[SystemSafety] A small taste of what we're up against

Wed Oct 24 13:11:11 CEST 2018

Thierry,

> - it increases the productivity and reduces the introduction of defects in the sources.
There is no evidence for any of these claims.

Programming language researchers like to think that the language
is the root of all problems.  The solution is of course more
research (i.e., funding) to find better languages.

I practice most developers don't read the language standard
and most coding mistakes are unrelated to developer knowledge
of language semantics, e.g., they are oversights, off
by one errors or cut-and-paste slip-ups.

> - the systems we build are long lived and the original developers have gone long ago, when maintenance/upgrades have to be performed. Again, easy-to-read languages provide a great advantage.

Most systems are short lived.  It is survivorship biases that makes
people think systems are long lived.

But my data is commercial data processing.  Does anybody have any
lifetime data for safety critical systems (don't forget the software
goes away if the product is not a success).

> I would define "easy-to-read" as "as close to unambiguous English as possible".
> 
> Thierry
> 
> -----Original Message-----
> From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de> On Behalf Of Martyn Thomas
> Sent: Wednesday, October 24, 2018 11:26 AM
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] A small taste of what we're up against
> 
> "Support destructive testing of software ! " ??   I'd say "Support programming languages with unambiguous semantics."
> 
> I'd like to see an ALARP argument for software written in C. Does anyone have one to share?
> 
> Martyn
> 
> 
> On 24/10/2018 08:13, Olwen Morgan wrote:
>>
>> Just a quickie:
>>
>> if, in the code below, you replace:
>>
>>
>>      PrintEvalOrder((a[0]=++i), (a[1]=++i), (a[2]=++i));
>>
>> with:
>>
>>
>>      PrintEvalOrder((++i), (++i), (++i));
>>
>> both clang and tcc tell you the order of evaluation is p1, p2, p3
>> whereas gcc says it's p3, p3, p3. ... WTF?
>>
>> Presumably, this is due to over-zealous optimisation,
>>
>>
>> Support destructive testing of software !
> 
> 
> 
> **************************************************************************************
> This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited.
> **************************************************************************************
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> 

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com