[SystemSafety] New paper on MISRA C
Paul Sherwood
paul.sherwood at codethink.co.uk
Thu Sep 13 07:57:08 CEST 2018
On 2018-09-12 16:05, Peter Bernard Ladkin wrote:
> I suggest the following characterisation is somewhat misleading:
>> MIT and others have successfully debunked the notion that system
>> safety is correlated with component reliability
OK, I'll try to be clearer. Engineering A Safer World states, with clear
examples and justification:
"High reliability is neither necessary nor sufficient for safety."
and
"Accidents are complex processes involving the entire socio-technical
system. Traditional event-chain models cannot describe this process
adequately."
and
"Highly reliable software is not necessarily safe. Increasing software
reliability will have only minimal impact on safety."
AFAIK MISRA C is all about improving determinism of software, i.e.
increasing software component reliability. As of 2018 are ws still at
the point where we can't deliver designed-in safety without heavy
reliance on deterministic behaviour of microcontroller-scale components?
br
Paul
More information about the systemsafety
mailing list