[SystemSafety] OpenSSL Bug
Derek M Jones
derek at knosof.co.uk
Tue Apr 15 18:54:13 CEST 2014
Patrick,
> Incidentally, I’ve been begging industry colleagues for access to their code and bug records so I can get an MS student to replicate the Boogerd study on a safety-critical C code base. So far no takers. And here I am thinking it would be nice to have more solid evidence about what works and what doesn’t.
Correlating guidelines with faults is a non-trivial
task. The following paper tracks bugs in Linux over
10 years to get an idea of their typical lifetime and
frequency of occurrence:
http://hal.inria.fr/inria-00509256/PDF/RR-7357.pdf
They have the advantage of using a very powerful tool,
Coccinelle, which I have used a lot:
http://shape-of-code.coding-guidelines.com/2009/08/
Those involved in Coccinelle spend their time making
it better and providing great support (rather than
gong around singing its praises). It it far and away
the best tool of its kind out there:
http://coccinelle.lip6.fr/
--
Derek M. Jones tel: +44 (0) 1252 520 667
Knowledge Software Ltd blog:shape-of-code.coding-guidelines.com
Software analysis http://www.knosof.co.uk
More information about the systemsafety
mailing list