[SystemSafety] OpenSSL Bug

Derek M Jones derek at knosof.co.uk
Tue Apr 15 18:54:13 CEST 2014


Patrick,


> Incidentally, I’ve been begging industry colleagues for access to their code and bug records so I can get an MS student to replicate the Boogerd study on a safety-critical C code base.  So far no takers.  And here I am thinking it would be nice to have more solid evidence about what works and what doesn’t.

Correlating guidelines with faults is a non-trivial
task.  The following paper tracks bugs in Linux over
10 years to get an idea of their typical lifetime and
frequency of occurrence:
http://hal.inria.fr/inria-00509256/PDF/RR-7357.pdf

They have the advantage of using a very powerful tool,
Coccinelle, which I have used a lot:
http://shape-of-code.coding-guidelines.com/2009/08/

Those involved in Coccinelle spend their time making
it better and providing great support (rather than
gong around singing its praises).  It it far and away
the best tool of its kind out there:
http://coccinelle.lip6.fr/

-- 
Derek M. Jones                  tel: +44 (0) 1252 520 667
Knowledge Software Ltd          blog:shape-of-code.coding-guidelines.com
Software analysis               http://www.knosof.co.uk


More information about the systemsafety mailing list