[SystemSafety] A small taste of what we're up against

[Andrew Banks]

>> I'd like to see an ALARP argument for software written in C. Does anyone
have one to share?

Well... this is where works such as MISRA, CERT et al *help* as they seek to
eliminate some of the stupidities that the language allows.

And yet when some of us call for the ISO C Working Group to fix the
Standard, there are howls of outrage, and claims that there is nothing wrong
with it :(

A couple of years ago, I was at a conference at the Royal Society, where two
*separate* (academic, well-funded) groups presented their work on formal
proving of JavaScript... I suggested one should have done C instead...

A


-----Original Message-----
From: systemsafety
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Martyn Thomas
Sent: 24 October 2018 10:26
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] A small taste of what we're up against

"Support destructive testing of software ! " ??   I'd say "Support
programming languages with unambiguous semantics. "

I'd like to see an ALARP argument for software written in C. Does anyone
have one to share?

Martyn


On 24/10/2018 08:13, Olwen Morgan wrote:
>
> Just a quickie:
>
> if, in the code below, you replace:
>
>
>     PrintEvalOrder((a[0]=++i), (a[1]=++i), (a[2]=++i));
>
> with:
>
>
>     PrintEvalOrder((++i), (++i), (++i));
>
> both clang and tcc tell you the order of evaluation is p1, p2, p3 
> whereas gcc says it's p3, p3, p3. ... WTF?
>
> Presumably, this is due to over-zealous optimisation,
>
>
> Support destructive testing of software !