Re: [SystemSafety] OpenSSL Bug

From: Chris Hills < >
Date: Tue, 15 Apr 2014 11:40:28 +0100


Patriclk

Re "Leaving the religions of libre and gratis aside, does anyone know of any evidence that shows that adhering to MISRA-C specifically would improve the quality of FOSS? "

How is FOSS code different to any other code? As for using MISRA-C on non-critical code... is this code you don't want or expect to work reliably? :-)
Which has been my argument all along. Source code is source code it either works correctly and reliably or it doesn't Why would you want code that does not work correctly and reliably?

Since the Hatton reports in 2007 we have moved on to MISRA C:2012.

The big problem is that 90% of programmers think they are the 10% who know what they are doing. MISRA-C rules can be deviated if you can show a valid reason and take responsibility for that deviation.

MISRA-C rules work to reduce the "problem areas" for C that if used without care can cause problems. Especially if in the vicinity of other problem areas used without care.

MISRA-C for example insists on {} for single line If constructs apparently a real PITA to those who "know what they are doing". However that rule would have caused a query with the Apple SSL goto problem in their if statements before it got as far as compilation.

Actually my understanding re the MISRA-C rules introducing a critical defect, from memory and discussions within the MISRA-C group the problems tend to be by "cleaning" some code it uncovers problems in another area. E.G. one error masks or negates another. Thus removing one uncovers and "activates" the other.

I would like to see the [boogerd2008assessing] paper as AFAIK no one on the MISRA-C team has seen it.

Regards
 Chris

-----Original Message-----
From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Patrick Graydon
Sent: 15 April 2014 10:35
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] OpenSSL Bug

Leaving the religions of libre and gratis aside, does anyone know of any evidence that shows that adhering to MISRA-C specifically would improve the quality of FOSS*? Les Hatton's work has been critical of many of the rules in the standard [hatton2004saferlanguagesubsets,hatton2007language]. But the most direct work I know of on the value of MISRA-C in non-safety-critical software is a study that attempted to correlate the locations of defects in video playback software with MISRA-C rule violations found an overall *slightly negative* correlation (i.e. the rules were worse than useless) [boogerd2008assessing]. Is there any specific evidence that would outweigh this**?

_at_xxxxxx

	Author = {Hatton, Les},
	Journal = {Information and Software Technology},
	Pages = {475--482},
	Title = {Language subsetting in an industrial context: {A}
comparison of {MISRA C 1998} and {MISRA C 2004}},
	Volume = {49},
	Year = {2007}}


_at_xxxxxx Author = {Hatton, Les}, Journal = {Information and Software Technology}, Number = {7}, Pages = {465--472}, Title = {Safer language subsets: an overview and a case history, {MISRA C}}, Volume = {46}, Year = {2004}}
_at_xxxxxx Author = {Boogerd, Cathal and Moonen, Leon}, Booktitle = {Proceedings of the IEEE International Conference on Software Maintenance (ICSM)}, Month = {October}, Pages = {277--286}, Title = {Assessing the value of coding standards: An empirical study}, Year = {2008}}
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Apr 15 2014 - 12:40:43 CEST

This archive was generated by hypermail 2.3.0 : Sat Feb 16 2019 - 01:17:06 CET