[SystemSafety] "Ripple20 vulnerabilities will haunt the IoT landscape for years to come"
Olwen Morgan
olwen at phaedsys.com
Thu Jul 2 19:32:29 CEST 2020
On 02/07/2020 16:56, Roderick Chapman wrote:
<snip>
>
> As for a compiler maliciously turning iteration into recursion... I
> have never seen this in 30-odd years of compiling and running SPARK
> programs, so it's not something that I'm ever gonna lose sleep over.
>
> - Rod
>
Neither have I, nor will I lose any sleep over it.
But it does suggest more generally that the premises on which tools rely
currently probably cannot all be derived from the wording of a language
standard. If we are going to rely on CbyC as a production engineering
technology, we must ensure, as far as is reasonably possible (AFAIRP)
that we have due traceability for the assumptions that underpin our use
of it.
In saying AFAIRP, obviously I am admitting the possibility of a
risk-based approach. That in turn will depend on the details and the
numbers. I'm willing to be persuaded otherwise but right now, my gut
instinct is that, while risk data may look encouraging, they're probably
not strictly enough to justify abandoning unit-testing in all cases.
Consider the following hypothetical dialogue in a liability case in court:
Lawyer: Can you prove that you tested the unit of code to which the
failure was traced?
Engineer: No. We relied on CbyC rather than systematic coverage in
unit-tests.
Lawyer: I rest my case.
I'd never put myself in that position in the witness box. As the WHO
said: TEST, TEST, TEST.
Olwen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200702/856c4efa/attachment.html>
More information about the systemsafety
mailing list