[SystemSafety] A small taste of what we're up against
Michael J. Pont
M.Pont at SafeTTy.net
Thu Oct 25 11:30:28 CEST 2018
A slightly different perspective.
I get involved with several automotive projects every year (as well as
safety-related / safety-critical projects in other sectors). In the
automotive sector, I help organisations to design both individual 'boxes'
and complete vehicle control systems.
The software for these projects is invariably written in C or (less
commonly) C++.
Various recent comments on this list suggest that the project managers (or
the bosses, or the consultants) in the organisations responsible for these
projects are - at best - irresponsible, because they have not insisted that
the project software is implemented using Ada (or preferably SPARK).
Can anyone give me a real-world example of an injury or death that can be
directly linked to the use of C or C++ in an automotive system?
I don't believe that such an example exists.
Without clear evidence of a problem, I think we could be accused of
scaremongering.
In my view, many of the concerns about use of C are largely historic.
Modern IDEs (and use of standards / guidelines / subsets such as MISRA C)
address any serious deficiencies in the language spec for the majority of
users, in the majority of real-world systems that I see.
After we have sorted out issues with recording of requirements and use of
appropriate software architecture (which are, in my view, much more
important), then a change in programming language might be worth considering
again - but I doubt it.
Simply my take. I know that other people on this list see the world
differently.
Michael.
Michael J. Pont, PhD
SafeTTy Systems Ltd
www.SafeTTy.net
More information about the systemsafety
mailing list