[SystemSafety] A small taste of what we're up against

Michael J. Pont M.Pont at SafeTTy.net
Thu Oct 25 11:30:28 CEST 2018


A slightly different perspective.

I get involved with several automotive projects every year (as well as
safety-related / safety-critical projects in other sectors).  In the
automotive sector, I help organisations to design both individual 'boxes'
and complete vehicle control systems.  

The software for these projects is invariably written in C or (less
commonly) C++.

Various recent comments on this list suggest that the project managers (or
the bosses, or the consultants) in the organisations responsible for these
projects are - at best - irresponsible, because they have not insisted that
the project software is implemented using Ada (or preferably SPARK).

Can anyone give me a real-world example of an injury or death that can be
directly linked to the use of C or C++ in an automotive system?

I don't believe that such an example exists.

Without clear evidence of a problem, I think we could be accused of
scaremongering.

In my view, many of the concerns about use of C are largely historic.
Modern IDEs (and use of standards / guidelines / subsets such as MISRA C)
address any serious deficiencies in the language spec for the majority of
users, in the majority of real-world systems that I see.

After we have sorted out issues with recording of requirements and use of
appropriate software architecture (which are, in my view, much more
important), then a change in programming language might be worth considering
again - but I doubt it.  

Simply my take.  I know that other people on this list see the world
differently.

Michael.

Michael J. Pont, PhD
SafeTTy Systems Ltd
www.SafeTTy.net     




More information about the systemsafety mailing list