Lambda the Ultimate

inactiveTopic Software safety by the numbers
started 5/3/2004; 3:29:40 PM - last post 5/4/2004; 8:08:17 AM
Chris Rathman - Software safety by the numbers  blueArrow
5/3/2004; 3:29:40 PM (reads: 21401, responses: 2)
Software safety by the numbers
When it comes to safety, it's not what you do, but how you do it. The IEC 61508 standard outlines how safety-critical projects should be managed and how to locate, and create, safety-critical code.

From a programming languages standpoint, I think it interesting that the standards try to define parts of the languages as unacceptable, versus trying to get the compilers to enforce the safety standards:

The standard bans any features of programming languages that are incompletely specified or unspecified. For languages such as C or C++ (which do have unspecified or incompletely specified features) developers must use an acceptable subset of the language such as MISRA C or NRC SafeC. Furthermore, safe programming practices, such as avoiding pointers and global variables, must be included in the coding standard.

Further references can be found at C/C++ Recommendations for IEC 61508 and the MISRA C Guidelines.

(And just how do you avoid pointers in C/C++)
Posted to Software-Eng by Chris Rathman on 5/3/04; 3:35:49 PM

Paul Wright - Re: Software safety by the numbers  blueArrow
5/4/2004; 5:53:30 AM (reads: 271, responses: 0)
If I remember rightly, MISRA is happier with an array syntax rather than pointers. They may be exactly equivalent, but the array way is easier to review.

The safety related projects I've worked on for a previous employer used global variables extensively to share data between modules. Dynamic memory allocation was banned. Any fanciness with pointers was expected to be isolated to places where it was strictly necessary (interfacing to hardware, say).

Les Hatton runs a good course on this stuff (see http://www.oakcomp.co.uk/TC_SaferC.html ). He's also written a book about it, although it's much duller than the course.

Dominic Fox - Re: Software safety by the numbers  blueArrow
5/4/2004; 8:08:17 AM (reads: 250, responses: 0)

Any fanciness with pointers was expected to be isolated to places where it was strictly necessary (interfacing to hardware, say).

Compare C#'s unsafe keyword, which is used to tag explicitly those areas of code where pointer manipulation is taking place. At least one critic of C# seems to have thought that the very existence of this keyword proves that C# is irredeemably toxic (as compared to the wholesome goodness of Java).