You definitely can do without a language spec. I heard in aerospace another approach is common: They use whatever compiler and then verify the binary. That means different tradeoffs of course.
In SIL world, the C++ issues would not be considered bugs but maybe change requests.
The SIL philosophy (as far as I know it from ASIL) is “unsafe unless convinced otherwise”. That seems like a good idea when the lifes of humans are on the line. Without a spec how would you argue that a system/product is safe?
(Aside: Software in itself cannot be safe or unsafe because without hardware it cannot do anything. Safety must be assessed holistically including hardware and humans.)
Fair enough. In practice, we resolve it recursively with a higher level specs and at some point it is just “someone wants that”. In commercial software development (where SIL is used) that is a customer who pays for it or some executive.
Welcome to the real world. /s
The specification does not make anything happen but it enables you to say “the implementation is wrong”. Of course, you can say that without a spec as well but what does “wrong” mean then? It just means you personally disagree with its behavior. When “wrong” means “inconsistent with the spec” everybody involved can work with more clarity and fewer assumptions. Wrong assumptions can kill people flying rockets.
Looking at all the responses here, it is a quite successful troll post.
Automotive developers successfully switched from barely-knowing-C to barely-knowing-C++. Surely, they will be equally successful in switching to barely-knowing-Rust.
I have seen something similar on Twitter a while ago. That one shut down, so i decided to build my own.
Probably a little more fine tuning on my news bot. You can see it in action here.
I know plenty of senior C++ devs who would love to use Rust professionally. Maybe most Rust jobs simply fill easily internally and don’t get reach the public?