Re: Certifiable code

From: David Jefferson <d_jefferson_at_yahoo_dot_com>
Date: Tue Aug 31 2004 - 15:49:56 CDT

I assume you have copies of the 1990 and 2002 FEC standards for
voting systems, right? If not I will send them to you. Most
states currenty accept the FEC standards with little or no
additional requirements.

I am providing preliminary answers here from memory, since I am
at work and my copies of the standards are at home. Your
milage may vary.

David J.

> We must soon squarely face the question "How does one write
> code and build
> systems that can pass certification?"
> There are certain aspects that I think are given by the nature
> of the
> audience or customers for this certification.
> These pre-ordained aspects are things like use of a process
> similar to
> that defined by ISO 9000x. (Not that I believe that these
> processes are
> necessarily good and I don't think we ought to argue about
> that, but
> rather it is my feeling that these are necessary in the eyes
> of the
> customer.)

Not required by the standards.

> And I don't think that the certification target should be
> merely to pass
> the lowest of the low. Rather I believe that it should be
> done in a way
> that reflects the kind of practices we would like to see in
> other
> social-infrastructure software.
> So my questions of the moment are these:
> 1. What programming language? (This is not a monolithic
> question;
> different parts of the system could be written in different
> languages.)

There are currently no programming langiage restrictions (except
as I recall on assembly language).

> A) Can one certify code written in Python? What
> restrictions on
> use of Python are required. (Python is a highly mutable
> language
> that gives the programmer a great deal of control of the
> underlying
> machinery, which can result in very obscure code and far
> flung side
> effects. I don't think that Python code that did such
> things could,
> or ought to, pass a certification test.)

There are a very few general rules, such as no self-modifying
code, and some general requirements about modularization, e.g.
that each module have a max length and each function have one
entry and one exit. See the standards.

> B) What other languages? (Java? C++...) And if so, what
> restrictions
> on use?

None. As I recall, though, there is some restriction on
assembly language.

> 2. What coding and comment standards should be applied?
> A) Should there be a full set of entry/exit assertions?

Assertions not required by the standard.

> B) Should there be standard per-module/per-procedure
> comment blocks.

There are some commenting standards.

> C) How much should variable/procedure/object names be
> semantically
> descriptive. (My own code, for example, often contains
> objects
> that have high descriptive names of 30 or more
> characters. That
> may be an extreme case, but is it something that we
> need to do for
> certification?)

There are no requirements regarding identifiers that I recall.

> C) How should debugging/testing scaffold code be handled
> (and
> retained.)
> etc.
> etc
> This can become a very long topic, including other questions
> about code
> versioning, testing, regression testing (including maintanence
> of test
> logs), etc.

You must see the standards. Beyond that, however, is the
interpretation of the standards by the ITAs that test
conformance with them. In large part their procedures are
secret, so at some point you will need to enter some kind of
dialog with them to find out more.

That is, if the whole ITA qualification system is not destroyed
before you are finished. :-)


= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Aug 31 23:17:22 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:23 CDT