RE: [sc] Typing saves your skin

From: GRAZEBROOK, Alvery N <*Alvery.Grazebrook_at_xxxxxx*> Date: Tue, 3 Apr 2007 14:42:44 +0100 Message-ID: <9A0914A3C6757A45A77DD46D96BC8EA503704197@xxxxxx> · Alvery.Grazebrook_at_xxxxxx

The second article (on Dynamic Typing) was very interesting. It's written from a perspective that I share strongly - that the purpose of allowing people to concentrate on a small number of key things close to the problem domain. It is clear from reading his monologue that he is not working on high integrity systems. He talks of maximising productivity for a low threshold of bugs. He also talks about dynamic (run-time) analysis of data-type information using interpreters. Neither of these reflects typcial high integrity practices.

So, picking up his attitude, what should we be doing in the high-integrity software development arena? I think the answer is in two spheres:
a) finding environments that allow us to concentrate on the essentials when defining (in detail) the software behaviour
  - I believe that is best achieved using simulation models acting as specification
b) finding environments for implementing the software reliably
  - I believe that should include proof of coherence between specification and implementation

This split follows the concept (but not details) of the "new fad of model-driven architecture", which Bruce Eckel doesn't like. However, in my opinion, the safety community has some different characteristics - primarily being less sensitive to productivity, and more to one particular branch of quality - the one related to evidence supporting the safety case. 

What is interesting to me is the ways to achieve a) in particular. Many people use tools like Simulink for this part of the job. For all its benefits, I'm not sure that Simulink is well suited, in part because the data-typing isn't strong. Rhapsody is probably as bad, because it doesn't check the data-typing itself, it leaves this aspect to the use of a programming language under the hood. Statemate is better, but seems to be going out of fashion. SCADE is good in some ways, but seems to require quite a lot of understanding of the Synchronous semantics - breaking algebraic loops with delay blocks etc., so may challenge people's working memory (the 7 +/- 2 criterion). 

Cheers,
	Alvery

Disclaimer: These opinions are my own, not necessarily those of my employer.

-----Original Message-----
From: safety-critical-request@xxxxxx
[mailto:safety-critical-request@xxxxxx]On Behalf Of Tony Foord
Sent: 02 April 2007 21:05
To: safety-critical@xxxxxx
Cc: 'Michael Foord'
Subject: [sc] Typing saves your skin

David Crocker wrote:

> I have a somewhat different viewpoint of why C and C++ are so widespread.
> The reason they are widespread is that they were the best alternatives
> available at critical times when the market was ready to switch 
> programming languages.

and

> The battle is between C# and Java.

I am indebted to my son Michael (who has been programming in Python for many
years) for pointing out to me that another issue is not just strong v. weak
typing but also static v. dynamic typing - see for example Bruce Eckel's
blogs

'strong-testing versus strong-typing' :

http://www.mindview.net/WebLog/log-0025

and

'strongly-but-dynamically-typed' languages 

http://www.mindview.net/WebLog/log-0066

Regards, Tony

Dr A G Foord
Principal Engineer
4-sight Consulting
51 Cowper Road
HARPENDEN
Herts
AL5 5NJ
UK

Tel: +44 (0)1582 462 324
Fax: +44 (0)1582 766 715
Mailto: Tony.Foord@xxxxxx
Web page: http://4-sightConsulting.co.uk

This mail has originated outside your organization, either from an external partner or the Global Internet.
Keep this in mind if you answer this message.

This e-mail and any attachment may contain confidential and/or privileged information.   If you have received this e-mail and/or attachment in error, please notify the sender immediately and delete the e-mail and any  attachment from your system.  If you are not the intended recipient you must not copy, distribute, disclose or use the contents of the e-mail or any attachment.  
All e-mail sent to or from this address may be accessed by someone other than the recipient for system management and security reasons or for other lawful purposes. 
Airbus UK Limited is registered in England and Wales under company number 3468788.  The company's registered office is at New Filton House,  Filton, Bristol, BS99 7AR.