[trustable-software] Open Source Deterministic Programming standard... Help Wanted
Paul Sherwood
paul.sherwood at codethink.co.uk
Thu Sep 20 14:30:06 BST 2018
Sorry for cross-posting, I appreciate some folks may get this email more
than once.
In the course of my various attempts to understand how we can improve
the trustability of software, I've learned that multiple factors matter,
including functionality, reliability, reproducibility, provenance,
safety, security, compliance.
In the context of several of these factors an open standard set of rules
to help C programmers achieve deterministic behaviour would be generally
useful, but even moreso if accompanied by tests that can be run to
ensure that the rules are met. While the MISRA and CERT rules are
interesting in themselves and established as de-facto for their target
audiences, I'm particularly interested in rules that could be brought to
and applied by the open source communities upon whose work we all
increasingly rely.
One of the criticisms of some open source projects is that they don't
follow common industry standards, and changing that is obviously an
uphill task. However, several things have happened recently which make
me wonder whether there may be community members interested in taking up
the challenge, as follows:
- on the c-safe-secure-studygroup list, Robert Seacord has stepped down
as chairperson for the moment due to lack of availability, which maybe
opens a window for slight change of emphasis if the community agrees
- on the systemssafety list Olwen Morgan and others have been discussing
the historical context and applicability of current standards, and the
possibility of a new open source standard
- in the trustable-distros project we are attempting to come up with a
minimal Linux implementation to test out some initial tooling and
methods. if there were generally applicable and accepted rules we could
at least raise issues for some of the fundamental open source
communities and improvements in the code (or pushback and improvements
in the rules) would be likely to follow
So my question is this...
Putting aside for now any emphasis on 'safety' and/or 'security', would
there be any merit/interest in public collaboration on a new document
(with tests) focusing on deterministic behaviour of C (and maybe other
languages), for general consumption?
br
Paul
More information about the trustable-software
mailing list