D for safety critical applications

[Bastiaan Veelo]

On Tuesday, 9 February 2021 at 13:22:22 UTC, Gregor Mückl wrote:
> On Tuesday, 9 February 2021 at 12:38:21 UTC, Bastiaan Veelo 
> wrote:
>> On Tuesday, 9 February 2021 at 11:25:26 UTC, Dominikus Dittes 
>> Scherkl wrote:
>>> As I said, fixing bugs is NOT required for certification.
>>> It is only necessary to document them.
>>
>> Out of curiosity, what happens next then? I assume the goal is 
>> to certify your application. In the process of certifying your 
>> application, wouldn't you have to prove that the application 
>> does not trigger any of the documented bugs in the certified 
>> tools? This could well be harder to do than fixing the bugs in 
>> the tools.
>>
>> -- Bastiaan.
>
> I'm not aware that any certification requires explicit proof 
> that you avoid those bugs. This is mostly covered indirectly by 
> two things: you need to adhere to the safety manual for the 
> tools you use and you need a pretty rigorous testing regime for 
> your product. The mandated test coverage should be good enough 
> to detect misbehaving code introduced by faulty tools.

This makes me wonder what certifying the tool practically brings 
to the table, apart from doors that can be entered with a 
certificate only. If certification of the tool does not improve 
the safety of the product and does not make it easier to test the 
safety of the product, I have the feeling that the certificate 
only improves perceived safety.

Your other comment that the certified commercial compiler you 
used produced higher quality binaries is not necessarily due to 
the certification, but likely due to available funds.

-- Bastiaan.