Re: [SystemSafety] OpenSSL Bug

From: John Knight < >
Date: Mon, 14 Apr 2014 10:20:19 -0400


If you would like to see how bad things can be when using C, take a look at this paper from Bell Labs about the 5ESS development, in particular the "Logic Faults" section:

ftp://ftp.iks-jena.de/pub/mitarb/lutz/ada/Write_Valid_Code.pdf

Certainly, all of the faults that the paper notes could be avoided using careful processes or be found by static analysis, either mechanical or human inspection.

But, given current technology and our cumulative experience in 2014, one has to wonder why an engineering artifact such as a safety- or security-critical software system would be built by developers knee deep in gasoline (petrol) with a team frantically searching for matches.

On 4/14/14, 9:47 AM, Nancy Leveson wrote:
> >>Incidentally there is almost no empirical evidence for the benefits
> >>of using a language having stronger typing. There are a few studies
> >>using students on really small problems. Pointers to good studies
> >>welcome.
>
> Actually, there is a lot of scientific evidence (better than
> empirical, although there is a lot of empirical evidence too). There
> were a lot of studies done in the 1980s showing error-proneness of
> particular programming constructs. The non-typed language features
> were the most error-prone. John Gannon did some of them.
>
> More recently, there have been studies comparing SPARK and
> non-strongly typed languages. Martyn Thomas should have more
> information about that. I've also seen several papers on comparisons
> from industry, not student programmers. I don't have time to look them
> up, but I've assigned them to my classes in the past. I think that not
> much is done on this topic by academics and researchers anymore
> because there doesn't seem to be any doubt about it.
>
> Nancy
>
> careful
>
>
> On Thu, Apr 10, 2014 at 3:06 PM, Derek M Jones <derek_at_xxxxxx > <mailto:derek_at_xxxxxx >
> Peter,
>
>
> There are people here who have defended the use of the
> programming language C. Shame on you. Yes,
>
>
> Why pick on C? All language have their problems.
>
> Facebook have been doing good stuff to improve the reliability of PHP:
> http://shape-of-code.coding-guidelines.com/2014/03/24/hack-a-template-for-improving-code-reliability/
>
>
>
> there are tools; there are reliable tools to check whether C
> programs adhere to strong-typing
>
>
> There is no discontinuity that distinguishes weak/strong typing, it is
> a continuum. Good luck reaching general agreement on where to draw
> the line.
>
> I have worked in languages that have stronger typing than C and
> seen plenty of code in those languages where developers have failed
> to use the strong typing facilities available to them. Giving
> developers the tools does not mean they will use them (I am a fan
> of stronger typing than is available in C).
>
> Incidentally there is almost no empirical evidence for the benefits
> of using a language having stronger typing. There are a few studies
> using students on really small problems. Pointers to good studies
> welcome.
>
>
> principles. Etc. AND THEY WERE NOT USED BY PEOPLE WHOM I HAVE
> UP TO NOW TRUSTED. In other words, you
> were lying to us about "good practice" amongst "SW developers"
> using C.
>
>
> and you are surprised by this (again why pick on just C)?
>
> --
> Derek M. Jones tel: +44 (0) 1252 520 667
> <tel:%2B44%20%280%29%201252%20520%20667>
> Knowledge Software Ltd
> blog:shape-of-code.coding-guidelines.com
> <http://shape-of-code.coding-guidelines.com>
> Software analysis http://www.knosof.co.uk
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx > <mailto:systemsafety_at_xxxxxx >
>
>
>
> --
> Prof. Nancy Leveson
> Aeronautics and Astronautics and Engineering Systems
> MIT, Room 33-334
> 77 Massachusetts Ave.
> Cambridge, MA 02142
>
> Telephone: 617-258-0505
> Email: leveson_at_xxxxxx > URL: http://sunnyday.mit.edu
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Apr 14 2014 - 16:20:33 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 04:17:06 CEST