[SystemSafety] Aliased Variables (was: Koopman replies to concerns over Toyota UA case)

paul_e.bennett at topmail.co.uk paul_e.bennett at topmail.co.uk
Fri Dec 29 16:41:06 CET 2017 

On 29/12/2017 at 2:20 PM, "Derek M Jones" <derek at knosof.co.uk> wrote:
>
>Rod,
>
>Thanks for this.
>
>> Some of you may have seen David Cummings piece voicing his
>> concerns over the Toyota "unintended acceleration" case here:
>> https://www.embedded.com/electronics-blogs/say-what-/4459136/Why-
>every-embedded-software-developer-should-care-about-the-Toyota-
>verdict 
>
>The "peer reviewed" article is here:
>www.kellytechnologygroup.com/main/Cummings-IEEE-Tech-and-Society-
>Article-Dec-2016.pdf

[%X]

>Talking about the one theme that I do know something about:
>
>There is a theory of sorts involving the use of global variables.
>The idea is that use of global variables makes it easy to
>accidentally make use of aliased variables (i.e., the same storage
>accessed through two or more different variables).  Passing
>everything via function parameters significantly reducing the
>likelihood of this occurring (it can still be done under the
>'right' circumstances).

An interesting postulation.

Personally, I use Forth for embedded control with a need for High
Integrity Operation. Hence the examples here are in Forth. It would
be interesting to see if other languages have a way that makes
aliasing easier.

Hence in Forth the creation of variables is accomplished thus.

VARIABLE A
VARIABLE B

The above two declarations will be guaranteed different memory
addresses as the way Forth allocates such memory space involves
adding an embedded function to present the memory address of the
variable's location.

>Use of aliased variables can cause some very strange problems,
>when A and B are supposed to be independent but actually refer
>to the same location in memory.

To Alias the variable A to also have the identity B pointing to the same
location one would have to be deliberate about it.

VARIABLE A
' A CONSTANT B

Now, calling A or B would give you the same address which can then
be fetched from or stored to.

>The greater the number of global variables the greater the
>probability of aliased variables.

In Forth this would not be the normal case.

VARIABLE A
VARIABLE B
VARIABLE A

Would get you three distinctly separate locations. However, all references
to A after the second declaration of A would only get that second A. Most
Forth compilers would flag such redefinition as a warning as it was
encountered during compilation.

As indicated earlier, aliasing takes some work and would be identifiable in
sources that make such aliasing a feature.

Finally, the question then becomes 'Which languages would allow such easy
non-visible aliasing that it could not be detected at compile time?'

With the ethos of Forth fully in play, the creation of global variables is never
very intense. Most passing of values between functions is managed via the
parameter stack and the need for variables is reduced. Some of us even tie
function specific variables tightly to the function by hiding them within and
building structured access to those values. Again, very visible intentions.

Regards

Paul E. Bennett IEng MIET
Systems Engineer
Lunar Mission One Ambassador
-- 
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: +44 (0)1392-426688
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************

More information about the systemsafety mailing list