Bruno Medeiros: > I'm not an expert on high-reliability/critical systems, but I had the > impression that the majority of it was written in C (even if with > restricting code guidelines). Or that at least, much more critical > software is written in C than in Ada. Is that not the case?
MISRA C is one of the most used high-integrity code guidelines for C: http://en.wikipedia.org/wiki/MISRA_C MISRA C has 127 rules, 93 are required and 34 are advisory. They forbid you lot of things. C language is acceptable for some usages, but it's surely not the best language you may find for high-integrity code, even if your code passes MISRA C tests. I don't know how much Ada is used compared to C in those situations, but I know Ada is used today for those purposes. SPARK is an Ada subset (like MISRA, but smaller) that allows to write stronger code. Even MISRA C guidelines say that: http://www.adahome.com/articles/1998-07/nw_adarecommended.html If D becomes widespread, then someone may write a guidelines (plus testing software to enforce them), like a kind of MISRA D. D is a little safer than C, but I don't know how much fit for those purposes, because sometimes high-integrity code is also embedded. In this regard the good thing of Ada is that it was designed from the start for those purposes, so you start from a better starting point. Numerical computing, high-perfpormance videogames, and medium-integrity code are three of the possible applications I see for the D2 language. The D numerical computing applications will enjoy design ideas from Chapel and X10 languages, while the medium-integrity D applications will enjoy ideas from Ada, SPARK, ATS, MISRA C, etc. Bye, bearophile
