RE: object-orientation vs. safety-critical



Date view Thread view Subject view Author view

David Crocker (dcrocker(at)eschertech.com)
Mon, 4 Mar 2002 10:48:58 -0000


Brian wrote: >> I know of one problem that can easily arise with OOD. With OOD, one can easily produce a systems with sveral hundreds of small functions and procedures. Lets say that the requirement is DO-178B, class A or B, and hence MCDC is required. Code coverage is then a nightmare, since many of the functions/procedures with not have been executed with functional testing. One needs needs to analyse the calls of each function/proc not yet covered to determine the conditions to ensure MCDC. This is MUCH harder that the corresponding analysis of in-line code in which just a statement/branch is the be covered within a larger procedure. << Why is it a problem having lots of small functions and procedures? I could understand if most of them were dynamically bound, but in a typical OO design, the small functions and procedures are mostly accessor functions that are statically bound. They can be conceptually inlined when performing code coverage analysis (and will probably be inlined anyway by the compiler, if any level of optimisation is enabled). When class hierarchies and dynamic binding is used, it is certainly possible to get the situation where a function inherited into a class can never be called, because its precondition can never be met. In Perfect Developer we cater for this situation by allowing such a function to be redeclared "absurd". Naturally the verifier will attempt to prove that such a function cannot be called. David Crocker Escher Technologies Ltd. www.eschertech.com


Date view Thread view Subject view Author view