From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,2c6139ce13be9980
X-Google-Attributes: gidfac41,public
X-Google-Thread: 1108a1,2c6139ce13be9980
X-Google-Attributes: gid1108a1,public
X-Google-Thread: f43e6,2c6139ce13be9980
X-Google-Attributes: gidf43e6,public
X-Google-Thread: 1014db,3d3f20d31be1c33a
X-Google-Attributes: gid1014db,public
X-Google-Thread: 109fba,2c6139ce13be9980
X-Google-Attributes: gid109fba,public
X-Google-Thread: 103376,3d3f20d31be1c33a
X-Google-Attributes: gid103376,public
From: gwinn@res.ray.com (Joe Gwinn)
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/07/10
Message-ID: <gwinn-1007971853320001@dh5152077.res.ray.com>#1/1
X-Deja-AN: 256070569
References: <ED2MuF.4n6.0.-s@inmet.camb.inmet.com> <ED3E9M.F0u@syd.csa.com.au>
Organization: Raytheon Electronic Systems
Newsgroups: 
 comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel,comp.lang.c,comp.lang.c++
Date: 1997-07-10T00:00:00+00:00
List-Id: <comp.lang.ada>


I would comment that we designed a real safety-critical system, the
Microwave Landing System (now cancelled for the convenience of the
Government, in honor of GPS and WAAS), in a subset of Ada83.  (Ada95 was
not available at the time.)

However, there was a lot more to it than to say it was Ada:  We were
required to use a special safety-critical-code subset of Ada, which was
*sharply* smaller than Ada83.  (I no longer recall the details, but I
could dig them up, given a week or three.  It seems to me that it was a
commercial product.)

Perhaps aside from the strong typing, it was not clear just what was left
that was particular to Ada, or why one couldn't do the same radical
simplification to any language one might choose, to much the same effect.

So, I don't know that I buy the theory that Ada83 or Ada95 is the only
choice for safety-critical systems, as what survives isn't really either
language, and one can do the same surgery on any reasonable language. 
What makes it a safety language is the surgery, not the starting point.  

Sort of like Frankenstein's Monster.

Joe Gwinn