[trustable-software] Fwd: Notes from the call with Robert Seacord

[Chaiken, Alison]

The whole discussion has centered on C.   Works for me, as I label on 
kernel and gstreamer and systemd in C.   However, the control algorithms 
for our autonomous control systems are coded in C++.   That statement 
logically leads to the question, are there standards similar to CERT-C 
or MISRA for C++?

Our organization follows many generally accepted best practices, such as 
coding to a functional specification, running in continuous integration, 
replaying logged data in simulation and testing with the various 
sanitizers (ASAN, MSAN, UBSAN), but that doesn't mean that we couldn't 
do better.

It strikes me that the way that a new standard organization avoids 
becoming a tax-collecting, rubber-stamping body is by providing a GPL'ed 
or CCBYSA-licensed static analysis tool.  Of course, a static analysis 
tool only makes sense once a set of best practices is agreed, so the 
problem is that the tool perhaps never gets started.   Do CERT-C and 
MISRA have publicly available static analysis tools already?  Why are 
these earlier standards in need of augmentation, anyway?

I find that the kernel itself curls up and dies when run under UBSAN.  
That fact alone sours me a bit on the practicality of the whole program, 
I'm afraid.

Best wishes,
Alison

---
Alison Chaiken                      alison at she-devel.com, 650-279-5600
http://{ she-devel.com, exerciseforthereader.org }
"You shouldn't try to optimize things you can't measure." -- Elecia 
White,
http://embedded.fm/episodes/170