From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,7a58195927ccb785
X-Google-Attributes: gid103376,public
From: dewar@merv.cs.nyu.edu (Robert Dewar)
Subject: Re: Not intended for use in medical devices
Date: 1997/05/03
Message-ID: <dewar.862714122@merv>#1/1
X-Deja-AN: 239219757
References: <3.0.32.19970503111453.007174bc@mail.4dcomm.com>
Organization: New York University
Newsgroups: comp.lang.ada
Date: 1997-05-03T00:00:00+00:00
List-Id: <comp.lang.ada>


Robert Leif says

<<I have very strong reservations about reviewing object code.  Although
configuration management tools could be configured to prevent changes in
the object code, I believe that there would be a very strong temptation for
some of the programmers to hand optimize the object code.>>


How can you possibly avoid reviewing object code for safety critical
programs? Certainly I am unaware of any acceptable methodology that
can be used today that avoids reviewing object code. I agree that we
need to develop such techn9ologies, but we are not there yet.

I think the concern about optimizing object code is misplaced. The typical
procedures followed for reviewing object code do not begin to allow for 
this kind of optimization, and I have never seen that be a problem. Indeed
usually for safety critical code, a common demand is that the compiler
NOT do any optimization (of course that is not a very well defined requirement)