SLIDE 1
Writing Software That's Safe Enough To Drive A Car @shnewto - - PowerPoint PPT Presentation
Writing Software That's Safe Enough To Drive A Car @shnewto - - PowerPoint PPT Presentation
Writing Software That's Safe Enough To Drive A Car @shnewto Clickbait ! Functional safety is... the absence of unreasonable risk due to hazards caused by malfunctioning behavior of E/E systems. State of the Art What is safe enough?
SLIDE 2
SLIDE 3
Functional safety is...
the absence of unreasonable risk due to hazards caused by malfunctioning behavior of E/E systems.
SLIDE 4
“State of the Art”
SLIDE 5
What is safe enough?
SLIDE 6
Mutable aliasing
SLIDE 7
Casting away the `const`
SLIDE 8
Alternatively: We can't destroy what we don't own
SLIDE 9
Rust: Nope, still immutable
SLIDE 10
Pattern mis-matching
SLIDE 11
Mismatch caught
SLIDE 12
If it doesn't compile, it can't crash.
SLIDE 13
C is proven in use, why change?
SLIDE 14
Redefining “State of the Art”
SLIDE 15
MISRA-Rust?
SLIDE 16
What’s next?
SLIDE 17
Resources
github.com/PolySync/static-analysis-argumentation (code) polysync.io/blog
- The Challenge of Using C in Safety Critical Applications (white paper)
- Should Safety-Critical Software be Written in C? (blog post)