When your code absolutely, always, *has* to work :-).
simo
idra at samba.org
Tue Aug 7 10:01:06 MDT 2012
On Tue, 2012-08-07 at 08:45 -0700, Jeremy Allison wrote:
> On Tue, Aug 07, 2012 at 10:29:24AM +0200, Volker Lendecke wrote:
> > On Mon, Aug 06, 2012 at 11:14:18AM -0700, Jeremy Allison wrote:
> > > I found this really interesting:
> > >
> > > http://programmers.stackexchange.com/questions/159637/what-is-the-mars-curiosity-rovers-software-built-in/159638#159638
> > >
> > > http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf
> > >
> > > Makes Samba seem a bit less reliable somehow :-).
> >
> > One problem here is that to me it seems those MISRA docs and
> > tools are not available for free. I have looked at one
> > point, but I could not find anything easily accessible. And,
> > no malloc() is difficult for Samba I guess. We don't want a
> > pre-allocated array of fsp's I think :-)
>
> No, I wasn't seriously suggesting no malloc, after all we're
> not running on a spaceship :-).
>
> But I found the contraints really interesting - what you need
> to do to C code to make it space-safe !
Not just for space.
The same guidelines are used for both military and civil aeronautics
normally. And nuclear power plants, and anything really, really mission
critical where failure would be super expensive or life threatening.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list