Re: Limitations of code quality to ensure safety of modern software



But the point here is much more subtle: 

For the code submitted to this contest, I would assume that all of the aspects related to product and process quality, including design, are well covered and would be qualified by any safety standard.  But the final result is not safe.

The inherent features of C (and, to a lesser extent, C++) enable the clever developer to write qualified unsafe code.

And although the contest focuses on security issues (which as noted by Poonam is more highlighted), similar tricks can be implemented to evade safety as well as functional features.

The type of testing which would block such code is on a different level altogether.


Bottom line, documented architecture and design; requirements; and classic testing (primarily static); and other aspects dominating safety standards and legacy processes, are not necessarily appropriate mechanisms for ensuring quality and safety of modern software systems, primarily if written in a language such as C.



From: Aggrwal, Poonam <Poonam.Aggrwal@...>
Sent: Tuesday, June 21, 2022 5:51 PM
To: Peter.Brink@...; Elana Copperman <Elana.Copperman@...>; devel@...
Subject: RE: [ELISA Technical Community] Limitations of code quality to ensure safety of modern software


EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.

[AMD Official Use Only - General]




I jumped in because I found the topic interesting.


The shortcomings of C in comparison to other type safe languages like Java and Rust are being highlighted in security context too.


Although, I am not sure that today’s automobiles’ SW stacks (AutoSAR, Adaptive AutoSAR) use them. They would be pretty much written in C.




From: devel@... <devel@...> On Behalf Of Brink, Peter via
Sent: Tuesday, June 21, 2022 7:30 PM
To: Elana Copperman <Elana.Copperman@...>; devel@...
Subject: Re: [ELISA Technical Community] Limitations of code quality to ensure safety of modern software


Hi Elana,


Not sure why you directed this to me.  I have always advocated for product and process quality, of which code quality is just one aspect.  The safety of a product, as you say at the end might be compromised by the design, which is why I have been advocating for the quality and safety aspects mentioned above.




From: Elana Copperman <Elana.Copperman@...>
Sent: Tuesday, June 21, 2022 1:02 AM
To: Brink, Peter <Peter.Brink@...>; devel@...
Subject: Limitations of code quality to ensure safety of modern software


Hi Pete,


I don't know if this contest is still being supported.  But as you can see, it highlights the limitations of C as a programming language.

So that ensuring "quality" of any C-based safety critical system is not easy, even before we get to the limitations of Linux and open source.

Unfortunately throughout my career I have seen plenty of code examples which, although not malicious in the sense of this contest, comply with accepted development/coding/test processes – but are inherently unsafe, sometimes by design.



This e-mail may contain privileged or confidential information. If you are not the intended recipient: (1) you may not disclose, use, distribute, copy or rely upon this message or attachment(s); and (2) please notify the sender by reply e-mail, and then delete this message and its attachment(s). Underwriters Laboratories Inc. and its affiliates disclaim all liability for any errors, omissions, corruption or virus in this message or any attachments.

Join to automatically receive all group messages.