From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI
	autolearn=unavailable autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-12-26 17:58:36 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!lon1-news.nildram.net!213.253.16.105.MISMATCH!mephistopheles.news.clara.net!news.clara.net!usenet-fr.net!enst.fr!melchior!cuivre.fr.eu.org!melchior.frmug.org!not-for-mail
From: Stephen Leake <stephen_leake@acm.org>
Newsgroups: comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
Date: 26 Dec 2003 20:58:12 -0500
Organization: Cuivre, Argent, Or
Message-ID: <mailman.181.1072490304.31149.comp.lang.ada@ada-france.org>
References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com>
	<x0%Db.16$_l6.25998@news.uswest.net>
	<3bf1uvg2ntadvahfud2rg6ujk24sora6gr@4ax.com>
	<2u3auvogde8ktotlaq0ldiaska3g416gus@4ax.com>
	<bs62ph$giu$1@newshost.mot.com>
	<20619edc.0312221020.3fd1b4ee@posting.google.com>
	<b5feuv06s2nmpakq0o1b7v0kpd450v3eli@4ax.com>
	<20619edc.0312222106.3b369547@posting.google.com>
	<45cs9hAbLc6$EAAx@phaedsys.demon.co.uk>
	<3fe9f0d7.104475725@News.CIS.DFN.DE>
	<SLednTOvKejD0XeiRVn-gg@comcast.com>
	<fUk12TA8gB7$EA$E@phaedsys.demon.co.uk>
NNTP-Posting-Host: lovelace.ada-france.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: melchior.cuivre.fr.eu.org 1072490305 93115 80.67.180.195 (27 Dec 2003
 01:58:25 GMT)
X-Complaints-To: usenet@melchior.cuivre.fr.eu.org
NNTP-Posting-Date: Sat, 27 Dec 2003 01:58:25 +0000 (UTC)
To: comp.lang.ada@ada-france.org
Return-Path: <stephen_leake@acm.org>
In-Reply-To: <fUk12TA8gB7$EA$E@phaedsys.demon.co.uk>
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
X-Virus-Scanned: by amavisd-new-20030616-p5 (Debian) at ada-france.org
X-BeenThere: comp.lang.ada@ada-france.org
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: Gateway to the comp.lang.ada Usenet newsgroup
	<comp.lang.ada.ada-france.org>
List-Unsubscribe: <http://www.ada-france.org/mailman/listinfo/comp.lang.ada>,
	<mailto:comp.lang.ada-request@ada-france.org?subject=unsubscribe>
List-Post: <mailto:comp.lang.ada@ada-france.org>
List-Help: <mailto:comp.lang.ada-request@ada-france.org?subject=help>
List-Subscribe: <http://www.ada-france.org/mailman/listinfo/comp.lang.ada>,
	<mailto:comp.lang.ada-request@ada-france.org?subject=subscribe>
Xref: archiver1.google.com comp.lang.ada:3835
Date: 2003-12-26T20:58:12-05:00

Chris Hills <chris@phaedsys.org> writes:

> That is the problem. A non-validated Ada compiler would be no more value
> than a good C compiler. 

That's a pretty strong statement, and I would argue demonstrably
false. The public GNAT compiler 3.15p is non-validated (in the
strictest technical sense; that specific version does not come with a
validation certificate).

The version of Ada most likely to run on 8 bit machines would have no
tasking, no exceptions, and possibly no floating or fixed point, or
dynamic dispatching. That would still be a far better language than C!
Packages, generics, strong typing in general, aggregates,
representation clauses; none of these make demands on the run-time
environment, but all are very powerful programming language features.

> Actually a good C compiler eg the Keil C51 that has been extensively
> used in safety related projects by a large number of people would be
> better simply because of the empirical field usage compared to a
> non-validated Ada compiler with a small user base..

Well, if by "better" you solely mean "more trusted", or possibly "more
thoroughly tested", I would agree. But I'd still use the Ada compiler,
and write thorough unit tests. I don't trust _any_ compiler to not
have bugs when running _my_ code.

-- 
-- Stephe