(No Name Available) wrote: > > [log in to unmask] (Samuel Mize) quoted and then wrote: > > >> We want to build a safety related system (a control computer for=20 > >> a flight simulator connected to a motion platform). > >... > >> Our safty concept simply requires, that the Ada main detects a failure > >> in the C part and then shuts down the simulator. > > >A rogue pointer in the C section can be used to write over anything in > >its address space: C data, Ada data, C or Ada code... If your > >hardware and OS don't detect address-space violations, the C can write > >into random parts of the Ada even if they're in separate processes, or > >even into the OS data or code. > > Leaving the Ada issues and the many valid C concerns aside, I would feel > very anxious about entering a flight simulator which I know depended upon > some hardware and OS which did _not_ detect address-space violations. A > safety-related system should not skimp on the language-independent aspects > of the project. If each computer is to be connected to a big physical > machine, computer hardware cost or OS license fees can hardly be an issue. It seems a little melodramatic to me to consider a flight SIMULATOR to be a safety critical application. Now a flight CONTROL system in a real airplane is another matter... If C is to be used, I much prefer to see it used in a simulator where the greatest danger is damage to equipment rather than people. Matt