Re: "Ravenscar-like" profile for C/C++

comp.lang.ada
 help / color / mirror / Atom feed

From: Michiel.Salters@logicacmg.com (Michiel Salters)
Subject: Re: "Ravenscar-like" profile for C/C++
Date: 26 Apr 2004 04:06:08 -0700
Date: 2004-04-26T04:06:08-07:00	[thread overview]
Message-ID: <fcaee77e.0404260306.64acbe9@posting.google.com> (raw)
In-Reply-To: 1082964421.KuB1viW3U1@linux1.krischik.com

Martin Krischik <krischik@users.sourceforge.net> wrote in message news:<1082964421.KuB1viW3U1@linux1.krischik.com>...
> Ioannis Vranos wrote:
>
> The problem with savety critical programming in C or C++ is not what is
> allowed or possible but what should not be allowed and should be
> impossible. And for that I just need two line:
> 
> char X[10];
> X[10]='A';

What's the problem with that code, from a safety perspective? Certainly
a C compiler which is supposed to be suited for safety-critical programs
will diagnose this. The base C and C++ languages have quite a number
of "undefined behavior - no diagnostic required" cases, but a similar
profile may very well tighten that to "undefined behavior - must be 
rejected at compile time". 

The base philosophy in C and C++ is that flexibility can be traded 
for safety, but not vice versa. Certainly, in C++ it is easy to
create a verifiable subset. For instance, it is possible to define
a range template and with it a <int,0,10> type. The toolset would
be hard pressed to prove that the range template is correct and
overflow-free. However, this could be proven by humans. The tool
chain instead only has to check that all possible overflows are
located in this checked range< > code. Together, this would prove
that a body of code is overflow-free.

Regards,
Michiel Salters

next prev parent reply	other threads:[~2004-04-26 11:06 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-25 13:23 "Ravenscar-like" profile for C/C++ Marc Le Roy
2004-04-25 19:43 ` Marc Le Roy
2004-04-25 20:30 ` Jack Klein
     [not found] ` <c6gked$1ha4$1@ulysses.noc.ntua.gr>
2004-04-25 20:31   ` Jack Klein
2004-04-26  1:14     ` Ioannis Vranos
2004-04-26  5:48       ` Martin Krischik
2004-04-26 11:06         ` Michiel Salters [this message]
2004-04-26 11:08           ` Vinzent 'Gadget' Hoefler
2004-04-26 11:13             ` Vinzent 'Gadget' Hoefler
     [not found]             ` <fcaee77e.0405050140.6d3a5b7b@posting.google.com>
     [not found]               ` <p8ih90tob4d617h6tjev9d0jmj20h716lu@jellix.jlfencey.com>
2004-05-05 17:44                 ` Martin Dowie
2004-05-06 17:22                   ` Peter Amey
2004-05-06 21:06                     ` Martin Dowie
2004-05-15  2:27                     ` Alexander Kopilovitch
     [not found] ` <c6gkip$1hhv$1@ulysses.noc.ntua.gr>
     [not found]   ` <408c0ce4$0$15674$626a14ce@news.free.fr>
2004-04-25 20:37     ` Jack Klein
2004-04-26  5:40       ` Martin Krischik
2004-05-05  6:22       ` Craig Carey

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox