Boost logo

Boost :

Subject: Re: [boost] Use of boost in safety critical work
From: Robert Ramey (ramey_at_[hidden])
Date: 2014-12-05 12:12:31

Andrew Marlow-2 wrote
> They introduced me to a new acronym, well new to me anyway: SOUP.
> It stands for Software of Unknown Pedigree. They classify boost as SOUP.
> I have used boost before in embedded work but I have never done safety
> critical work before so I don't know how widely boost is used there. Can
> anyone who *has* worked on safety critical stuff comment please?

In my limited exposure to the "safety critical" world, a big part of
the job is verifying/demonstrating/documenting that each safety
requirement is fulfilled by some specific piece of code.

Since Boost is distributed as source code, the issues related to verifying
and documenting the fulfillment of safety requirements would be EXACTLY
the same for code writing in house. So SOUP wouldn't apply
unless all in house written code is also considered SOUP.

That's the way the system is supposed to work. I very seriously doubt
that it actually works that way. I'm sure all the paperwork "proving"
that all safety requirements can be traced to specific code is filed, but
I doubt that the work is really rigorously done. For example, I've
never seen any of these companies apply these verification/certification
policies to C library source code. Actually the often will use the
C libraries pre-built from the vendor so they haven't actually verified
that this code even matches the library source!

In many places this is used to justify a
policy of "we make everything from scratch so we can verify it".
This is similar to other policies such as "we make everything from
scratch so no one can sue us". Or "we make everything from
scratch because we have hard real-time requirements". Or

So it boils down with, is one
going to start with something like Boost code or code from scratch"

Since some/many Boost libraries aren't really readable they wouldn't
likely be suitable candidates for inclusion in such a project - while
other ones would. In general, Boost code will be more likely to
be correct than home brew code. If necessary, the
would be applied to the Boost code. That would satisfy all the
safety certification requirements. As far as I know, no user had
every contacted any author of any boost library to participate
in such a certification. Actually, I don't think anyone who uses
Boost (or the standard library for that matter) actually even runs
the test suite which is delivered with the library.

Robert Ramey

View this message in context:
Sent from the Boost - Dev mailing list archive at

Boost list run by bdawes at, gregod at, cpdaniel at, john at