[SystemSafety] Critical systems Linux
Olwen Morgan
olwen at phaedsys.com
Fri Nov 23 20:42:17 CET 2018
On 23/11/2018 18:45, David Crocker wrote:
> On 23/11/2018 18:01, Olwen Morgan wrote:
<snip>
> The subset doesn't need to be draconian though, a subset of the
> MISRA-C rules is more than adequate for this purpose.
<snip>
Probably another area of civil disagreement :-)
It all depends on the tolerance of the verifier. If your verifier can
cope with less-than-MISRA strictness and still produce accurate
verification with acceptable run times, that's fine.
My principal motivation for advocating a draconian subset is the laxity
of the C standard and the latitude it creates for incautious and
uncontrollable optimisation and the consequent ill-effects in bare-metal
environments.
What do you have by way of support for a claim that your subset does not
have holes through which your verifier can fall?
Olwen
More information about the systemsafety
mailing list