Hacker News new | ask | show | jobs
by DonaldFisk 3662 days ago
There are standards (MISRA C) which are supposed to stop things like that happening. Perhaps they weren't being followed?

There are other safe languages they could have used which have a longer track record than Rust, e.g. Ada. It's used in avionics. Why shouldn't it being used here?
2 comments
RealityVoid 3662 days ago
While a decent guideline, MISRA does not guarantee correctitude. There are many ways you can twist code that MISRA will not complain but the code will be wholly broken.

I do not know what kind of unsafe memory access happened in their systems, but you can do all sorts of memory opperations and as long as the explicit typecasts are a-ok misra won't flinch.

link
Matthias247 3662 days ago
Totally agree, you can write software thats perfectly MISRA compliant and still contains lots of different bugs.
link
RealityVoid 3661 days ago
Truth be told, the question here is: "Is the class of errors that is prevented by Rust natively also prevented by MISRA?"

My take is that while there is some overlap, MISRA is unable to guarantee anything, while Rust is able to guarantee certain things that C can't. (that's from my limited understanding of Rust, I haven't futzed with it yet)

link
DonaldFisk 3661 days ago
I don't think C (or C++) should be used for autonomous vehicles at all, as it is known to be unsafe, but if it is, the MISRA C guidelines or something similar should be used to help prevent certain kinds of bugs.

Almost any other statically typed language, along with similarly strict guidelines, would be preferable to C, but there is no ideal language. Rust still allows dynamic heap memory allocation and recursive functions. It is also new. Ada has been used for decades.

link
RealityVoid 3661 days ago
MISRA is already used extensively in the auto industry. But i guess what I was trying to say is that while it helps, it can easily be tricked while a compiler designed with the safety measures MISRA promotes already baked into it will not let you do certain things.
link
DonaldFisk 3661 days ago
Agreed.
link
ArkyBeagle 3662 days ago
MISRA is okay. It's not a panacea.
link
crypto5 3662 days ago
Wiki says it is proprietary..
link
ArkyBeagle 3662 days ago
Yeah, although the principles/rules are in quite public places. It's rather like the ITU standards in that regard - you pay for the documents.

Applying them feels like buying indulgences. :)

link