From: Michiel.Salters@logicacmg.com (Michiel Salters)
Subject: Re: "Ravenscar-like" profile for C/C++
Date: 26 Apr 2004 04:06:08 -0700
Date: 2004-04-26T04:06:08-07:00 [thread overview]
Message-ID: <fcaee77e.0404260306.64acbe9@posting.google.com> (raw)
In-Reply-To: 1082964421.KuB1viW3U1@linux1.krischik.com
Martin Krischik <krischik@users.sourceforge.net> wrote in message news:<1082964421.KuB1viW3U1@linux1.krischik.com>...
> Ioannis Vranos wrote:
>
> The problem with savety critical programming in C or C++ is not what is
> allowed or possible but what should not be allowed and should be
> impossible. And for that I just need two line:
>
> char X[10];
> X[10]='A';
What's the problem with that code, from a safety perspective? Certainly
a C compiler which is supposed to be suited for safety-critical programs
will diagnose this. The base C and C++ languages have quite a number
of "undefined behavior - no diagnostic required" cases, but a similar
profile may very well tighten that to "undefined behavior - must be
rejected at compile time".
The base philosophy in C and C++ is that flexibility can be traded
for safety, but not vice versa. Certainly, in C++ it is easy to
create a verifiable subset. For instance, it is possible to define
a range template and with it a <int,0,10> type. The toolset would
be hard pressed to prove that the range template is correct and
overflow-free. However, this could be proven by humans. The tool
chain instead only has to check that all possible overflows are
located in this checked range< > code. Together, this would prove
that a body of code is overflow-free.
Regards,
Michiel Salters
next prev parent reply other threads:[~2004-04-26 11:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-25 13:23 "Ravenscar-like" profile for C/C++ Marc Le Roy
2004-04-25 19:43 ` Marc Le Roy
2004-04-25 20:30 ` Jack Klein
[not found] ` <c6gked$1ha4$1@ulysses.noc.ntua.gr>
2004-04-25 20:31 ` Jack Klein
2004-04-26 1:14 ` Ioannis Vranos
2004-04-26 5:48 ` Martin Krischik
2004-04-26 11:06 ` Michiel Salters [this message]
2004-04-26 11:08 ` Vinzent 'Gadget' Hoefler
2004-04-26 11:13 ` Vinzent 'Gadget' Hoefler
[not found] ` <fcaee77e.0405050140.6d3a5b7b@posting.google.com>
[not found] ` <p8ih90tob4d617h6tjev9d0jmj20h716lu@jellix.jlfencey.com>
2004-05-05 17:44 ` Martin Dowie
2004-05-06 17:22 ` Peter Amey
2004-05-06 21:06 ` Martin Dowie
2004-05-15 2:27 ` Alexander Kopilovitch
[not found] ` <c6gkip$1hhv$1@ulysses.noc.ntua.gr>
[not found] ` <408c0ce4$0$15674$626a14ce@news.free.fr>
2004-04-25 20:37 ` Jack Klein
2004-04-26 5:40 ` Martin Krischik
2004-05-05 6:22 ` Craig Carey
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox