[SystemSafety] Component Reliability and System Safety
David Crocker
dcrocker at eschertech.com
Fri Sep 14 21:40:16 CEST 2018
>>
Those people could **just** use static analysis tools, and get the same benefit.
<<
You are assisting that static analysis tools that don't enforce the MISRA guidelines provide as much safety as those that do. What are your grounds for that assertion? The MISRA guidelines have been produced and by a group of people from different backgrounds with experience of critical software written in C, and input from a much larger group, and gone though revisions. I doubt that any single vendor of a static analysis tool has the same breadth of experience. Of course there is a of of overlap, and there are some MISRA rules that I find questionable; but I'd rather use a published set of rules that have undergone scrutiny than an unpublished or poorly-documented set of rules that perhaps just one individual working for a tool vendor thought were good and easy to implement.
>>
Your answer doesn't address the system safety part of my question at all, afaict...
<<
System safety requires at the very least a good set of requirements, an assembly of components that will meet those requirements if the components behave correctly, and components that behave correctly for all inputs they receive. MISRA helps with the last of those.
On 14 September 2018 14:52:30 BST, Paul Sherwood <paul.sherwood at codethink.co.uk> wrote:
>On 2018-09-14 08:03, Peter Bernard Ladkin wrote:
><snip>
>>>> [Paul Sherwood, I think] Why is MISRA C still considered relevant
>to
>>>> system safety in 2018?
>>
>> (Banal question? Banal answer!)
>
>I'm sorry you consider my question banal. I mentioned your comment to
>an
>eminent friend (who has had to deal with the human fallout from
>multiple
>accidents) and he said "There are no banal questions about safety.
>Anyone asking questions and interested in safety is to be applauded."
>
>Are list members here normally prone to sniping at each other? Is the
>community OK with that? I confess I can be quite harsh myself, but I
>try
>to give new contributors the benefit of the doubt.
>
>> Because many people use C for
>> programming small embedded systems and
>> adhering to MISRA C coding guidelines enables the use of static
>> analysis tools which go some way
>> (but not all the way) to showing that the code does what you have
>said
>> you want it to do.
>
>Those people could **just** use static analysis tools, and get the same
>
>benefit. Your answer doesn't address the system safety part of my
>question at all, afaict, but I found other answers more helpful in that
>
>regard.
>
>br
>Paul
>
>_______________________________________________
>The System Safety Mailing List
>systemsafety at TechFak.Uni-Bielefeld.DE
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180914/f7e773ba/attachment.html>
More information about the systemsafety
mailing list