Everyone who writes safety critical software should read this
Joseph Rushton Wakeling
joseph.wakeling at webdrake.net
Sat Nov 2 05:09:29 PDT 2013
On 02/11/13 10:55, bearophile wrote:
> To make high integrity software you have to start with reliable tools
I know what you're saying, but there is an inherent assumption in the concept of
"reliable tools". So far as I can see the important thing is to assume that
_nothing_ in the system is reliable, and that anything can fail.
If you rely on the language or on the compiler to detect integral overflows,
you're not necessarily safer -- your safety rests on the assumption that the
compiler will implement these things correctly, and will ALWAYS do so regardless
of circumstances. How can you tell if the automated integral overflow checking
is working as it should? And even if it is a high-quality implementation, how
do you protect yourself against extreme pathological cases which may arise in
very rare circumstances?
"Necessary but not sufficient" seems a good phrase to use here.
More information about the Digitalmars-d
mailing list