[SystemSafety] Component Reliability and System Safety
David Crocker
dcrocker at eschertech.com
Fri Sep 14 21:42:50 CEST 2018
Sorry, spelling autocorrect changed my attempt at entering "asserting" to "assisting".
On 14 September 2018 20:40:16 BST, David Crocker <dcrocker at eschertech.com> wrote:
>>>
>Those people could **just** use static analysis tools, and get the same
>benefit.
><<
>
>You are assisting that static analysis tools that don't enforce the
>MISRA guidelines provide as much safety as those that do. What are your
>grounds for that assertion? The MISRA guidelines have been produced and
>by a group of people from different backgrounds with experience of
>critical software written in C, and input from a much larger group, and
>gone though revisions. I doubt that any single vendor of a static
>analysis tool has the same breadth of experience. Of course there is a
>of of overlap, and there are some MISRA rules that I find questionable;
>but I'd rather use a published set of rules that have undergone
>scrutiny than an unpublished or poorly-documented set of rules that
>perhaps just one individual working for a tool vendor thought were good
>and easy to implement.
>
>>>
>Your answer doesn't address the system safety part of my question at
>all, afaict...
><<
>
>System safety requires at the very least a good set of requirements, an
>assembly of components that will meet those requirements if the
>components behave correctly, and components that behave correctly for
>all inputs they receive. MISRA helps with the last of those.
>
>On 14 September 2018 14:52:30 BST, Paul Sherwood
><paul.sherwood at codethink.co.uk> wrote:
>>On 2018-09-14 08:03, Peter Bernard Ladkin wrote:
>><snip>
>>>>> [Paul Sherwood, I think] Why is MISRA C still considered relevant
>>to
>>>>> system safety in 2018?
>>>
>>> (Banal question? Banal answer!)
>>
>>I'm sorry you consider my question banal. I mentioned your comment to
>>an
>>eminent friend (who has had to deal with the human fallout from
>>multiple
>>accidents) and he said "There are no banal questions about safety.
>>Anyone asking questions and interested in safety is to be applauded."
>>
>>Are list members here normally prone to sniping at each other? Is the
>>community OK with that? I confess I can be quite harsh myself, but I
>>try
>>to give new contributors the benefit of the doubt.
>>
>>> Because many people use C for
>>> programming small embedded systems and
>>> adhering to MISRA C coding guidelines enables the use of static
>>> analysis tools which go some way
>>> (but not all the way) to showing that the code does what you have
>>said
>>> you want it to do.
>>
>>Those people could **just** use static analysis tools, and get the
>same
>>
>>benefit. Your answer doesn't address the system safety part of my
>>question at all, afaict, but I found other answers more helpful in
>that
>>
>>regard.
>>
>>br
>>Paul
>>
>>_______________________________________________
>>The System Safety Mailing List
>>systemsafety at TechFak.Uni-Bielefeld.DE
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180914/f6a4c336/attachment.html>
More information about the systemsafety
mailing list