[C-safe-secure-studygroup] Clive's walkthrough of his homework paper on 'Markets'

[Andrew Banks]

Laurence wrote:

		I’m going to argue that the distinction that we should be making is not between safety and security

Absolutely agree - a point I've tried to make before!
		
		but between the development of bespoke code and the adoption of existing code. In this view, our rules have two roles:
*	in the development of bespoke code, static analysis can be applied to the code as part of the V&V process to ensure the rules have been followed to ensure that the code is free of undefined behaviour and avoids issues that are known from past experience to cause problems – if not immediately, then for future maintenance. It’s also possible that the rules may be incorporated into the compiler.
*	in the selection of existing code for adoption into a project, then a static analysis tool can be applied to check that the code is free of major issues, such as constructs that may lead to undefined behavior.

Can I draw attention to the MISRA Compliance work, published in 2016 which tries to deal with Adopted Code 

	https://misra.org.uk/LinkClick.aspx?fileticket=w_Syhpkf7xA%3d&tabid=57 (PDF download)

Apologies for the obfuscated link :-(


Regards
Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20180116/f91f9586/attachment.html>