TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy


Options: Use Classic View

Use Monospaced Font
Show HTML Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Transfer-Encoding: 7bit
Sender: "Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
From: "Matthew S. Whiting" <[log in to unmask]>
Date: Sun, 26 Jul 1998 14:31:18 -0400
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Parts/Attachments: text/plain (32 lines)
(No Name Available) wrote:
> [log in to unmask] (Samuel Mize) quoted and then wrote:
> >> We want to build a safety related system (a control computer for=20
> >> a flight simulator connected to a motion platform).
> >...
> >> Our safty concept simply requires, that the Ada main detects a failure
> >> in the C part and then shuts down the simulator.
> >A rogue pointer in the C section can be used to write over anything in
> >its address space: C data, Ada data, C or Ada code...  If your
> >hardware and OS don't detect address-space violations, the C can write
> >into random parts of the Ada even if they're in separate processes, or
> >even into the OS data or code.
> Leaving the Ada issues and the many valid C concerns aside, I would feel
> very anxious about entering a flight simulator which I know depended upon
> some hardware and OS which did _not_ detect address-space violations.  A
> safety-related system should not skimp on the language-independent aspects
> of the project.  If each computer is to be connected to a big physical
> machine, computer hardware cost or OS license fees can hardly be an issue.

It seems a little melodramatic to me to consider a flight SIMULATOR to
be a safety critical application.  Now a flight CONTROL system in a real
airplane is another matter...

If C is to be used, I much prefer to see it used in a simulator where
the greatest danger is damage to equipment rather than people.