Spirit rover OS problems - Page 2

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
Re: Spirit rover OS problems
Quoted text here. Click to load it
... snip ...
Quoted text here. Click to load it
... snip complaints about limitations ...

Now try reversing your attitude.  A good craftsman understands the
language he is using and can persuade it to do anything within its
capabilities.  There are very few limitations to the capabilities
of languages such as Pascal and Ada, when properly approached.
Meanwhile that good craftsman is reminded of problems whenever he
steps outside of bounds.  Much like having traffic cops complain
when you use the emergency lane as a travel lane.  That might even
be legitimate, if you are an ambulance.

Ada, for example, has specific provisions for C functional
interface, thus allowing broad coverage of awkward areas at the
cost of strictly localized reduction of checking.

I find compilers and computers to be much better at checking for
my mistakes than I am.

--
Chuck F ( snipped-for-privacy@yahoo.com) ( snipped-for-privacy@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems

Quoted text here. Click to load it
Surely that fact the ADA needs such an interface is indicative that
it's safety features make it less useable in other areas?

Mike

Re: Spirit rover OS problems
Quoted text here. Click to load it

Of course.  This allows you to study those areas closely for gnits
and gnats, without discarding the assistance given in the majority
of the code.  You accept such limitations everywhere.  For
example, I fail to see a standard C method of accessing i/o
ports.  This is normally relegated to the ubiquitous "i/o
library".  The connection of the i/o port to the peripheral device
is normally left to the hardware engineers.

--
Chuck F ( snipped-for-privacy@yahoo.com) ( snipped-for-privacy@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems

Quoted text here. Click to load it

It's not the language that's reliable or not, it's the programmers.
A craftsman can write bulletproof code in any language and a hack can
screw up in any language.

--
Rich Webb   Norfolk, VA

Re: Spirit rover OS problems
Quoted text here. Click to load it

If you really believe that all languages are equivalent for reliability,
then you either need to go back to school or you need a lot more
experience.  

The only thing I know that is common to *all* programmers is that they
are *never* perfect and can use all the help they can get when designing
a large system.  

--

Rick "rickman" Collins

snipped-for-privacy@XYarius.com
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems

Quoted text here. Click to load it

Another thing :
Try to make perfect code when the specifications are moving target ...
I never had specifications that were cast in stone.

Rene

Re: Spirit rover OS problems
On Sat, 07 Feb 2004 17:20:01 -0500, Rick Collins

Quoted text here. Click to load it

Nope, that's your strawman. Feel free to burn him down.

All tools are not equivalent. There's the much over-used analogy of a
kindergartner's blunt plastic scissors versus a surgeon's scalpel. The
plastic scissors are more reliable (less likely to fail in a matter that
causes harm) but sometimes a scalpel is the right tool.

--
Rich Webb   Norfolk, VA

Re: Spirit rover OS problems
           snipped-for-privacy@yahoo.com "Rick Collins" writes:

Quoted text here. Click to load it

As one who has stated that programming languages do not have much bearing
on dependability I can appreciate Rich Webb's comment. However, the only
way that a craftsman programmer is guaranteed to write absolutely bullet
proof code is if he (or a craftsman team) has built not only the
application but resolved the bug issue in the compilers themselves. This
latter aspect may nee to be by very thorough inspection of the code
produced by the compilers or by the craftsment building the compilers in
the first place.
 
Quoted text here. Click to load it

No one said that we were all perfect. We know how imperfect we are which
is why we use decent systemsdevelopment processes and implement very
rigourous reviews of the design and code.

--
********************************************************************
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems
Quoted text here. Click to load it
===================================
So what about the much touted Software Engineering Institute Capability
Maturity Model? NASA Huntsvilel is the only level 5 certified shop in the world
or something.... so what level is JPL? 1? (chaos) Don't they have code reviews?
I double dog dare em to post the code to this newsgroup and let us look at it.
Bet someone would find something fishy.

Re: Spirit rover OS problems
snipped-for-privacy@aol.com says...
Quoted text here. Click to load it

No one said the Rover code was at level 5.
Presumably the Shuttle code is.

--Gene

Re: Spirit rover OS problems

Quoted text here. Click to load it
world

As of January 2002 there were 66 Level 5 organizations in the world, 43 of
them were in India.  Much of the world's really high quality (but mostly
useless) code comes from these shops.  Probably wouldn't get you to Mars,
but there's be agood documentation trail pointing to a signatory to take the
blame (not one of the directors in whose pockets the money ended up).


--
Alf Katz

snipped-for-privacy@remove.the.obvious.ieee.org


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com ).
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems
Quoted text here. Click to load it
world
reviews?
Quoted text here. Click to load it
it.

There are plenty of CMM level five organisations around - 20 in the US, and
50 in India, for example. Here's a list:
http://www.sei.cmu.edu/activities/cmm/high-maturity/HighMatOrgs.pdf
The CMM level is not a direct measure of how good your code is - it is a
measure of the kind of processes that you have in place.

Tanya



Re: Spirit rover OS problems ( a reliable language )
Quoted text here. Click to load it

There is starting to be a push in the C standards committees to look at
the real and perceived reliability issues in the C language. The general
consensus is that high reliability in C can be achieved without
sacrificing its precieved advantages.

w..



Re: Spirit rover OS problems ( a reliable language )

Quoted text here. Click to load it

We are in danger of erepeating a very old argument here.  Languages are
tools and for a given job one tool may be better than another.  In the end,
the quality of the result depends principally on the craftsman using the
tool not the tool itself.

Ian


Re: Spirit rover OS problems ( a reliable language )
Quoted text here. Click to load it

Far from it.  Rather the general consensus is that C is an
excellent language for many purposes, which purposes do not
include the highest reliability software for various reasons.  

One reason is the total lack of control of pointer viability that
is built into the heart of the language.  Another is the intrinsic
impossibility of proper range checking at execution time.  This is
connected to both the pointer problem and to the lack of user
defined subrange types.  As grandaddy said, you cain't hit what
you cain't see.

Meanwhile the C language is an excellent choice for those skilful
programmers who want or require virtually unfettered access to the
machinery.  In areas where C reliability could be improved much
progress has been made, largely by the use of prototypes and
general acceptance of a single standard.  

In a few respects C++ has increased reliability, but it has
simultaneously opened up many other areas of complexity and
machine isolation, without fixing the fundamental problems of C.
Unfortunately its apparent C similarity leads many to believe it
to be a superset of C, which is not so.

--
Chuck F ( snipped-for-privacy@yahoo.com) ( snipped-for-privacy@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems ( a reliable language )
Quoted text here. Click to load it

C++ is a superset of C, this is fact not belief. C++ is not isloated from
the machine, it provides a clearer mechanism to talk to the machine. Java or
C# would be examples of languages that are isloated from the machine except
in the case of C#, it also has the ability to use "unsafe" code meaning the
use of pointers which makes it a potentially superior language to Java in
this regard when performance is regarded more highly than reliability.

What happened to the discussion of the Rover's OS priority inversion
problem? Looks like the same thing happened in 1997.
http://www.embedded.com/story/OEG20020321S0023

Personally I don't like having my tax dollars wasted on sending devices to
snap pictures of rocks on Mars when people are dying of Cancer and other
diseases here. Even if fruit-bearing aliens are discovered there, unless
they know something about fixing our problems on this planet. like
priority-inversion or Cancer then what good are they?

Dilton



Re: Spirit rover OS problems ( a reliable language )

Quoted text here. Click to load it

I believe he was referring to the belief (stated by Stroustrup himself),
that C++'s better methods would replace the primitive methods in C. For example,
Stroustrup is very anti-macro use, and proposed const to replace the need
to use it to replace the most basic need for defines.

The problem is, in the real world, C++'s better methods have not replaced
the old methods, most programmers I run into just see C++ as a bigger
toybox, and thus C++ is not (effectively, defacto, whatever) both a
complex AND insecure language.

BTW, I am a big fan of Stroustrup. His take on language security is
very similar to my own. He wanted to improve C, instead of simply build a
new language from scratch, because he wanted his project to be relivant
to the real world, and hoped to improve C programming in general.

He didn't succeed in getting rid of C's bad practices. I don't think anyone
ever could. Wirth said it best on this subject: If you include features in
a language, they are going to get used, for good or bad.

Quoted text here. Click to load it

I agree in general, my father died of cancer, and I have a friend who is
dying of it. However, Nasas budget is a drop in the government bucket,
and there will always be a reason not to advance space exploration,
do basic science like cosmology, and the other esoteric things we have
to do to become a higher level form of life and not just rats scurrying
along on a single planet.

Our two biggest expenses in the USA right now are social engineering,
and this odd, sad, and perhaps inevitable need to become the keeper of
order for the entire planet. I would not personally mind scaling back
either, but that is just me.



Re: Spirit rover OS problems ( a reliable language )
Quoted text here. Click to load it
... snip ...
Quoted text here. Click to load it

C++ cannot compile valid C programs, therefore it is, ipso facto,
not a superset.  A trivial proof:

---------- cut here -----------
#include <stdio.h>
#include <stdlib.h>
#define Puts (void)puts

static int new(void) {return 100;}

int main(void)
{
   int         *namespace;
   unsigned int cin = 2;
   const char   notc[] = "Not a C compiler";
   const char  *maybe  = "May be a C compiler";

   if (sizeof('a') != sizeof(int)) Puts(notc);
   else                            Puts(maybe);

   if (!!(namespace = malloc(5 * sizeof *namespace))) {
      namespace[0] = new();
      free(namespace);
      namespace = NULL;
   }
   if (0 != (2 >> cin)) Puts(notc);
   return 0;
}
---------- cut here --------

which should compile error and warning free on any C compiler.  I
doubt that it will on any C++ compiler whatsoever.

I took some pains to ensure the above triggered no warnings with
splint.

--
Chuck F ( snipped-for-privacy@yahoo.com) ( snipped-for-privacy@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
We've slightly trimmed the long signature. Click to see the full one.
Re: Spirit rover OS problems ( a reliable language )

Quoted text here. Click to load it

In stroustrup, he explains about a dozen "worst" practices of C that
did not get carried on to C++. Some of them were deliberate omissions
to get rid of bad C features, some were C features that were simply
unsupportable. None of them were particularly essential.



Re: Spirit rover OS problems ( a reliable language )
Quoted text here. Click to load it

Technicality only. :)



Site Timeline