(No Name Available) wrote:
> [log in to unmask] (Samuel Mize) quoted and then wrote:
> >> We want to build a safety related system (a control computer for=20
> >> a flight simulator connected to a motion platform).
> >...
> >> Our safty concept simply requires, that the Ada main detects a failure
> >> in the C part and then shuts down the simulator.
> >A rogue pointer in the C section can be used to write over anything in
> >its address space: C data, Ada data, C or Ada code...  If your
> >hardware and OS don't detect address-space violations, the C can write
> >into random parts of the Ada even if they're in separate processes, or
> >even into the OS data or code.
> Leaving the Ada issues and the many valid C concerns aside, I would feel
> very anxious about entering a flight simulator which I know depended upon
> some hardware and OS which did _not_ detect address-space violations.  A
> safety-related system should not skimp on the language-independent aspects
> of the project.  If each computer is to be connected to a big physical
> machine, computer hardware cost or OS license fees can hardly be an issue.

It seems a little melodramatic to me to consider a flight SIMULATOR to
be a safety critical application.  Now a flight CONTROL system in a real
airplane is another matter...

If C is to be used, I much prefer to see it used in a simulator where
the greatest danger is damage to equipment rather than people.