Safer C: Developing Software for High-Integrity and Safety-Critical Systems (McGraw-Hill International Series in Software Engineering) [Paperback]

Up front I have to declare an interest in this book since I reviewed some of the chapters for the author at the galley proof stage.

As another reviewer has said, some (mostly Ada) programmers regard the title as an oxymoron - but it is not. For there is not, never has been and never will be a programming language in which it is at all difficult to write incorrect programs. If you use C carefully and with the right checking tools (QAC and Polyspace) you can, with diligence, achieve a degree of verifiability comparable to what is possible using SPARK Ada with the SPARK Examiner. (And I speak as one who has been a consultant to a project using both SPARK Ada and C on a major air traffic control application).

The essence of high-integrity programming is to restrict the use of the programming language to render source code tractable to verification with appropriate tools. C needs tighter restriction in this respect than Ada (in fact it needs draconian restriction) but if you are prepared to exercise the necessary discipline and use the right tools, you can use C up to SIL4 quite safely. In this book Les Hatton, describes the rationale for the kinds of restriction that must be imposed on the use of C for high-integrity work. As another reviewer has also noted, the underlying principles apply to *any* programming language.

C is now widely used in high-integrity applications. For many such applications in embedded environments, no suitable Ada implementations may be available and C is, albeit sometimes "faute de mieux", the language of choice. If you are doing serious high-integrity work in C, you should read, mark learn and inwardly digest this book. It is an eye-opener for those who (think they) know C. I would also advise you to buy copies of the C language standard and the MISRA C subset standard. Serious professionals in high-integrity C work with these books on their desks and refer to them constantly - and people who think they can get by without them should at least be reassigned to non-critical work and preferably taken out and terminated with extreme prejudice!

Well detailed book which provides food for thought. It could benefit with being updated, as this edition was published in 1995. This applies most to the comparison of C with C++ and Ada 95, which were not standardised then. I would also like to see discussion of common safe subsets, such as MISRA C and SPARK Ada (See the author's own website).

In the 20+ years I've been writing computer programs, this is the best book I've seen on how to write computer programs that work.

Aimed at C programmers, but C++ and Ada programmers will learn a lot.

The book, amongst other things, takes a tour thru C, explaining traps and pitfalls that even most experienced programmers are not aware of.

The book discusses software test methodologies and the benefits of software metrics to help in code quality and maintenance.

The author has clearly distilled the experiences from a twenty year computer career into a very good book.