Conversation

Notices

1. Hattie Cat (hattiecat@shitposter.club)'s status on Saturday, 01-Sep-2018 18:03:33 EDT Hattie Cat
   @bob Admit I did not watch (I hate video) but people like Les Hatton were promoting safer C through avoiding undefined behavior etc. (and there is a surprising amount of this) decades ago. One result was MISRA C, developed by and for the automotive industry in the late 1990s, and still you get shit like Toyota's crappy killer firmware. Unless you're going to change C radically (in which case it is no longer C), writing safer C requires tools and discipline, both of which take time and cost money, so tend to get adopted by aerospace users and ignored by everyone else.
   https://shitposter.club/url/2320598
   1. Hattie Cat (hattiecat@shitposter.club)'s status on Saturday, 01-Sep-2018 18:36:13 EDT Hattie Cat

      in reply to
      @bob Of course it's not just about the language but the entire process of software development. FYI this is interesting about Toyota's ETCS (throttle control) and other software:
       
      - 256.6k non-comment lines of C source code
      - 67 functions with Cyclomatic Complexity > 50 (considered untestable)
      - Toyota software had between 9,273-11,538 global variables
      - recursion prohibited in safety-critical systems due to possibility of stack overflow. ETCS uses recursion.
      - "technology such as failsafe is not part of Toyota's engineering division's DNA" - internal company mail
      
      You can write safe software in C/C++ (or PHP or whatever) if you avoid the hairy bits _and_ have appropriate processes and discipline. Better languages of course do help you not to shoot yourself in the foot, but without processes and discipline then no amount of language safety will save you.
      
      https://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf