From: Simon Pilgrim <simon.pilgrim@gecm.com>
Subject: Re: Help Me Please :)
Date: 2000/04/06
Date: 2000-04-06T00:00:00+00:00 [thread overview]
Message-ID: <38ECEB56.8FD7596E@gecm.com> (raw)
In-Reply-To: 8brgcd$5kp$1@nnrp1.deja.com
Robert Dewar wrote:
>
> In article <8bqcu2$s0p$1@nnrp1.deja.com>,
> reason67@my-deja.com wrote:
> > "Ladies and Gentlemen, Thank you for flying on the Boeing 777
> Flight
> > 633. Unfortunately, due to a minor bug in the flight control
> software
> > raising a predefined exception and Ada RM section 11.6, the
> flight
> > control software has crashed. We are now heading towards the
> ground at
> > 700 miles per hour. Estimated time of arrival 10 seconds. Have
> a nice
> > day."
As one of the many engineers who have worked on the Boeing 777 Primary
Flight Computer, I'd like to respond to that.
> Well there was no smiley there, so let's assume the (rather
> hard to believe) point is being made seriously.
>
> In that case it is way way off base. Any safety critical
> software is validated and verified at the object level. You
> never depend on the correctness of the compiler, or the
> correctness of understanding of the high level language
> semantics.
Correct. The PFC code was module tested at object level.
> Furthermore, in most safety critical software, one would never
> have such a handler? Why not because it might typically be the
> case that the handler code is deactivated, and deactivated code
> is not permitted in many SC protocols.
Right again.
> Finally, 11.6 is about optimization, it is almost always the
> case that you want *no* optimization for SC code. Why? Because
> you want the best possible correspondence between source code
> and object code.
Not true for the PFC. We have a lot of code to squeeze into that frame.
> So in short, the scenario above is triply unlikely!
More than that. We have a triple redundant system, with three PFCs per
airplane. Within each PFC are three lanes each with a different type of
processor. The same source code is compiled to the three different
targets with three different compilers.
--
Regards,
Simon Pilgrim
Senior Systems Engineer
Avionic Systems Division
BAE SYSTEMS, Rochester, UK
Views expressed above are not necessarily shared by my employer.
next prev parent reply other threads:[~2000-04-06 0:00 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-02-29 0:00 Help Me Please :) Will Mann
2000-03-01 0:00 ` Robert Dewar
2000-03-03 0:00 ` Florian Weimer
2000-03-03 0:00 ` tmoran
2000-03-04 0:00 ` Richard D Riehle
2000-03-05 0:00 ` Steve Arnold
2000-03-17 0:00 ` Robert A Duff
2000-03-18 0:00 ` Richard D Riehle
2000-03-18 0:00 ` James S. Rogers
2000-03-19 0:00 ` Robert A Duff
2000-03-20 0:00 ` Brian Rogoff
2000-03-20 0:00 ` Tucker Taft
2000-03-20 0:00 ` Florian Weimer
2000-03-22 0:00 ` Mats Weber
2000-03-27 0:00 ` Robert A Duff
2000-03-27 0:00 ` Hyman Rosen
2000-03-28 0:00 ` reason67
2000-03-28 0:00 ` Robert Dewar
2000-03-29 0:00 ` reason67
2000-03-29 0:00 ` Simon Wright
2000-04-06 0:00 ` Simon Pilgrim [this message]
2000-04-07 0:00 ` Robert Dewar
2000-04-10 0:00 ` r_c_chapman
2000-03-28 0:00 ` Robert Dewar
2000-03-30 0:00 ` Mats Weber
2000-04-06 0:00 ` Exceptions (was: " Wes Groleau
2000-04-07 0:00 ` Mats Weber
2000-03-29 0:00 ` Richard D Riehle
2000-03-29 0:00 ` Robert Dewar
2000-03-31 0:00 ` Richard D Riehle
2000-03-31 0:00 ` Jean-Pierre Rosen
2000-03-31 0:00 ` Pascal Obry
2000-03-30 0:00 ` Mats Weber
2000-03-31 0:00 ` Richard D Riehle
2000-04-06 0:00 ` Wes Groleau
2000-03-30 0:00 ` Mats Weber
2000-03-30 0:00 ` Tucker Taft
[not found] ` <2000Mar3.183321.69279@ludens>
2000-03-03 0:00 ` Larry Kilgallen
2000-03-04 0:00 ` Robert Dewar
[not found] <df481109.0106140310.5d923746@posting.google.com>
[not found] ` <9gb1uu$87u7o$1@ID-52877.news.dfncis.de>
2001-06-19 2:59 ` help me please! Ken Garlington
2001-06-16 10:20 ` C.D.Damron
2001-06-20 6:06 ` John Keeney
-- strict thread matches above, loose matches on Subject: below --
2000-02-29 0:00 Help Me Please :) Will Mann
2000-02-29 0:00 ` Stanley R. Allen
2000-02-29 0:00 ` Al Johnston
2000-03-01 0:00 ` Robert Dewar
2000-03-01 0:00 ` tmoran
2000-03-01 0:00 ` Al Johnston
2000-03-02 0:00 ` Aidan Skinner
2000-03-01 0:00 ` Robert Dewar
2000-03-01 0:00 ` Al Johnston
2000-03-01 0:00 ` Stanley R. Allen
2000-03-01 0:00 ` James Bean
2000-03-01 0:00 ` tmoran
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox