I wrote:
>> How about Andy German's paper on "Software Static Code Analysis
>> Lessons Learned"?
>>
>>
http://www.crosstalkonline.org/storage/issue-archives/2003/200311/200311-Ger
man.pdf
>>
>> "Table 1 shows that the poorest language for safety-critical
>> applications is C with consistently high anomaly rates. The best
>> language found is SPARK (Ada), which consistently achieves one
>> anomaly per 250 software lines of code".
Derek replied:
> Thanks. I have read this paper.
>
> It is difficult to read anything into the results because nothing is
> said about the usage (i.e., applications that are more heavily used
> are more likely to experience more faults) or about the testing
> investment that happened prior to release (obviously more testing
> means fewer faults in the field).
Andy German's paper reports on the results of conducting static code analysis on the airborne software for the Lockheed C-130J between 1995 and 1996. This work was carried by Lloyd's Register and by Aerosystems. I worked for Lloyd's Register at the time. The Lockheed C-130J was undergoing FAA certification and the airborne software was therefore being developed to DO-178B. As the launch customer, the UK Ministry of Defence required the airborne software to be subjected to static code analysis in addition to the DO-178B software development and verification process. We used the SPARK Examiner for the C-130 mission computer software, which was written in SPARK, and MALPAS for the remaining code (a mix of C, Ada, Pascal, PLM and Lucol). Only the DO-178B Level A and Level B software was analysed.
The static analysis found a number of defects in the software. Andy German's paper presents a number of interesting findings:
I reproduce Table 1 below:
Software Language
Range
Software Lines of Code Per Anomaly
Anomalies Per Thousand Lines of Code
C
Worst
2
500
Average
6 - 38
167 - 26
Best (Auto Code Generated)
80
12.5
Pascal
Worst
6
167
Average/Best
20
50
PLM Average
50
20
Ada
Worst
20
50
Average
40
25
Best (Auto Code Generated)
210
4.8
Lucol
Average
80
12.5
SPARK Average
250
4
I also recollect that significant differences in anomaly rates were found between the software produced by different vendors, though this is not highlighted in Andy's paper.
I think these findings are very interesting and are worthy of further investigation. However, I also believe there are a number of reasons why we need to be careful not to read too much into the C-130J experience:
Yours,
Dewi Daniels | Managing Director | Verocel Limited
Direct Dial +44 1225 718912 | Mobile +44 7968 837742 | Email ddaniels_at_xxxxxx
Verocel Limited is a company registered in England and Wales. Company
number: 7407595. Registered office: Grangeside Business Support Centre, 129
Devizes Road, Hilperton, Trowbridge, United Kingdom BA14 7SZ
This archive was generated by hypermail 2.3.0 : Sun Feb 17 2019 - 16:17:06 CET