't* send us the $25 million :-)