Safer C™: Developing in high-integrity and safety-critical systems


  • Date: 2019 in planning
  • Duration: 09:00 - 17:00
  • Location: Stuttgart, Hotel Steigenberger Graf Zeppelin
  • Language: EN
  • Speaker: Prof. Dr. Les Hatton
  • Early Bird:
  • Price:

For engineers or engineering management in any high-integrity, business-critical or safety-critical area employing C. Number of delegates trained >6000 in 13 countries


Course Overview

In an IEEE Transactions paper published in April 2014, an analysis of 100 million lines of open source downloaded at random revealed that 85% was written in C, 7% in Java, 3% in C++, 2% in Ada and the remaining languages measured, just 3% between them.  Given that C strongly influenced both Java and C++, particularly in their failure modes, it is of real importance in practical engineering to understand how C works and more importantly how it fails, particularly with the enormous cost of failure, for example, in recent automotive recalls.


In view of the prominence of C in consumer electronic system development of all types today, this course presents a practical development philosophy based around the notion of safer subsets of C. Copious data is presented showing how real C systems fail, followed by detailed strategies to avoid these failures both at the language and the process level.


You should attend this course if:

  • You would like to improve your knowledge of how C works and fails in real systems
  • You would like a more rounded background in failure avoidance and its beneficial effects on productivity
  • You develop consumer electronic systems

Course Prerequisites

Some C programming experience is highly desirable, although a number of people have taken the course with very little such experience.


Course Synopsis

This 2-day course is about a safer and more reliable way of using the language C. It is based on extensive measurements of how C systems fail and the lessons we can learn from these failures. It is particularly relevant to the production of modern embedded systems for consumer electronics and provides a comprehensive introduction to the development of modern high-integrity, business-critical and safety-critical developments. It is suitable for both inexperienced and experienced C programmers and forms a sound, rigorous basis for such development.


The course is copiously illustrated with data from real systems containing many surprises and important clues how to make software more reliable. Workshops, self-assessments and intriguing problems are included.


A considerable amount of background reading can be freely downloaded from:



Day 1 and first half of Day 2

  • Introduction to how systems fail with many important examples and a summary of lessons to learn.
  • Standardisation and evolution of the C language and relationship to C++, Java, Javascript, perl, php and others.
  • Cataloguing poorly-defined behaviour. Various sources of information about C failure are referenced and used to provide a comprehensive understanding of how C and C-like systems fail in practice to assist in future avoidance of failure.
  • Safer subsets including the MISRA standard are discussed in some detail.
  • Key areas of difficulty (with many examples and strategically placed workshops)

    • The pre-processor
    • Conversion
    • Interfaces
    • Pointers
    • Expressions and types
    • Memory
    • The library

  • Many workshops incorporating code from real systems to illustrate the problems and their avoidance.


Second half of Day 2

  • The wider picture: Systems engineering concepts 
  • In building reliable systems, the programming language is only part of the puzzle. In this section, attention is focussed on development techniques and systems engineering concepts such as control process feedback and its role in improving reliability. In particular, a section on inspections, one of the most successful methods for detecting defect ever discovered, occupies a substantial part of the afternoon. The following topics are covered:

    • Code inspections
      This section describes the basics of inspections and includes an inspection workshop to teach fundamental principles.
    • Static complexity measures and testability
      Analysis of the Toyota 2009- recall due to unintended acceleration, features measures of testability amongst other things.  This section explains these and enhances them based on the author's own research in the last 20 years.
    • Macroscopic system properties
      Large systems have properties independent of what they do or the technology used to build them.  This includes the distribution of defect.  This short section shows how this information can be exploited.
Prof. Dr. Les Hatton
Prof. Dr. Les Hatton
Professor Les Hatton is well-known internationally for his many contributions to Safer Software Engineering.


"Very information-dense and entertaining at the same time. Particularly useful: code inspection workshop and related discussion. Lots of insights into the world of SW-Standards, SW-Commitees and Compiler-Writers."
D.  García, GEZE GmbH


"Great seminar, it should be broadcasted to a larger set of engineers and I am sure that the products around us would be much safer and more reliable."
V. Pitigoi, TTTech Computertechnik AG


"Very experienced trainer, he absolutely knows what he speaks about. Also very friendly and open for questions :-)."
W. Gauch, BorgWarner Ludwigsburg GmbH


+49 (0)711 138183-0


Terms and Conditions