高可靠性/可用性/安全性的编码-我读什么标准?
我听说汽车行业有一种叫做MISRA C的东西。
其他高可靠性/可用性/安全性行业的相关标准是什么,例如
- 空间
- 飞机
- 银行/金融
- 汽车行业
- 医疗的
- 国防/军事
- ???
-亚当
解决方案
如果我们专门询问编码问题,则MISRA会提供一些指南,以避免C语言中的常见错误。
但是,好的软件比编码还有很多。航空业用于软件开发的"圣经"是DO-178B。它告诉我们在各个设计阶段需要解决哪些问题,以及如何记录答案。这是大量的文书工作,但是如果我们想让飞机停在空中,那么我们希望最薄弱的是人(飞行员),而不是软件。
查看戈达德太空飞行中心及其编码标准。我在自己的代码中采用的C标准之一是标头必须是自包含的,并且它们提供了一种简单的方法来强制执行-模块的标头必须是模块中包含的第一个文件,因此如果该文件不是自包含的,不会编译。
我们可能会发现对运营商级Linux的一些要求很有启发性。尽管他们(顾名思义!)指定了Linux要求,但它们却是在电信设备的高可用性领域中使用的。
NIST提供了大量相关文档,我们可以深入阅读并仔细阅读他们的工作,但是其中有很多,而且都很冗长,因此我没有具体的要指出的内容。
如果我们想更具体地满足需求,我也许可以将其范围缩小一点...
此外,在可靠性方面,卡耐基梅隆大学在确定开发过程方面几乎是权威,既容易找到其标准,又很冗长。
同样,特定行业通常也有自己的标准,具体取决于国家/地区。例如,信用卡行业的PCI-DSS;欧盟巴塞尔协议II中的银行业;医疗HIPAA(尽管那是相当高级的);任何与美国政府相关的内容,包括各种NIST文档;等等。
FDA拥有软件验证的通用原则,针对医疗器械制造商的设计控制指南,行业指南,FDA审阅者以及关于以下方面的合规性
现有的软件在医疗设备等中的使用
对于在Ada中对高可靠性系统进行编程,有:ISO / IEC TR 15942:"信息技术编程语言在高完整性系统中使用Ada编程语言的指南":
Introduction As a society, we are increasingly reliant upon high integrity systems: for safety systems (such as fly-by-wire aircraft), for security systems (to protect digital information) or for financial systems (e.g., cash dispensers). As the complexity of these systems grows, so do the demands for improved techniques for the production of the software components of the system. These high integrity systems must be shown to be fully predictable in operation and have all the properties required of them. This can only be achieved by analysing the software, in addition to the use of conventional dynamic testing. There is, currently, no mainstream high level language where all programs in that language are guaranteed to be predictable and analysable. Therefore for any choice of implementation language it is essential to control the ways that the language is used by the application. The Ada language [ARM] is designed with specific mechanisms for controlling the use of certain aspects of the language. Furthermore, The semantics of Ada programs are well-defined, even in error situations. Specifically, the effect of a program can be predicted from the language definition with few implementation dependencies or interactions between language features. The strong typing within the language can be used to reduce the scope (and cost) of analysis to verify key properties. The Ada language has been successfully used on many high integrity applications. This demonstrates that validated Ada compilers have the quality required for such applications. Guidance can be provided to facilitate the use of the language and to encourage the development of tools for further verification. Ada is therefore ideally suited for implementing high integrity software and this document provides guidance in the controls that are required on the use of Ada to ensure that programs are predictable and analysable.
