[SystemSafety] New paper on MISRA C

Mario Gleirscher mario.gleirscher at tum.de
Thu Sep 13 13:45:58 CEST 2018 

Derek,

On 13/09/18 12:15, Derek M Jones wrote:
> 
> 
> Mario,
> 
>> 100s of academians have been contributing over the last 60 years or so
>> to make software development an engineering discipline, many nice
> 
> Until a few years ago the number barely reached double
> digits:http://shape-of-code.coding-guidelines.com/2011/03/31/empirical-software-engineering-is-five-years-old/

Sure, it depends on how you count... To be fair, I was by far not only
referring to empirical software engineering which IMHO has been going in
a really good direction. (Apart from terminological particularities, ESE
according to my understanding is about 35-45 years old if not even
older, take a look at works of Endres in the early 1970s, Boehm in the
late 70s, Basili in the 80s, maybe Brooks in the 60s, just to name very
few.)

> Academic software engineering is primarily based on ego and bluster:
> http://shape-of-code.coding-guidelines.com/2016/05/23/the-fall-of-rome-and-the-ascendancy-of-ego-and-bluster/

Em, well, I would not actually go that far, frankly. But I acknowledge
that not all research is of the rocket science type blasting ultimate
efficacy in practice. But, there is really good research out there, so
are there really good practitioners we researchers can learn from!

>> results have actually been transferred into practice (look at what
>> Google and FB do in their core systems to avoid extremely expensive
>> faults, this is remarkable), and many many more are waiting to be
>> transferred, some of them with clear evidence of effectiveness. However,
> 
> Well, they are using tools to find mistakes in code.  People have been
> doing that for decades, no academics needed.

So, Google and FB are two software companies with many developers and
large products, parts of their SW has grown to be mission critical in
their domains, some faults and attack surfaces might lead to losses of
many many millions of cash within short amounts of time. This is one
reason, why those companies have started to deploy very recent academic
results and are seriously investing a lot of many to get those results
transferred in the CI SW processes. I think you are right, people have
been doing this all the time, but I like to say that it is worth looking
at what they do, more closely. And, again, I find it remarkable.

Apart from that, I am sure, you have your own reasons for the other
conclusions.

Best wishes,
Mario

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5053 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180913/85d0a334/attachment.bin>

More information about the systemsafety mailing list