Subject: Re: [boost] Use of boost in safety critical work
From: Oliver Kowalke (oliver.kowalke_at_[hidden])
Date: 2014-12-06 11:27:38
> I am currently considering a job which involves embedded safety critical.
> It is for a neonatal ventilator so the safety critical aspect really is
critical rather than
> just 'jolly important'.
if it is safety critical than you should consider SPARK
2014-12-06 17:08 GMT+01:00 Paul A. Bristow <pbristow_at_[hidden]>:
>> -----Original Message-----
>> From: Boost [mailto:boost-bounces_at_[hidden]] On Behalf Of Andrew Marlow
>> Sent: 06 December 2014 14:31
>> To: boost
>> Subject: Re: [boost] Use of boost in safety critical work
>> Thank you all for your comments so far.
>> On 6 December 2014 at 13:46, Edward Diener <eldiener_at_[hidden]> wrote:
>> > My last consulting job was for a company essentially doing "safety
>> > critical work" ( they were periodically inspected/checked by the FDA ).
>> > They felt that Microsoft's MFC and VC++ standard libraries were "safe"
>> > but I could not convince them that using Boost libraries were "safe".
>> > They were upset when they found bug reports against some Boost
>> > libraries, but evidently were not at all upset when I conversely
>> > pointed out bug reports against MFC and the VC++ compiler.
>> This is what I suspect the company attitude will be in my particular case.
>> I am not really interested to hear stories about well established, widely used
>> respected boost is. I already know that. As far as I am concerned boost is the
>> best thing to it coming from the std library and in many cases boost work has
>> on to become part of the std. However, company attitudes differ. In my case
>> company hasn't even heard of boost so it is definately SOUP as far as they are
>> concerned. So I was wondering how widespread this phenomenon is in safety
>> circles and how seasoned boost-aware developers deal with it. As someone else
>> already said, boost code is not very readable which casts doubt on being able
> to use
>> it to simulate having developed the code in-house from scratch. So what do
>> do instead?
> Your company has the "nobody ever got fired for buying IBM" syndrome. If they
> have not even *heard* of Boost, *they* are of Unknown Pedigree?
> Ultimately, much of meeting regulators (and insurers) requirements comes down to
> code review and, above all, testing.
> You can see the source code (though obfuscated by the requirement to cover
> compiler 'features') and you can see what tests are carried out. This is
> usually more than you can *see* with code from, say, Microsoft. Which is why I
> said "What You See Is What You Get".
> You can, of course, also be much assured by the prospect suing Microsoft for the
> many deficiencies in their code ;-)
> That C++ and Boost is being used in car embedded systems should give you some
> reassurance, but in the end it is the software engineers who carry the can.
> After all, the tools are all a way of producing assembler/machine code.
> Paul A. Bristow
> Prizet Farmhouse
> Kendal UK LA8 8AB
> +44 (0) 1539 561830
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost