[SystemSafety] OpenSSL Bug

Stachour, Paul D BIS Paul.Stachour at det-tronics.com
Mon Apr 14 15:25:47 CEST 2014


Derek M Jones sent a message on Thursday, April 10, 2014 2:06 PM
To: systemsafety at lists.techfak.uni-bielefeld.de
Where the subject was: Re: [SystemSafety] OpenSSL Bug


In that message, Derek wrote:
>>> Incidentally there is almost no empirical evidence for the benefits of using a language having stronger typing.  There are a few studies using students on really small problems.  Pointers to good studies welcome.


Derek & all,
  While I do not claim that my personal actions are a controlled study,
I do have the experience of converting a number of "modules" written
in a number of languages (mostly C, but some PL/I, some FORTRAN,
some LISP, ..) to Ada.  This comprised perhaps around 20 such
"modules". Some of these actions were done as part of a defined
project where code was moved from another language to Ada,
some of them out of my own curiosity.  Unfortunately,
I did not keep records of what I converted, when I did it,
or exactly what issues I found.

   However, I do have one observation of significance:

In EVERY CASE, I found AT LEAST ONE BUG when I converted the
code from whatever it had been to strongly typed Ada. 


The one I remember best is when I converted the 
"pronounceable-password-generator" from Multics PL/I to C
for use on a project that needed to have a
pronounceable semi-random password generation facility.
On a lark, I also converted it to Ada at the same time.
I found an out-of-range subscript that could have resulted in
a memory fault under certain rare circumstances depending
upon how the compiler chose to layout the memory use.
And I found the bug in the Ada code on the first test
that I ran using the Ada code.

Regards, ..Paul S.

Paul D. Stachour 
Software Quality Assurance 
Detector Electronics Corporation 
A UTC Fire & Security Company 
6901 West 110th Street, Bloomington, MN 55438 USA 
952-941-5665, x8409 
Paul.Stachour at det-tronics.com 
www.det-tronics.com 
 
Learning from accidents is de rigueur but learning through accidents is an unacceptable development method for critical systems. Les Chambers.


More information about the systemsafety mailing list