Everyone who writes safety critical software should read this

[Nick Sabalausky]

On 11/2/2013 8:09 AM, Joseph Rushton Wakeling wrote:
> On 02/11/13 10:55, bearophile wrote:
>> To make high integrity software you have to start with reliable tools
>
> I know what you're saying, but there is an inherent assumption in the
> concept of "reliable tools".  So far as I can see the important thing is
> to assume that _nothing_ in the system is reliable, and that anything
> can fail.
>

"Reliable" of course simply meaning "less unreliable".

> If you rely on the language or on the compiler to detect integral
> overflows, you're not necessarily safer -- your safety rests on the
> assumption that the compiler will implement these things correctly, and
> will ALWAYS do so regardless of circumstances.

It still helps and is therefore worthwhile. Nobody's claiming that 
runtime overflow checks were sufficient to ensure reliability, only that 
*not* having them can be a bad idea.