From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_05,INVALID_MSGID, LOTS_OF_MONEY,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,fb1663c3ca80b502 X-Google-Attributes: gid103376,public From: John Magness Subject: Re: Writing better software was: Design by Contract (was Re: Interesting thread in comp.lang.eiffel) Date: 2000/07/30 Message-ID: <3984DC2D.C707824@swbell.net>#1/1 X-Deja-AN: 652608725 Content-Transfer-Encoding: 7bit References: <8ipvnj$inc$1@wanadoo.fr> <39654639.B3760EF2@eiffel.com> <3984AD1D.830B538@below.for.email.address> X-Accept-Language: en Content-Type: text/plain; charset=us-ascii X-Complaints-To: abuseswbell.net X-Trace: nnrp3.sbc.net 965008166 216.62.142.172 (Sun, 30 Jul 2000 20:49:26 CDT) Organization: N.O.Y.B. MIME-Version: 1.0 Reply-To: jmagness@swbell.net NNTP-Posting-Date: Sun, 30 Jul 2000 20:49:26 CDT Newsgroups: comp.lang.ada Date: 2000-07-30T00:00:00+00:00 List-Id: I read the document at the link. There are many things it does not mention. In 1992 I took an Ada language course from an adjunct professor who was an IBM employee. He was a member of the shuttle flight software development team. He told the class that NASA had asked IBM to determine the cost of the delivered code. The result of the study was $5000.00 per line of delivered code. That's late '80's dollars I think. I can not speak to the current practice, but prior to 1990, the flight software was tested in a systems integration laboratory, then was transferred to the Shuttle Mission Simulation for further testing & crew training. The SMS consisted of two crew trainers, each of which had a full set of flight computers. The flight software would have patches added due to the training requirements i.e. Being able to start training at any point in a mission time line, etc. By the completion of mission training, the flight software had been executed thousands of times, with nominal & off nominal conditions. The simulation had several thousand malfunctions that the instructors could insert into a training session. Traditionally, the crew would be trained repeatedly for all crucial phases of a mission: Takeoff, deorbit & landing, emergency landings, on orbit maneuvers, payload deployment, etc. At the end of the training cycle, the crew would fly a complete mission timeline, takeoff to landing. Generally, the crew were permitted to return to their homes during the scheduled sleep cycle. During the '80's several flight software errors were found, but I can not give an actual count. Mind, that at times the simulators run integrated with MCC, Cape Canaveral, White Sands, & Redstone. Simultaneously. The delivered cost for the flight simulators was over $100 M. In late 1970's dollars. The flight software development cycle then & now has what could be considered extensive acceptance testing prior to actual use. By the way, I believe that during one of the Gemini missions the flight software was patched on orbit. Simon Brady wrote: > Kent Paul Dolan wrote: > > > > The case study in the above book of necessity only follows the project > > studied up to the book's publication date. Later breaking news is the > > delivery of a suite of software for space shuttle control with one bug > > detected ever in the delivered product. Not "one bug per KLOC", > > _one_bug_. > > A good article on the Shuttle development process and culture is: > > http://www.fastcompany.com/online/06/writestuff.html > > Simon Brady sjbrady > Research Assistant, Computer Science Dept. at > University of Otago, Dunedin, New Zealand acm dot org