Thou shalt have no other gods before the ANSI C standard 1612

On Thu, 24 Feb 2005 21:09:50 +0000 (UTC) in alt.folklore.computers,

You might find this reference interesting, from Risks Digest quoted below:

"Re: Component Architecture (Blaak, RISKS-23.74) Wed, 23 Feb 2005 21:35:30 -0000

Well, I know one company that is willing to offer warranties on its software, free, because it uses a "Correct by Construction" approach that reduces the commercial risks to acceptable levels. They don't charge more for the development, either, because it doesn't cost them any more to work this way than industry norms.

The company is Praxis High Integrity Systems: www.praxis-his.com .

And no - I don't have any financial links with them, although I did co-found a predecessor company."

and a couple of articles from their website:

"Correctness By Construction: Better Can Also Be Cheaper Author: Peter Amey Published in CrossTalk Magazine, The Journal of Defence Software Engineering

For safety and mission critical systems,verification and validation activities frequently dominate development costs, accounting for as much as 80 percent in some cases. There is now compelling evidence that development methods that focus on bug prevention rather than bug detection can both raise quality and save time and money. A recent, large avionics project reported a four-fold productivity and ten-fold quality improvement by adopting such methods. A key ingredient of correctness by construction is the use of unambiguous programming languages that allow rigorous analysis very early in the development process."

"Correctness by Construction: Developing a Commercial Secure System Authors: Anthony Hall and Roderick Chapman Published in IEEE Software, pp18-25.

When you buy a car, you expect it to work properly. You expect the manufacturer to build the car so that it's safe to use, travels at the advertised speed, and can be controlled by anyone with normal driving experience. When you buy a piece of software, you would like to have the same expectation that it will behave as advertised. Unfortunately, conventional software construction methods do not provide this sort of confidence: software often behaves in completely unexpected ways. If the software in question is security- or safety-critical, this uncertainty is unacceptable. We must build software that is correct by construction, not software whose behavior is uncertain until after delivery. This article describes how we applied this philosophy to the development of a commercial secure system."

-- Thanks. Take care, Brian Inglis Calgary, Alberta, Canada

fake address use address above to reply