stn vol3#1 p36/c can be safe too!
. while Ada is the technically superior
and more robust language compared to C,
-- where anything can be type-cast into anything,
type-casting was a problem with
hiring college students for Ada coding:
it was seen as an unmarketable experience base .
. reliability issues with C
have been due only to
the way in which it was used;
however,
another possible problem with C
comes at the time of inspection,
when some code reviewers may find Ada
to be more self-documenting .
. the auto industry had a safe-subset standard for c;
and the F-22 used static code analyzer (SCA) tools
to enforce restriction to a safe-subset of Ada 83 .
. with the same idea in mind,
the F-35 Joint Strike Fighter found a safe subset
of both C and C++ for the safety critical systems
developed by the team of Lockheed Martin Aeronautics,
Northrop Grumman Aerospace, BAE Systems
and the F-35 supplier team.
. the F-16 had safety-critical software
that was all assembly coded,
and some of their team helped the F-35 team with
deploying a safe subset of c
-- both c and asm are similarly low-level lang's .
. an SCA tool's analyzer is like an observer
in a pair programming operation:
a much faster way of getting up to speed
than learning a new language like Ada .
--. after reading that,
I wondered how many C cowboys from college
were still banging their head on restricted C ?
(either the 216 new rules in the form of compiler spit,
or a 140 more pages of manual ...).
air vehicle c++ coding standards (doc) (google's cache)
. less-critical portions of Air Vehicle (AV) code
will be developed in C++
(safety-critical portions are to be in C);
the air vehicle c++ coding standards
provide safe, reliable, testable, and maintainable
C++ programming .
. these rules are required for all
Air Vehicle C++ development
and recommended for any
non-Air Vehicle C++ development.
Vehicle Systems Safety Critical Coding Standards for C,
is based on:
MISRA Guidelines (Motor Industry Software Reliability Assoc)
For The Use Of The C Language In Vehicle Based Software,
but is providing a more comprehensive set
of language restrictions
applied more uniformly across
all Vehicle Systems safety critical applications.
. AV Coding Standards build on the
Vehicle Systems Safety Critical Coding Standards for C,
by including:
C++ language-specific guidelines and standards.
. unit testing with full structural coverage
is typically done only at the source level
for non-critical code .
. but since compilation to object code
will result in some structural changes
as high-level control structures
are translated to a maze of goto's,
safety-critical code is also
unit-tested at the object level .
. that precaution has even found
some compiler bugs!
. it may seem more efficient to do Ada's practice
of validating one compiler per platform,
rather than unit-testing every translation;
in fact,
Ada compiler validation
has been for language enforcement only:
any safety-critical code for
military, aviation, [or medical?]
is routinely unit-tested at the object level
regardless of what language (Ada, C, ...)
the compiler was translating .
. from seeing how things went on the F-35 project,
the F-22 maint crew, when switching to new cpu's,
decided to convert their code base from Ada 83 to C .
soon-to-be-Dr. Robb at lockheedmartin.com
--. watch the F-35 do its first vertical landing(video) .
No comments:
Post a Comment