[SystemSafety] OpenSSL Bug

Nancy Leveson leveson.nancy8 at gmail.com
Mon Apr 14 15:47:25 CEST 2014 

>>Incidentally there is almost no empirical evidence for the benefits
>>of using a language having stronger typing.  There are a few studies
>>using students on really small problems.  Pointers to good studies
>>welcome.

Actually, there is a lot of scientific evidence (better than empirical,
although there is a lot of empirical evidence too). There were a lot of
studies done in the 1980s showing error-proneness of particular programming
constructs. The non-typed language features were the most error-prone. John
Gannon did some of them.

More recently, there have been studies comparing SPARK and non-strongly
typed languages. Martyn Thomas should have more information about that.
I've also seen several papers on comparisons from industry, not student
programmers. I don't have time to look them up, but I've assigned them to
my classes in the past. I think that not much is done on this topic by
academics and researchers anymore because there doesn't seem to be any
doubt about it.

Nancy

careful


On Thu, Apr 10, 2014 at 3:06 PM, Derek M Jones <derek at knosof.co.uk> wrote:

> Peter,
>
>
>  There are people here who have defended the use of the programming
>> language C. Shame on you. Yes,
>>
>
> Why pick on C?  All language have their problems.
>
> Facebook have been doing good stuff to improve the reliability of PHP:
> http://shape-of-code.coding-guidelines.com/2014/03/24/
> hack-a-template-for-improving-code-reliability/
>
>
>  there are tools; there are reliable tools to check whether C programs
>> adhere to strong-typing
>>
>
> There is no discontinuity that distinguishes weak/strong typing, it is
> a continuum.  Good luck reaching general agreement on where to draw
> the line.
>
> I have worked in languages that have stronger typing than C and
> seen plenty of code in those languages where developers have failed
> to use the strong typing facilities available to them.  Giving
> developers the tools does not mean they will use them (I am a fan
> of stronger typing than is available in C).
>
> Incidentally there is almost no empirical evidence for the benefits
> of using a language having stronger typing.  There are a few studies
> using students on really small problems.  Pointers to good studies
> welcome.
>
>
>  principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE UP TO NOW
>> TRUSTED. In other words, you
>> were lying to us about "good practice" amongst "SW developers" using C.
>>
>
> and you are surprised by this (again why pick on just C)?
>
> --
> Derek M. Jones                  tel: +44 (0) 1252 520 667
> Knowledge Software Ltd          blog:shape-of-code.coding-guidelines.com
> Software analysis               http://www.knosof.co.uk
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>



-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu
URL: http://sunnyday.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140414/77dc8391/attachment.html>

More information about the systemsafety mailing list