[SystemSafety] A small taste of what we're up against

C. Michael Holloway c.m.holloway at nasa.gov
Fri Oct 26 13:55:43 CEST 2018


On 2018-10-26 (05.07.05), martyn at thomas-associates.co.uk wrote:
> On 26/10/2018 09:14, Dewi Daniels wrote:
>>
>> There are over 25,000 certified jet airliners in service world-wide, 
>> many containing software written in C. There has not been a single 
>> hull-loss accident in passenger service ascribed to a software fault.
>>
> It's hard to eliminate these considerations when trying to draw more 
> widely applicable conclusions from the achievements in this sector.
Unfortunately it is not hard to believe that a lack of understanding of 
these considerations contributes to people thinking that using C (and 
C-derived languages) for safety critical systems is a 'proven' good 
idea. The implicit argument goes something like this: The commercial 
aviation community uses C quite a lot; the safety record in commercial 
aviation is fabulous; thus, using C is clearly acceptable. Over the 
years, I've heard people from the automotive and medical sectors (along 
with many researchers) justify their practices with words that reduce to 
this specious argument. Unfortunately, the same mentality has crept (or 
perhaps, leapt) into most parts of the aviation sector not involving 
large airplanes.

Of course, the missing premises, which are essential to formulating an 
argument corresponding to reality, involve the factors that Martyn 
mentioned (rigorous software engineering practices, meticulous 
investigations of accidents, and such things).  Rather than recognizing 
the importance of these factors, a whole lot of people (including folks 
within my own organization) think rigorous practices serve only to 
increase costs unnecessarily.


-- 

*C. Michael Holloway* (cMh)
Senior Research Computer Engineer
NASA Langley Research Center, Hampton VA USA
bit.ly/cmhpapers <http://bit.ly/cmhpapers>

Verba volant, scripta manent
spoken words fly away, written words remain

(The words in this message are mine alone;
neither blame nor credit NASA for them.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181026/0cb76615/attachment.html>


More information about the systemsafety mailing list