[SystemSafety] A small taste of what we're up against
C. Michael Holloway
c.m.holloway at nasa.gov
Fri Oct 26 13:55:43 CEST 2018
On 2018-10-26 (05.07.05), martyn at thomas-associates.co.uk wrote:
> On 26/10/2018 09:14, Dewi Daniels wrote:
>>
>> There are over 25,000 certified jet airliners in service world-wide,
>> many containing software written in C. There has not been a single
>> hull-loss accident in passenger service ascribed to a software fault.
>>
> It's hard to eliminate these considerations when trying to draw more
> widely applicable conclusions from the achievements in this sector.
Unfortunately it is not hard to believe that a lack of understanding of
these considerations contributes to people thinking that using C (and
C-derived languages) for safety critical systems is a 'proven' good
idea. The implicit argument goes something like this: The commercial
aviation community uses C quite a lot; the safety record in commercial
aviation is fabulous; thus, using C is clearly acceptable. Over the
years, I've heard people from the automotive and medical sectors (along
with many researchers) justify their practices with words that reduce to
this specious argument. Unfortunately, the same mentality has crept (or
perhaps, leapt) into most parts of the aviation sector not involving
large airplanes.
Of course, the missing premises, which are essential to formulating an
argument corresponding to reality, involve the factors that Martyn
mentioned (rigorous software engineering practices, meticulous
investigations of accidents, and such things). Rather than recognizing
the importance of these factors, a whole lot of people (including folks
within my own organization) think rigorous practices serve only to
increase costs unnecessarily.
--
*C. Michael Holloway* (cMh)
Senior Research Computer Engineer
NASA Langley Research Center, Hampton VA USA
bit.ly/cmhpapers <http://bit.ly/cmhpapers>
Verba volant, scripta manent
spoken words fly away, written words remain
(The words in this message are mine alone;
neither blame nor credit NASA for them.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181026/0cb76615/attachment.html>
More information about the systemsafety
mailing list