[trustable-software] Fwd: Notes from the call with Robert Seacord
Chaiken, Alison
alison at she-devel.com
Mon Nov 7 06:24:01 UTC 2016
The whole discussion has centered on C. Works for me, as I label on
kernel and gstreamer and systemd in C. However, the control algorithms
for our autonomous control systems are coded in C++. That statement
logically leads to the question, are there standards similar to CERT-C
or MISRA for C++?
Our organization follows many generally accepted best practices, such as
coding to a functional specification, running in continuous integration,
replaying logged data in simulation and testing with the various
sanitizers (ASAN, MSAN, UBSAN), but that doesn't mean that we couldn't
do better.
It strikes me that the way that a new standard organization avoids
becoming a tax-collecting, rubber-stamping body is by providing a GPL'ed
or CCBYSA-licensed static analysis tool. Of course, a static analysis
tool only makes sense once a set of best practices is agreed, so the
problem is that the tool perhaps never gets started. Do CERT-C and
MISRA have publicly available static analysis tools already? Why are
these earlier standards in need of augmentation, anyway?
I find that the kernel itself curls up and dies when run under UBSAN.
That fact alone sours me a bit on the practicality of the whole program,
I'm afraid.
Best wishes,
Alison
---
Alison Chaiken alison at she-devel.com, 650-279-5600
http://{ she-devel.com, exerciseforthereader.org }
"You shouldn't try to optimize things you can't measure." -- Elecia
White,
http://embedded.fm/episodes/170
More information about the trustable-software
mailing list