text/plain; charset="us-ascii"; format=flowed
Fri, 2 Jun 2000 08:30:48 -0400
At 05:20 PM 6/1/2000 , AdaWorks wrote:
>On Thu, 1 Jun 2000, Brashear, Phil wrote:
> > Unfortunately, it no longer seems to be the case that customers (DoD or
> > otherwise) insist on validation of their Ada compilers either, so maybe
> > are applying "the same standard" to C++.
>That is really sad. I wonder if the DoD has any idea of the risks
>it is taking with its software decisions. Is everyone so overwhelmed
>by economic considerations that the concerns of national defense
>have been preempted by shortcuts? Are we seeing a phenomenon that
>corresponds to fast-food and younger whiskey in defense policy? Have
>our decision-makers had their minds so polluted by TV sitcoms that
>they cannot see beyond the next thirty minute commercial?
Risks? What risks? Validation is not a complete (nor even a very good)
test of a compiler's correctness. A compiler is much too complex to find
all errors with any set of tests that might finish in a reasonable
time. So a "validated" compiler comes with errors. I would much rather
use an unvalidated compiler that is used by a million other people than a
validated compiler used by a few thousand. I really worry about the Ada 83
projects out there for that reason. There are some compilers for which
there are only a few users (VAX to 80386 bare cross compiler comes to mind).
Validation does test that each language feature is implemented according to
the Standard. This matters for portability, not safety.
Please note that I am not saying that validation is bad. Just that Program
Managers are not terribly interested in portability. Portable software
will help the -next- project, not the current one. So one can argue that
Program Managers are being short-sighted (which, unfortunately, is their
job), and that the costs of projects are higher than might otherwise be the
case if portability was a major concern. But I do not think validated
compilers are in any way safer than unvalidated compilers.