[SystemSafety] A small taste of what we're up against

Derek M Jones derek at knosof.co.uk
Wed Oct 24 14:16:06 CEST 2018


Martyn,

> Yes, people make mistakes and inspections and testing find too few of
> them. That's why you need languages with semantics for which tools can
> be written that detect many such mistakes.

Given the large number of static checkers for C, this language
obvious contains lots of semantics ;-)

> For example, if your tools can tell you "this program can generate a
> value for that array index that will be out of bounds", you have the
> opportunity to eliminate the error before it kills someone.

Array index checking tools have been available for C since around 1983:
https://shape-of-code.coding-guidelines.com/2017/04/28/array-bound-checking-in-c-the-early-products/

The issue is not tools, it is getting developers to use them.

> Martyn
> 
> 
> On 24/10/2018 12:11, Derek M Jones wrote:
>> I practice most developers don't read the language standard
>> and most coding mistakes are unrelated to developer knowledge
>> of language semantics, e.g., they are oversights, off
>> by one errors or cut-and-paste slip-ups.
> 
> 
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> 

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com


More information about the systemsafety mailing list