Scott Meyers wants to bring default zero-initialization to C++, mentions TDPL for precedent

Paolo Invernizzi via Digitalmars-d digitalmars-d at puremagic.com
Tue Nov 24 00:48:47 PST 2015 

On Tuesday, 24 November 2015 at 06:31:17 UTC, Joakim wrote:
>
> I thought this anonymous comment about his pacemaker example 
> was funny:
>
> "I surely hope you are talking about the programmer device for 
> pacemakers and not the actual pacemaker inside someone's body. 
> I worked for Intermedics until we got bought by Guidant on 
> Monday and shut down on Tuesday. We had a project at that time 
> that was being written in C++ and it was likely the compiler 
> did not even have a standard year attached. I was never 
> comfortable with that project given the really ugly tendencies 
> of both compilers and software engineers to do awful things in 
> code. The ugly things in compilers was behind the push for 
> standards in both C and C++!
>
> The actual pacemaker likely has so little memory and power that 
> it would be very strange to be written even in C (but more 
> likely after 16 years of improved technology). It is more 
> likely that the pacemaker code is still being written in 
> assembler and the whole program is likely less that a few 
> thousand lines.
>
> I am confused by your assertions. It would be *very* unlikely 
> once a device is released to production that the compiler would 
> be changed to a newer version. Medical device software that is 
> done properly must undergo massive amounts of verification and 
> validation before it is released. Changing the compiler would 
> require that the compiler itself be exhaustively validated 
> against the old compiler and then the verification and 
> validation of the device would be required to be repeated. That 
> whole process would likely cost hundreds of thousands of 
> dollars (perhaps even a million) in engineer/clinician time to 
> verify that the device is still safe and effective.
>
> It is very likely that all properly managed medical device 
> companies continue to use the initially validated compiler for 
> a *very* long time. As an example, when I worked in 
> arthroscopy, we used the same C compiler for our 
> micro-controllers for 6 years before we even entertained 
> updating to the very latest. And arthroscopy is not nearly as 
> mission critical as pacemakers.
>
> If the company you did contract work for was not that diligent, 
> I would sure like to know who it is so I can tell my Dad to 
> decline to use that manufacturer's pacemakers."

Well, I've actually wrote some code that's running inside this 
[1], a device that I think it is at least as critical as a 
pacemaker...

Well, I do take the view, but the situation is not so dark as he 
describe.

[1] 
http://www.transenterix.com/company/corporate-news-events/video/

--
/Paolo

More information about the Digitalmars-d mailing list