[SystemSafety] OpenSSL Bug
Heath Raftery
hraftery at restech.net.au
Tue Apr 15 23:57:26 CEST 2014
On 16/04/2014 2:23 AM, Dewi Daniels wrote:
> C Worst 2 500
> Average 6 – 38 167 – 26
> Best 80 12.5
> Pascal Worst 6 167
> Average/Best 20 50
>
> 3. While a significant difference was found in the anomaly rates
> resulting from the use of different programming languages, there was an
> even greater difference between the anomaly rates discovered in software
> developed by different vendors. While the average C program had a higher
> anomaly rate than the average Ada program, the best C programs had a
> lower anomaly rate than the worst Ada programs.
Yes, a few interesting conclusions could be drawn, with caveats about
extrapolation. The interesting part for me is from the section of the
table I've reproduced. For all the talk of the suitability of
strongly-typed languages (ref, for example, IEC 61508 Part 3 and its
strong stance), why do we not see a significant difference between C and
Pascal? Could it be that contributing factors of programming style, time
allocated, competence, interfaces to existing code, mindset, priorities,
etc., etc., are much stronger factors than the strongly-typedness of the
language, or indeed, the language at all?
More to the point, *what is it* about SPARK that leads to lower defect
rates? Could it be that the team preparation necessary to implement
something in SPARK necessarily requires more training/consideration than
to implement the same thing in C? Put another way, if you had a team of
C developers ready to start a new project, would you train them in
SPARK, or would you just enforce a coding standard including safe use of
memcpy (eg. have a DEBUG version that bounds checks like the OpenSSL
team had at one point)?
Heath
More information about the systemsafety
mailing list