- three separate development teams with their own QA
- different programming languages
- different toolsets (compilers etc)
- different microprocessors
- different geographical locations
I have no idea about the 7J7 but that idea seems terminally insane!
I thought the 7J7 Primary Flight Computer had three separate software lanes implementing identical requirements. One in C, one in Ada, and one in assembler.
That's pretty much what the guy I was talking to was getting at, and it's an interesting question.Heater wrote:There has been some research into the value of using multiple teams to create multiple independent versions of code. One result that it was possible for different teams to end up with exactly the same bugs in their code! Something to do with ambiguity in the spec. or misunderstanding it the same way. Sorry I don't have any links to that research.
So it is better to pay for multiple-teams or just invest more in getting a single version correct? Who knows.
Too true.jamesh wrote: ↑Wed Nov 20, 2013 5:15 pmHeater wrote:jamesh,Testing doesn't find everything (but you still need to do it), so by ensuring you are getting as much as possible 'tested' at compile time, you will improve the final time to market. Less bugs to fix later on when bugs take longer to fix anyway.Getting rid of problems early, as with type checking like this, save a lot of time testing, debugging, retesting later on.
I recently spent some time porting some Videocore code to run under linux. Even simply moving to a different compiler (gcc) showed up quite a few programming issues (the latest GCC really does dig out some interesting faults), and then running under valgrind shows up various memory leaks and threading issues! So even without writing any test code, and just using standard tools, I found a load of issues. And testing on top of that should show up a load more. Now, automating the valgrind run on each checkin means we keep that part of the codebase clean (relatively).
OK. The DoD paid for it. Didn't they even specify the color of the cover for the LRM, in terms of the light frequency it should reflect!
It's written in Ada.
You cannot pass any C or C++ portably through all C and C++ compilers without a ton of preprocessor directives. No C or C++ compilers are totally conformant and all have non-standard extras bolted on.jahboater wrote: ↑Sat Sep 02, 2017 7:49 amI remember when the DoD were designing Ada they had the choice of basing it on Pascal or on Algol68. Since Algol68 was already a powerful and complete language, sadly they chose Pascal.
C is successful compared with Ada because it is simple. It is easy and cheap to produce compilers on all sorts of platforms. Therefore C becomes universally available. (Which also helps bootstrap compilers written in C). Complex languages such as PL/1, Ada, or Algol68 have never succeeded in the long term, no matter how good they are. (Modern C++ being the exception, but its based on C).
Nobody said you can't create large projects in C, it's more that people shouldn't as the languages are extremely error prone.
Writing low-level code in Ada is far nicer, you can map data directly to the hardware right to the bit level. You don't have to do any masking/shifting like in C, the compiler will do that for you and is therefore less error prone. Once you have a secondary stack implemented and basic exception handling enabled, I updated Bare Bones to have these, Ada is really nice and easy for bare metal work.jahboater wrote: ↑Sat Sep 02, 2017 7:49 amuse all the time, OS's, compilers, office suite's, for example. Ada has been around long enough that if it was suitable for such things it could have been chosen. From distant memory of the way Ada works, I suspect its quite hard to write anything bare metal (an OS) in it.
You need an installed GNAT compiler. i.e. x86_64 Linux GNAT cross compiles to arm-linux, then use the cross compiler with a sysroot to build a native arm-linux compiler.
On the contrary, Ada has been and no doubt still is used on many embedded systems. Bare metal, no OS. The Primary Flight Control computers of the Boeing 777 is a famous example that I was lucky enough to work on back in the day.From distant memory of the way Ada works, I suspect its quite hard to write anything bare metal (an OS) in it.
By the way, C has direct support for bit fields. You don't have to do the shifting/masking unless you want to.
Users browsing this forum: No registered users and 3 guests