[SystemSafety] Overflow triggering AC power cut-off in Boeing 787

Derek M Jones derek at knosof.co.uk
Sun May 3 19:48:54 CEST 2015


David,

> This would not happen if absence of overflow was automatically checked
> (by using tools like Frama-C, Astrée or Polyspace). Or more probably

Automatic checking is not in itself enough and without the source code
to try out the tools you cannot claim that any of them
would have detected the problem.

Deciding what kinds of thing a static analysis tool involves
lots of trade-offs, such as:

    o what can be implemented with the available resources,

    o what level of false positive is considered acceptable,

    o what kinds of mistakes are most likely to occur and hence
      the ones for which it is cost effective to check for,

    o for commercial tools, what the customer wants to know and what they
      are willing to pay,

    o for academic projects, what is likely get published when written
      up.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com


More information about the systemsafety mailing list