Re: JOB:Sr. SW Engineers Wanted-Fortune 500 Co

["Pat Rogers" <progers@NOclasswideSPAM.com>]

"Hyman Rosen" <hymie@prolifics.com> wrote in message
news:t7n1pk6gwx.fsf@calumny.jyacc.com...
> "Mike Silva" <mjsilva@jps.net> writes:
> > This is a silly strawman, since nobody (at least, nobody who wants
to be
> > taken seriously) ever makes such extreme claims.  It's all a matter
of
> > increasing the odds, and both the C language and the C culture
invite buggy
> > code (sad to say, I've written my share).  Every C programmer should
perform
> > the eye-opening exercise of determining how many C bugs they
encounter would
> > not have been possible, or would have been quickly spotted, in Ada.
>
> I would assume that for safety-critical code, the development process
> is such that these errors would be found if they were present. After
> all, Ada's error checks can help only in the development process, not
> once the pacemaker is installed, so the code would have to be
carefully
> checked to make sure that no exceptions would actually be triggered.
> This is the same process the C code would go through.

Error checking at run-time is still vital, and Ada's checking (if left
in) can help.

Although it is a common practice in (well-done!) safety-critical
development to prove that exceptions cannot occur, they still can.  The
obvious cause is radiation-induced hardware errors.  The more difficult
issue, because it is based upon human imperfection, is that of errors in
the specification.  No amount of program proof will circumvent that
problem.  In that case run-time checks can serve to invoke the fault
tolerance mechanisms, however extensive those may or may not be.
Clearly some applications can have no fall-back position (the classic
example is a launched missile) and in those cases there's no point in
checking.   But in those cases in which faults can be tolerated the
checks are directly helpful.

That's not to say that similar checks cannot be hand-coded in any
language, but that is another issue.

--
Pat Rogers                            Training and Consulting in:
http://www.classwide.com      Deadline Schedulability Analysis
progers@classwide.com        Software Fault Tolerance
(281)648-3165                       Real-Time/OO Languages