Re: [SystemSafety] OpenSSL Bug

From: Derek M Jones < >
Date: Tue, 15 Apr 2014 17:54:13 +0100


Patrick,

> Incidentally, Iíve been begging industry colleagues for access to their code and bug records so I can get an MS student to replicate the Boogerd study on a safety-critical C code base. So far no takers. And here I am thinking it would be nice to have more solid evidence about what works and what doesnít.

Correlating guidelines with faults is a non-trivial task. The following paper tracks bugs in Linux over 10 years to get an idea of their typical lifetime and frequency of occurrence:
http://hal.inria.fr/inria-00509256/PDF/RR-7357.pdf

They have the advantage of using a very powerful tool, Coccinelle, which I have used a lot:
http://shape-of-code.coding-guidelines.com/2009/08/

Those involved in Coccinelle spend their time making it better and providing great support (rather than gong around singing its praises). It it far and away the best tool of its kind out there:
http://coccinelle.lip6.fr/

-- 
Derek M. Jones                  tel: +44 (0) 1252 520 667
Knowledge Software Ltd          blog:shape-of-code.coding-guidelines.com
Software analysis               http://www.knosof.co.uk
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Tue Apr 15 2014 - 18:54:28 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST