> > We want to build a safety related system (a control computer for=20
> > a flight simulator connected to a motion platform).
> ...
> > Our safty concept simply requires, that the Ada main detects a failure
> > in the C part and then shuts down the simulator

Is the safety issue related to the motion of the platform, or to the
possibility of the user getting "wrong" training?

For the former, just have one or more Ada tasks with associated sensors
detect and override any unsafe motion of the platform.

The latter I don't have such a glib solution for.

"Any complex problem has a simple, easy-to-understand, wrong answer."
                                                        -- author unknown