From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2004-01-09 08:57:42 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!small1.nntp.aus1.giganews.com!border1.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Fri, 09 Jan 2004 10:57:40 -0600 Date: Fri, 09 Jan 2004 11:57:40 -0500 From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems References: <3fe00b82.90228601@News.CIS.DFN.DE> <5802069.JsgInS3tXa@linux1.krischik.com> <1072464162.325936@master.nyc.kbcfp.com> <1563361.SfB03k3vvC@linux1.krischik.com> <11LvOkBBXw7$EAJw@phaedsys.demon.co.uk> <3ff0687f.528387944@News.CIS.DFN.DE> <1086072.fFeiH4ICbz@linux1.krischik.com> <3ff18d4d.603356952@News.CIS.DFN.DE> <1731094.1f7Irsyk1h@linux1.krischik.com> <3ff1b8ef.614528516@News.CIS.DFN.DE> <3FF1E06D.A351CCB4@yahoo.com> <3ff20cc8.635997032@News.CIS.DFN.DE> <3ff9df16.30249104@News.CIS.DFN.DE> <1073573635.128327@master.nyc.kbcfp.com> In-Reply-To: <1073573635.128327@master.nyc.kbcfp.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: NNTP-Posting-Host: 24.34.214.193 X-Trace: sv3-WOXuPfwbCfXem6JQIpSmEiJ1LuNdFCFotbhGETanXUSetZkQB9QuuPoOsiG6VxqWaXoZN7i9tXaDt/N!joOyYVpYI3OwlDNrs/hodCB5jT46rTnq8PRhUfm7kv0UnzB/IMxExuJj0xj5fg== X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: archiver1.google.com comp.arch.embedded:7162 comp.lang.ada:4260 Date: 2004-01-09T11:57:40-05:00 List-Id: Hyman Rosen wrote: > Scott Moore wrote: > >> "safety critical C" is an oxymoron if I ever heard one. > > > Ariane 5! Ariane 5! Nyah nyah! Nyah nyah! In every group that I participated in that ever discussed issues of code reuse from a systems perspective, the fact that an M1A1 tank was not an M1 tank was discussed. (Substitute F-15 and F-15E for Air Force sponsored groups and so on.) The result, of course is that you may be able to reuse much of the code, but you CANNOT reuse the requirements analysis. And if the requirements change, then the testing has to change. So even if you can reuse 100% of the code, that only saves 15% of the overall software costs. Library reuse works on the other hand, but you have to invest in building the library independent of an particular development project. If a reuse library contains software that matches your requirements, then you have a component that solves part of your problem and does not require a new test plan, test suite, and testing. (You still need to perform system test however.) Arianne 501 crashed because the bean counters tried to do software reuse without repeating the requirements analysis, and later cut out all system testing. Oops! Incidently the subsequent Arianne 5 failures followed almost identical fault trees, but they did not involve Ada code. -- Robert I. Eachus "The war on terror is a different kind of war, waged capture by capture, cell by cell, and victory by victory. Our security is assured by our perseverance and by our sure belief in the success of liberty." -- George W. Bush