Reviews for Safer C: Developing Software for High-Integrity and Safety-Critical Systems (McGraw-Hill International Series in Software Engineering)

1. Good book but slightly dated

   Rated 3 out of 5 stars, January 12th, 2009

   Well detailed book which provides food for thought. It could benefit with being updated, as this edition was published in 1995. This applies most to the comparison of C with C++ and Ada 95, which were not standardised then. I would also like to see discussion of common safe subsets, such as MISRA C and SPARK Ada (See the author's own website).
   
   

2. Essential reading for C in high-integrity systems

   Rated 5 out of 5 stars, October 12st, 2008

   Up front I have to declare an interest in this book since I reviewed some of the chapters for the author at the galley proof stage.
   
   As another reviewer has said, some (mostly Ada) programmers regard the title as an oxymoron - but it is not. For there is not, never has been and never will be a programming language in which it is at all difficult to write incorrect programs. If you use C carefully and with the right checking tools (QAC and Polyspace) you can, with diligence, achieve a degree of verifiability comparable to what is possible using SPARK Ada with the SPARK Examiner. (And I speak as one who has been a consultant to a project using both SPARK Ada and C on a major air traffic control application).
   
   The essence of high-integrity programming is to restrict the use of the programming language to render source code tractable to verification with appropriate tools. C needs tighter restriction in this respect than Ada (in fact it needs draconian restriction) but if you are prepared to exercise the necessary discipline and use the right tools, you can use C up to SIL4 quite safely. In this book Les Hatton, describes the rationale for the kinds of restriction that must be imposed on the use of C for high-integrity work. As another reviewer has also noted, the underlying principles apply to *any* programming language.
   
   C is now widely used in high-integrity applications. For many such applications in embedded environments, no suitable Ada implementations may be available and C is, albeit sometimes "faute de mieux", the language of choice. If you are doing serious high-integrity work in C, you should read, mark learn and inwardly digest this book. It is an eye-opener for those who (think they) know C. I would also advise you to buy copies of the C language standard and the MISRA C subset standard. Serious professionals in high-integrity C work with these books on their desks and refer to them constantly - and people who think they can get by without them should at least be reassigned to non-critical work and preferably taken out and terminated with extreme prejudice!

3. A must have book

   Rated 5 out of 5 stars, December 12th, 2003

   If you are a practicing Hard Real Time, Safety Critical engineer - this book is a must. It is obvious that the author has real-world experience of the subject as well as in-depth research experience.

   This is very refreshing when compared to many accademic papers on the subject, whos authors seem to be on another planet.

4. Mandatory for C & C++ programmers

   Rated 5 out of 5 stars, May 12th, 2001

   In the 20+ years I've been writing computer programs, this is the best book I've seen on how to write computer programs that work.

   Aimed at C programmers, but C++ and Ada programmers will learn a lot.

   The book, amongst other things, takes a tour thru C, explaining traps and pitfalls that even most experienced programmers are not aware of.

   The book discusses software test methodologies and the benefits of software metrics to help in code quality and maintenance.

   The author has clearly distilled the experiences from a twenty year computer career into a very good book.

5. Should be "Safer Programming" and required reading

   Rated 5 out of 5 stars, October 12th, 2000

   Sadly this book sells itself short with an inappropriate name.
   The lessons it teaches are applicable to all modern (and not so modern) computer languages. It offers a rational, as opposed to predjudicial, evaluation of C as a language suitable for use in developing Safety related systems. This evaluation pits the language against some other - supposedly intrinsically safe languages such as Ada - with surprising results. It also looks at the oft forgotten area of the tool support available to write safer systems, which can be as critical as the actual language itself.
   The title of this book has caused many an Ada developer to demean C when spotted on my desk - typically accusing the title of being oxymoronic. However a few choice references to the contents have sent them away suitably concerned about the quality of the language and tools they are using and the way in which they are using them.
   If you program in C this book should be invaluable reading. It's up there with "Writing Solid Code". If you program in Ada it is even more invaluable and may open your eyes.