It is an accepted fact that electronics and, by association, software have pervaded our lives. And we can assume that the vast majority of safety systems today are based on some form of electronic control. So it is a bit worrying to hear an independent safety consultant claim that most critical software has been built ‘using methods that aren’t fit for purpose’.
The consultant is particularly scathing regarding the use of C as the de facto programming language. He believes C is weak and, by implication, has no role in safety critical software. In fact, he is not entirely complementary when it comes to MISRA C, the variant used by the auto industry, among others, to bring more stringency to bear.
But his criticisms move beyond C to address the whole approach to the question of safety critical system development. He despairs, for example, at the decline in the use of the formation specification. He also sees weaknesses in the way in which systems are defined; in his opinion, the way boundaries are drawn are defective. When systems are defined, he contends, people forget there will be users and those users will be inside the system.
So we have to ask whether things are as bleak as they appear. The answer has to be no, although the points made are important. In the opinion of the Safety Critical Software Club, ‘there aren’t as many accidents as there used to be, because we can do lots of things to avoid problems’. But the Club admits, despite all this, accidents still happen. Read more
…
.jpg){kind=avatar}
