[SystemSafety] New paper on MISRA C

Tom Ferrell tom at faaconsulting.com
Wed Sep 12 17:16:49 CEST 2018


I want to return to your original question.  I believe that standards like MISRA C are still relevant because they help drive consistency in implementation thus reducing variation and facilitating better peer review of code (not to mention enabling additional automated static code analysis).  Do they alone help ensure safe C implementation?   Absolutely not.  However, given the complexity of modern software development, any step that helps humans identify possible defects and thus give the opportunity to correct them is helpful.

There is a serious gap between the latest safety practices and actual practice, at least for a lot of the avionics systems I see.  The problem is not the companies that have been doing this for a long time and understand a) what needs to be done, and b) the costs in terms of aircraft accidents including liability ramifications if it is not.  It's the companies that are entering aerospace with disruptive concepts of UAS, eVTOL, etc, where safety is discussed, but the details of how to achieve are not yet in place and are not well understood.  Everyone is scrambling to be first in the market.  Safety is being considered, but the comprehensiveness of that consideration is suspect in many cases in my view.  Things like MISRA help get people pointed in the right direction.  BTW, I would assert that the FAA's move to a risk-based, kinder, gentler approach to overseeing compliance is removing many of the forcing functions that were there before to ensure companies really adhered to things like DO-178C.   Companies don't know what guidance is required any more, what they will need to demonstrate compliance to, and even where to go to start finding the answers.  Great for consultants like me, perhaps not so great for the companies that put aircraft into the airspace that are not fully vetted and the flying public who are affected by those decisions.

-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Paul Sherwood
Sent: Wednesday, September 12, 2018 7:34 AM
To: David Ward
Cc: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] New paper on MISRA C

Hi folks,
I'm new here, but somewhat confused.

The group is "SystemSafety", which I take to mean that this community 
understands that safety is a property of a system, not component level.

As I understand it MIT and others have successfully debunked the notion 
that system safety is correlated with component reliability.

So a simple question, and sorry for being blunt...

Why is MISRA C still considered relevant to system safety in 2018?

br
Paul

On 2018-09-04 15:48, David Ward wrote:
> Derek
> 
> A further point of clarity here is that you are talking about MISRA C,
> which MISRA was not "paid" to develop. This has always been a
> voluntary effort.
> 
> It is arguable whether a grant-funded project (where industrial
> partners do not get full costs reimbursed) is being "paid" but I do
> not want to open a debate on that ...
> 
> David
> 
> -----Original Message-----
> From: systemsafety
> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf
> Of Derek M Jones
> Sent: 04 September 2018 15:32
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] New paper on MISRA C
> 
> David,
> 
>> Once the grant-funded project was complete, some of the industrial 
>> partners elected to continue working together on a self-funded basis 
>> and one of the first outcomes of this was the publication of MISRA C.  
>> This arose from two automotive companies acknowledging it was better 
>> to have a single industry approach to a C subset than company specific 
>> guidelines.
> 
> MISRA were paid to do some work, when it took off those involved were
> flexible enough to find a way for the 'project' to continue.
> 
> The success story of MISRA C is a result of the efforts of those
> inside and outside to keep working over many years, on what senior
> management probably regarded as an inefficient use of resources.
> 
> 
> --
> Derek M. Jones           Software analysis
> tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> 
> HORIBA MIRA Ltd
> 
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
> Registered in England and Wales No. 9626352
> VAT Registration  GB 100 1464 84
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended
> recipient you are notified that disclosing, copying, distributing or
> taking any action in reliance on the contents of this information is
> strictly prohibited.
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE


More information about the systemsafety mailing list