[SystemSafety] A small taste of what we're up against

Coq, Thierry Thierry.Coq at dnvgl.com
Thu Oct 25 17:31:39 CEST 2018


Hi Michael

>>Even the Simulink models usually still up as C/C++ (using what used to be Real Time Workshop and is now - I think - called Coder).   As far as I'm aware, there isn't an Ada option ...

1°) Using C/C++ as a "high level" assembler code is a very different proposal than writing directly in C/C++ by individuals. If the generator has been developed and validated properly, and is used properly, then looking at assembler code is rarely done, and not very useful, because the source generation will introduce very few defects, if any. Debugging will be done in the model, as well as maintenance.

2°) My experience on using Simulink is that there are many different options in the tool to generate sources, actually changing the semantics of the generated sources, and, in general, the generated source's behavior is NOT time-deterministic. My own standards are rather higher with ESTEREL and SCADE (that also generate C), so I may be prejudiced, but the fact is that code generated by Simulink may behave differently on various platforms, or over time after upgrades, and that very few teams understand what this means, and how difficult it is to correct.

I do recommend using tools to generate sources from models (easy-to-read models ;-), as much as possible, but the tools must have an unambiguous set of semantics (time-related, algorithm-related, exception-handling) that is rigorously translated into sources (or assembly code).

Best regards,
Thierry


**************************************************************************************
This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited.
**************************************************************************************


More information about the systemsafety mailing list