安全关键软件c++的正式方法。

时间:2021-07-22 06:53:44

Looking at C, C has good support for formal methods that can be used in-code(frama-c, VCC, verifast). C++ doesn't seem to have any comparable as far as I can tell.

考虑到C, C对可以在代码中使用的正式方法有很好的支持(frama-c、VCC、verifast)。在我看来,c++似乎没有任何可比性。

What formal methods are available for reasoning about safety-critical software written in C++?

有什么正式的方法可以用来论证用c++编写的安全关键软件?

1 个解决方案

#1


2  

A medical company I work with uses Coverity and Klocwork to check the code for possible problems such as resource leaks and uninitialized pointer getting used.

与我合作的一家医疗公司使用Coverity和Klocwork来检查代码是否存在资源泄漏和未初始化的指针被使用等问题。

However, these are tools and not standard for safety critical code.

但是,这些是工具,不是安全关键代码的标准。

What I have seen is that MISRA has been working on a standard for C++. They started with C way back, and start work on C++ about 5 years ago or so. One big problem is that the MISRA standard for C++, for example, says you should not use templates. That really limits what you can do in C++. However, you could use that document as a starting point. You may want to limit templates used in your software to what comes in the standard library and boost, for example.

我所看到的是,MISRA一直在为c++制定标准。早在5年前,他们就开始研究c++了。一个大问题是,例如,c++的MISRA标准说您不应该使用模板。这确实限制了c++的功能。但是,您可以使用该文档作为起点。您可能希望将软件中使用的模板限制在标准库和boost中。

Note that Klocwork has an extension for MISRA C++.

注意,Klocwork对MISRA c++有一个扩展。

Yet, one of the best way to write good code is to test it with unit tests and integration tests. I have found with years that this is way more reliable that most other methods.

然而,编写好的代码的最佳方法之一是使用单元测试和集成测试对其进行测试。多年来,我发现这比大多数其他方法更可靠。

#1


2  

A medical company I work with uses Coverity and Klocwork to check the code for possible problems such as resource leaks and uninitialized pointer getting used.

与我合作的一家医疗公司使用Coverity和Klocwork来检查代码是否存在资源泄漏和未初始化的指针被使用等问题。

However, these are tools and not standard for safety critical code.

但是,这些是工具,不是安全关键代码的标准。

What I have seen is that MISRA has been working on a standard for C++. They started with C way back, and start work on C++ about 5 years ago or so. One big problem is that the MISRA standard for C++, for example, says you should not use templates. That really limits what you can do in C++. However, you could use that document as a starting point. You may want to limit templates used in your software to what comes in the standard library and boost, for example.

我所看到的是,MISRA一直在为c++制定标准。早在5年前,他们就开始研究c++了。一个大问题是,例如,c++的MISRA标准说您不应该使用模板。这确实限制了c++的功能。但是,您可以使用该文档作为起点。您可能希望将软件中使用的模板限制在标准库和boost中。

Note that Klocwork has an extension for MISRA C++.

注意,Klocwork对MISRA c++有一个扩展。

Yet, one of the best way to write good code is to test it with unit tests and integration tests. I have found with years that this is way more reliable that most other methods.

然而,编写好的代码的最佳方法之一是使用单元测试和集成测试对其进行测试。多年来,我发现这比大多数其他方法更可靠。