From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,42427d0d1bf647b1 X-Google-Attributes: gid103376,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: Ada Core Technologies and Ada95 Standards Date: 1996/04/10 Message-ID: #1/1 X-Deja-AN: 146896901 references: <00001a73+00002c20@msn.com> <4kf739$f00@cliffy.lfwc.lockheed.com> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.ada Date: 1996-04-10T00:00:00+00:00 List-Id: Michael Cordes said >Robert Dewar has responded to Ken Garlington's posts indicating that >it is foolish to expect the ACVCs to guatantee an Ada compiler meets >the RM. >I don't think that Ken, or anybody else in the user community, expects >the ACVC to guarantee 100% compliance with the RM. I did, however, believe >that the ACVC provided *some* measure of quality. I certainly agree, and have never disagreed on this, in fact I precisely enumerated in one of my recent messages just how the ACVC does contribute to quality. In fact I think Ken *did* expect the ACVC to guarantee compliance, and unfortunately this is not possible. >on the pathological cases and make a strong argument for doing nothing >while we continue to develop safety critical code with *validated* >compilers which generate bad code for some of the more simple Ada >features. Unfortunately simple black box testing cannot even guarantee that 100% of simple Ada features are completely accurately implemented. >Instead of flaming us for expecting to much, take our comments and >feedback from your "larger" user community, and challenge yourself >(i.e., the Ada compiler vendors) to provide a high quality >product that meets all of our needs. Well of course, we certainly do aim at that. The point is that the black box testing of the ACVC suite can only be one part of that process. At ACT for example, we have an extremely rigorous development process. Among other steps we take, we run our complete regression suite (which is far more extensive than the ACVC suite) before making even the most minor change to the system (the regression suite has been run well over a thousand times in the last six months). This is very helpful in ensuring that we do not introduce regressions, but does not guarantee this. We also run the entire ACVC suite every day, and this too is another helpful step. As with most complex programming tasks, quality is achieved with a multi-faceted approach. The important thing is to realize that the ACVC can only ever be one component of this multi-faceted approach, so the single fact of validation, while significant, does not guarantee anything specific, and in particular does not guarantee quality for any particular definition of quality.