I am currently considering a job which involves embedded safety critical. It is for a neonatal ventilator so the safety critical aspect really is critical rather than just 'jolly important'.
if it is safety critical than you should consider SPARK
2014-12-06 17:08 GMT+01:00 Paul A. Bristow
-----Original Message----- From: Boost [mailto:boost-bounces@lists.boost.org] On Behalf Of Andrew Marlow Sent: 06 December 2014 14:31 To: boost Subject: Re: [boost] Use of boost in safety critical work
Thank you all for your comments so far.
On 6 December 2014 at 13:46, Edward Diener
wrote: My last consulting job was for a company essentially doing "safety critical work" ( they were periodically inspected/checked by the FDA ). They felt that Microsoft's MFC and VC++ standard libraries were "safe" but I could not convince them that using Boost libraries were "safe". They were upset when they found bug reports against some Boost libraries, but evidently were not at all upset when I conversely pointed out bug reports against MFC and the VC++ compiler.
This is what I suspect the company attitude will be in my particular case. I am not really interested to hear stories about well established, widely used and respected boost is. I already know that. As far as I am concerned boost is the next best thing to it coming from the std library and in many cases boost work has gone on to become part of the std. However, company attitudes differ. In my case the company hasn't even heard of boost so it is definately SOUP as far as they are concerned. So I was wondering how widespread this phenomenon is in safety critical circles and how seasoned boost-aware developers deal with it. As someone else has already said, boost code is not very readable which casts doubt on being able to use it to simulate having developed the code in-house from scratch. So what do people do instead?
Your company has the "nobody ever got fired for buying IBM" syndrome. If they have not even *heard* of Boost, *they* are of Unknown Pedigree?
Ultimately, much of meeting regulators (and insurers) requirements comes down to code review and, above all, testing.
You can see the source code (though obfuscated by the requirement to cover compiler 'features') and you can see what tests are carried out. This is usually more than you can *see* with code from, say, Microsoft. Which is why I said "What You See Is What You Get".
You can, of course, also be much assured by the prospect suing Microsoft for the many deficiencies in their code ;-)
That C++ and Boost is being used in car embedded systems should give you some reassurance, but in the end it is the software engineers who carry the can. After all, the tools are all a way of producing assembler/machine code.
Enjoy!
Paul
--- Paul A. Bristow Prizet Farmhouse Kendal UK LA8 8AB +44 (0) 1539 561830
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost