[trustable-software] Open Source Deterministic Programming standard... Help Wanted

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Sep 20 14:30:06 BST 2018 

Sorry for cross-posting, I appreciate some folks may get this email more 
than once.

In the course of my various attempts to understand how we can improve 
the trustability of software, I've learned that multiple factors matter, 
including functionality, reliability, reproducibility, provenance, 
safety, security, compliance.

In the context of several of these factors an open standard set of rules 
to help C programmers achieve deterministic behaviour would be generally 
useful, but even moreso if accompanied by tests that can be run to 
ensure that the rules are met. While the MISRA and CERT rules are 
interesting in themselves and established as de-facto for their target 
audiences, I'm particularly interested in rules that could be brought to 
and applied by the open source communities upon whose work we all 
increasingly rely.

One of the criticisms of some open source projects is that they don't 
follow common industry standards, and changing that is obviously an 
uphill task. However, several things have happened recently which make 
me wonder whether there may be community members interested in taking up 
the challenge, as follows:

- on the c-safe-secure-studygroup list, Robert Seacord has stepped down 
as chairperson for the moment due to lack of availability, which maybe 
opens a window for slight change of emphasis if the community agrees
- on the systemssafety list Olwen Morgan and others have been discussing 
the historical context and applicability of current standards, and the 
possibility of a new open source standard
- in the trustable-distros project we are attempting to come up with a 
minimal Linux implementation to test out some initial tooling and 
methods. if there were generally applicable and accepted rules we could 
at least raise issues for some of the fundamental open source 
communities and improvements in the code (or pushback and improvements 
in the rules) would be likely to follow

So my question is this...

Putting aside for now any emphasis on 'safety' and/or 'security', would 
there be any merit/interest in public collaboration on a new document 
(with tests) focusing on deterministic behaviour of C (and maybe other 
languages), for general consumption?

br
Paul

More information about the trustable-software mailing list