Subject: Re: [boost] Use of boost in safety critical work
From: Paul A. Bristow (pbristow_at_[hidden])
Date: 2014-12-06 11:08:58
> -----Original Message-----
> From: Boost [mailto:boost-bounces_at_[hidden]] On Behalf Of Andrew Marlow
> Sent: 06 December 2014 14:31
> To: boost
> Subject: Re: [boost] Use of boost in safety critical work
> Thank you all for your comments so far.
> On 6 December 2014 at 13:46, Edward Diener <eldiener_at_[hidden]> wrote:
> > My last consulting job was for a company essentially doing "safety
> > critical work" ( they were periodically inspected/checked by the FDA ).
> > They felt that Microsoft's MFC and VC++ standard libraries were "safe"
> > but I could not convince them that using Boost libraries were "safe".
> > They were upset when they found bug reports against some Boost
> > libraries, but evidently were not at all upset when I conversely
> > pointed out bug reports against MFC and the VC++ compiler.
> This is what I suspect the company attitude will be in my particular case.
> I am not really interested to hear stories about well established, widely used
> respected boost is. I already know that. As far as I am concerned boost is the
> best thing to it coming from the std library and in many cases boost work has
> on to become part of the std. However, company attitudes differ. In my case
> company hasn't even heard of boost so it is definately SOUP as far as they are
> concerned. So I was wondering how widespread this phenomenon is in safety
> circles and how seasoned boost-aware developers deal with it. As someone else
> already said, boost code is not very readable which casts doubt on being able
> it to simulate having developed the code in-house from scratch. So what do
> do instead?
Your company has the "nobody ever got fired for buying IBM" syndrome. If they
have not even *heard* of Boost, *they* are of Unknown Pedigree?
Ultimately, much of meeting regulators (and insurers) requirements comes down to
code review and, above all, testing.
You can see the source code (though obfuscated by the requirement to cover
compiler 'features') and you can see what tests are carried out. This is
usually more than you can *see* with code from, say, Microsoft. Which is why I
said "What You See Is What You Get".
You can, of course, also be much assured by the prospect suing Microsoft for the
many deficiencies in their code ;-)
That C++ and Boost is being used in car embedded systems should give you some
reassurance, but in the end it is the software engineers who carry the can.
After all, the tools are all a way of producing assembler/machine code.
--- Paul A. Bristow Prizet Farmhouse Kendal UK LA8 8AB +44 (0) 1539 561830
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk