Bug rate and choice of programming language
in [ADA]
|
Prev: Spark and the Ada numerics annex
Next: Ada 2012: An Oops in the new Ada amendments ? (in 10.1.2 ContextClauses - With Clauses)
From: Maciej Sobczak on 10 Aug 2010 09:22 Hello, This is not a troll, really. :-) By following some links that were posted during the discussion on one of the Polish programming newsgroups I have found the following page: http://www.leshatton.org/SCSS_595.html This page seems to refer to some paper with an assessment of programming languages for safety critical systems with the conclusion that the choice of programming language has little impact on the resulting bug rate and what actually matters is the programmer's fluency in using it. Or this is at least what I understand from the paper's description. Unfortunately the paper itself is not available. Is any of you aware of the content of this paper? Is it possible for you to objectively comment on it? References to other research results in this domain would be highly welcome. The above paper alone is very suggestive, but certainly not exhaustive. -- Maciej Sobczak * http://www.inspirel.com YAMI4 - Messaging Solution for Distributed Systems http://www.inspirel.com/yami4
From: Georg Bauhaus on 10 Aug 2010 10:41 On 10.08.10 15:22, Maciej Sobczak wrote: > http://www.leshatton.org/SCSS_595.html > Unfortunately the paper itself is not available. FWIW, http://www.safety-club.org.uk/~jepson/scsc/publish.php?opt=list&pid=17#R17 Achievement and Assurance of Safety Proceedings of the Third Safety-critical Systems Symposium, Brighton, UK
From: Yannick Duchêne (Hibou57) on 10 Aug 2010 10:45 Le Tue, 10 Aug 2010 15:22:01 +0200, Maciej Sobczak <see.my.homepage(a)gmail.com> a écrit: > programming languages for safety critical systems with the conclusion > that the choice of programming language has little impact on the > resulting bug rate and what actually matters is the programmer's > fluency in using it. Seems it is viewed like a personal affair (it seems "The" centered as it is expressed in the message) OK, if he/she works alone, on something which will never be revisited by others, will never be maintained by others, if nobody else will have to understand what he/she did and he/she did so. By the way, there is no need for public assessment in personal areas (joking). The question is also: what about collective works (a common case) or about lonely works (a very common case) where the lonely author will have to come back to what he/she did months or years later. I believe you may already have read such a reply and there is nothing new in these words.... and there indeed may be a reason for that: practice and real life. If you ask any one, with its favorite who-know-which in hand, even in QBasic results may be good... for some time. If time or numerous other people takes part, this is not the same story. Disclaimer: replied on the basis of this sole post, as the document does not seems to be available on-line (so could not read it). -- There is even better than a pragma Assert: a SPARK --# check. --# check C and WhoKnowWhat and YouKnowWho; --# assert Ada; -- i.e. forget about previous premises which leads to conclusion -- and start with new conclusion as premise.
From: Phil Thornley on 10 Aug 2010 16:53 On 10 Aug, 14:22, Maciej Sobczak <see.my.homep...(a)gmail.com> wrote: [...] > This page seems to refer to some paper with an assessment of > programming languages for safety critical systems with the conclusion > that the choice of programming language has little impact on the > resulting bug rate and what actually matters is the programmer's > fluency in using it. [...] > References to other research results in this domain would be highly > welcome. The above paper alone is very suggestive, but certainly not > exhaustive. There's this paper in CrossTalk, from 2003 - which comes to very different conclusions to Les Hatton's paper (see the table about 2/3 into the paper). http://www.stsc.hill.af.mil/crosstalk/2003/11/0311german.html "Table 1 shows that the poorest language for safety-critical applications is C with consistently high anomaly rates. The best language found is SPARK (Ada), which consistently achieves one anomaly per 250 software lines of code. The average number of safety-critical anomalies found is a small percentage of the overall anomalies found with about 1 percent identified as having safety implications. Automatically generated code was found to have considerably reduced syntactic and data flow errors." Cheers, Phil
From: Yannick Duchêne (Hibou57) on 10 Aug 2010 18:23
Le Tue, 10 Aug 2010 22:53:25 +0200, Phil Thornley <phil.jpthornley(a)gmail.com> a écrit: > Automatically generated code was found to have considerably reduced > syntactic and data flow errors." This one is good to know. I was wondering about it these last few days (was also wondering about a good choice to generate this, may be a script language). Sometime, automatically generated sources seems difficult to avoid, even when one do not really enjoy the idea of preprocessor (may be some resilient fears due to older bad experiences with C). This may happens when an application has multiple parts using different languages or representations, and in the mean times must have some of their parts synchronized in some way. Ex. an application with an Ada or Pascal part, and HTML pages, and some JavaScript parts ; all with references to some kind of protocols, identifiers, standard data which may need to be changed, etc. Different worlds, which may refer to common stuffs. This is probably better when these dependencies are handled via automatic source generation using a single data source. I was wondering about reliability of automatically generated parts. Your comment is interesting in this area. -- There is even better than a pragma Assert: a SPARK --# check. --# check C and WhoKnowWhat and YouKnowWho; --# assert Ada; -- i.e. forget about previous premises which leads to conclusion -- and start with new conclusion as premise. |