D for safety critical applications

Paul Backus snarwin at gmail.com
Tue Feb 9 15:51:45 UTC 2021


On Tuesday, 9 February 2021 at 15:37:42 UTC, FeepingCreature 
wrote:
> On Tuesday, 9 February 2021 at 15:10:55 UTC, Dominikus Dittes 
> Scherkl wrote:
>> I know, here are a lot of people that have very little trust 
>> in thoughts that someone else put into something, but it's 
>> their choice: use something certified or spent a lot of time 
>> to prove it yourself.
>> If you proof it yourself anyway, a certificate maybe really 
>> useless for you.
>
> I don't see how a certificate relieves you of the 
> responsibility to consider the safety and quality of your tools 
> yourself.
>
> You use a certified compiler. The certified compiler produces a 
> bug. As a result, a product that you released doesn't work. 
> Does that mean that it isn't your problem? No, of course it 
> doesn't! It's still 100% on you to fix it. With that said, I 
> don't understand what you are paying for. Are you paying for 
> the vendor to think about security? But why would you want to 
> use a tool from a vendor who doesn't think about security to 
> begin with? One way or another, the buck stops with you, not 
> the vendor.

Probably if somebody attempts to sue you for negligence, you will 
be in a better position to defend yourself if you can show that 
you used a certified compiler than if you used something like GCC 
or Clang. So what you are paying for is for the vendor to assume 
some (though not all) of the risk of blame if your product has a 
defect. In other words, the certificate is an insurance policy.


More information about the Digitalmars-d mailing list