Spirit rover OS problems

There are some of us who like to think that we use C and/or RTOSes when they're the right tool for the job, and don't when it's not. When all you've got is a hammer, everything looks like a nail, when you swear off hammers pounding in a nail can hurt your fist.

Cheers,

-- Alf Katz snipped-for-privacy@remove.the.obvious.ieee.org

--
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.576 / Virus Database: 365 - Release Date: 30/01/2004

we already know that bug. If you have a valid maintenance contract, we will ship a new eprom ...

Given the required level of experience or understanding of the hardware and the RTOS, adapting a driver from another OS is usually pretty straightforward.

Sure: use Linux as RTOS.

Best regards,

Wolfgang Denk

--
See us @ Embedded World, Nuremberg, Feb 17 - 19,  Hall 12.0 Booth 440
Phone: (+49)-8142-4596-87  Fax: (+49)-8142-4596-88   Web: www.denx.de
Life is a game. Money is how we keep score.              - Ted Turner

Good answer. It seems to me that some langauges are regarded as magicaly immune to any screwups the programmer made, and therefore must be used in any reliability-critical project.

I was told you could liken C to carrying around a loaded .45 in your holster with the safety off. You risk shoting yourself in the foot if you aren't carefull, but when you need absolute power, little will beat it. Safety critical langauges would be a spud gun with tripple redundant interlocks on the safety catch. Less risk of accidents, but a dissapointing "phut" when fired.

Mike

Just as an aside. I wonder what's that object on the horizon.

Probably a spec of dust on the lens.

--
Reply to

dmmilne at ozemail dot com dot au

=================================== So what about the much touted Software Engineering Institute Capability Maturity Model? NASA Huntsvilel is the only level 5 certified shop in the world or something.... so what level is JPL? 1? (chaos) Don't they have code reviews? I double dog dare em to post the code to this newsgroup and let us look at it. Bet someone would find something fishy.

No one said the Rover code was at level 5. Presumably the Shuttle code is.

--Gene

Nope, that's your strawman. Feel free to burn him down.

All tools are not equivalent. There's the much over-used analogy of a kindergartner's blunt plastic scissors versus a surgeon's scalpel. The plastic scissors are more reliable (less likely to fail in a matter that causes harm) but sometimes a scalpel is the right tool.

--
Rich Webb   Norfolk, VA

world

As of January 2002 there were 66 Level 5 organizations in the world, 43 of them were in India. Much of the world's really high quality (but mostly useless) code comes from these shops. Probably wouldn't get you to Mars, but there's be agood documentation trail pointing to a signatory to take the blame (not one of the directors in whose pockets the money ended up).

-- Alf Katz

snipped-for-privacy@remove.the.obvious.ieee.org

--
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.576 / Virus Database: 365 - Release Date: 30/01/2004

world

reviews?

it.

There are plenty of CMM level five organisations around - 20 in the US, and

50 in India, for example. Here's a list: The CMM level is not a direct measure of how good your code is - it is a measure of the kind of processes that you have in place.

Tanya

Because trapeze artists are good is not an excuse to remove the net. There is nothing wrong with adding an extra layer of checking by way of use of secure programming language.

Again, here is the standard idea that C is somehow capable of more than other languages. There is no net difference in what each language can accomplish. Even TCL can push applications. It all comes down to ease of use and fitness of purpose.

... snip ...

... snip complaints about limitations ...

Now try reversing your attitude. A good craftsman understands the language he is using and can persuade it to do anything within its capabilities. There are very few limitations to the capabilities of languages such as Pascal and Ada, when properly approached. Meanwhile that good craftsman is reminded of problems whenever he steps outside of bounds. Much like having traffic cops complain when you use the emergency lane as a travel lane. That might even be legitimate, if you are an ambulance.

Ada, for example, has specific provisions for C functional interface, thus allowing broad coverage of awkward areas at the cost of strictly localized reduction of checking.

I find compilers and computers to be much better at checking for my mistakes than I am.

--
Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
     USE worldnet address!

memory/OS

$100

the

Well, being a newbee - I searched the archives on Comp.Arch.Embedded and found nothing. Google gave lots of hits. For example:

I'm using a Keil C compiler - so I was just wondering if its an issue with that OS?

Thanks

Klaus

There is starting to be a push in the C standards committees to look at the real and perceived reliability issues in the C language. The general consensus is that high reliability in C can be achieved without sacrificing its precieved advantages.

w..

• This problem was due to an internal OS design decision by Wind River.

• The workaround was not a documented feature.

• The workaround could only be known about - let alone applied - if you had studied the [closed] OS source.

In summary: Mere mortals cannot create reliable software with closed-source operating systems.

We are in danger of erepeating a very old argument here. Languages are tools and for a given job one tool may be better than another. In the end, the quality of the result depends principally on the craftsman using the tool not the tool itself.

Ian

Surely that fact the ADA needs such an interface is indicative that it's safety features make it less useable in other areas?

Mike

Far from it. Rather the general consensus is that C is an excellent language for many purposes, which purposes do not include the highest reliability software for various reasons.

One reason is the total lack of control of pointer viability that is built into the heart of the language. Another is the intrinsic impossibility of proper range checking at execution time. This is connected to both the pointer problem and to the lack of user defined subrange types. As grandaddy said, you cain't hit what you cain't see.

Meanwhile the C language is an excellent choice for those skilful programmers who want or require virtually unfettered access to the machinery. In areas where C reliability could be improved much progress has been made, largely by the use of prototypes and general acceptance of a single standard.

In a few respects C++ has increased reliability, but it has simultaneously opened up many other areas of complexity and machine isolation, without fixing the fundamental problems of C. Unfortunately its apparent C similarity leads many to believe it to be a superset of C, which is not so.

--
Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net)
   Available for consulting/temporary embedded and systems.
     USE worldnet address!

As one who has stated that programming languages do not have much bearing on dependability I can appreciate Rich Webb's comment. However, the only way that a craftsman programmer is guaranteed to write absolutely bullet proof code is if he (or a craftsman team) has built not only the application but resolved the bug issue in the compilers themselves. This latter aspect may nee to be by very thorough inspection of the code produced by the compilers or by the craftsment building the compilers in the first place.

No one said that we were all perfect. We know how imperfect we are which is why we use decent systemsdevelopment processes and implement very rigourous reviews of the design and code.

--
********************************************************************
Paul E. Bennett ....................
Forth based HIDECS Consultancy .....
Mob: +44 (0)7811-639972 .........NOW AVAILABLE:- HIDECS COURSE......
Tel: +44 (0)1235-811095 .... see http://www.feabhas.com for details.
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************