[SystemSafety] A small taste of what we're up against

Olwen Morgan olwen at phaedsys.com
Wed Oct 24 15:36:19 CEST 2018


On 24/10/2018 12:11, Derek M Jones wrote:

 >>> Thierry,
 >>> There is no evidence for any of these claims.

<snip>

Absence of evidence is not evidence of absence.

I know from direct experience that it takes me longer to develop a 
*substantial* C program without heavy-duty checking tools than with them 
- and I'll live with any number of false positives to get the benefit of 
those tools. True, such marginal gains are at the noise level of 
measurement over an entire project but that doesn't mean that they're 
not real.

 >>> Programming language researchers like to think that the language
 >>> is the root of all problems.  The solution is of course more
 >>> research (i.e., funding) to find better languages.

There is some substance in this statement. Software engineering needs 
new research a lot less than it needs better application of what we 
already know. But we do not need to "find" better languages. We already 
know what language characteristics makes it easy for tools to check for 
errors. SPARK Ada has been leading the way here for many years. If only 
we had something equivalent in the small-end embedded world.

 >>> I practice most developers don't read the language standard
 >>> and most coding mistakes are unrelated to developer knowledge
 >>> of language semantics, e.g., they are oversights, off
 >>> by one errors or cut-and-paste slip-ups.

Programmers who won't read the language standard should be taken out and 
shot.(Yes, I am becoming a Stalinist in my old age.)

There are patent problems in obtaining hard evidence. I've only once 
ever worked on a project that was remotely near organised enough for 
there to be an adequate basis for data collection. Even software metrics 
remain untraceable to agreed standards of measurement. I've used three 
tools each of which gave a different value for cyclomatic complexity for 
the same piece of code. There is good reason to be sceptical of many 
empirical studies, but are you seriously questioning the notion that the 
earlier errors are detected, the cheaper it is to fix them?


Olwen





More information about the systemsafety mailing list