Re: [SystemSafety] Overflow triggering AC power cut-off in Boeing 787

From: Derek M Jones < >
Date: Sun, 03 May 2015 18:48:54 +0100


David,

> This would not happen if absence of overflow was automatically checked
> (by using tools like Frama-C, Astrée or Polyspace). Or more probably

Automatic checking is not in itself enough and without the source code to try out the tools you cannot claim that any of them would have detected the problem.

Deciding what kinds of thing a static analysis tool involves lots of trade-offs, such as:

    o what can be implemented with the available resources,

    o what level of false positive is considered acceptable,

    o what kinds of mistakes are most likely to occur and hence       the ones for which it is cost effective to check for,

    o for commercial tools, what the customer wants to know and what they       are willing to pay,

    o for academic projects, what is likely get published when written       up.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Sun May 03 2015 - 19:49:31 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 18 2019 - 22:17:07 CEST