From: Richard Riehle <richard@adaworks.com>
Subject: Re: Boeing and Dreamliner
Date: Fri, 27 Jun 2003 10:15:59 -0700
Date: 2003-06-27T17:13:00+00:00 [thread overview]
Message-ID: <3EFC7BCF.6B038EED@adaworks.com> (raw)
In-Reply-To: 3EF88A7E.5060304@attbi.com
"Robert I. Eachus" wrote:
> But to me the crowning idiocy of the whole thing is in one sentence of
> the report: "The main explanation for the absence of this test has
> already been mentioned above, i.e. the SRI specification (which is
> supposed to be a requirements document for the SRI) does not contain the
> Ariane 5 trajectory data as a functional requirement."
Since this discussion began as a dialogue about the Boeing 7E7, and someone
raised the question of whether C++ would be appropriate for software on
that aircraft, the lesson of Ariane 5 is important for the engineers.
First, let's make clear that JSF is not being programmed in C++ but in
a very limited subset of C. Some of the JSF systems will be programmed
in Ada, but not as many as one might expect if the JSF engineers were
using better judgement.
Second, we have the issue of reuse, as noted by Hyman Rosen in his mistaken
appraisal of the Ariane 5 failure. I and others have commented on this
earlier.
If Boeing does decide to use Ada, and we would hope they would, the lessons
of Ariane 5 are valuable. Those lessons indicate that, even when using
superior
technology, one can make other engineering decisions using incomplete data.
C++ would be a dangerous choice, not only because the language itself can lead
to so many undecidables and unpredictable fragments of code, but also because
the language, itself, implies a heavy reliance on resuable components.
Frankly,
I have greater confidence in the savvy of Boeing engineering management and
would expect them to have learned the lessons of Ada from the B-777, along
with
the lessons being learned in the on-going upgrades (in Ada) of software for
the
B-757, B-747, and B-767.
As far as I know, there is no DO-178B compliance inherent in C++. One can
comply with DO-178B using a carefully selected subset of C. Even in Ada,
one must take care to apply the appropriate pragmas from Annex H, apply
the constraints of Ravenscar or SPARK, and avoid certain low-level features
of the language a less experienced engineering might be tempted to engage.
C++ might be appropriate for certain systems such as cabin entertainment,
but it would be a serious error in engineering management to choose it for
any of the safety-critical software. The more I see of C++, the more
experience
I gain with it, the more I realize why Ada is designed to a more rigorous
set of rules. Those rules may be annoying to some programmers, but those
rules make sense to an engineer.
A fly-by-wire aircraft is an engineering problem, not a programming problem,
even when software (and programming) are part of the solution space. When one
looks at this kind of system as a total engineering effort, one must also
consider
the software as part of the engineering, not separate from it. With C++, it
is too
easy to disengage the software effort from the rest of the engineering effort.
The argument that one cannot find trained and experienced Ada programmers is
one of the most bogus arguments proposed by military and civilian contractors.
We are looking first for engineers. In my experience, good engineers, when
exposed to Ada, do learn to create excellent software designs, and they learn
to do so independent of the the search for the perfect algorithm. Often, it
is
better to start with engineers and teach them Ada than to start with
programmers
who have already developed bad habits. I see lots of C++ programmers who
have to be re-educated to think as engineers when given problems in embedded
systems environments.
I have trained engineers to program in Ada and they take to it well and
understand
the underlying rationale for its design. I have trained C++ programmers and
many
of the spend their time arguing about how they can do such-and-such in C++ and
why can't they do it that way in Ada. We can train experienced programmers
in
Ada, but we need to first train them to think like engineers. It seems that,
many
engineers grasp the reasons for Ada's design quickly. Those same engineers
are not focused on resume-building, but on problem-solving. They realize
that Ada is an excellent tool for solving engineering problems.
For the past three years, I have been teaching Ada at the Naval Postgraduate
School.,
My students take Ada As A Second Language. At the end of each Quarter, I
require
them to write a paper comparing Ada with their first (or other ) language.
They
often express their preference for Java (rarely for C++), but most of the
understand
the difference between using Ada for dependability and Java for ease of
creating
screens and little GUI programs.
I believe that the Boeing engineers also understand this. They are building
software where life and safety are at stake. When one objectively examines
the current choices in software engineering languages, Ada continues to be the
most appropriate choice when one is concerned with high dependability. Let's
hope I am right about those Boeing engineers. They have shown good judgement
in the past in making software decisions. They will probably continue to do
so
in the future.
Richard Riehle
next prev parent reply other threads:[~2003-06-27 17:15 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-20 3:18 Boeing and Dreamliner Robert Love
2003-06-20 10:29 ` Larry Kilgallen
2003-06-21 2:20 ` Mark A. Biggar
2003-06-23 10:45 ` Robert Kaiser
2003-06-23 11:43 ` Larry Kilgallen
2003-06-23 12:21 ` Martin Dowie
2003-06-23 12:23 ` Larry Kilgallen
2003-06-23 13:02 ` Martin Dowie
2003-06-23 13:02 ` Robert Kaiser
2003-06-20 14:44 ` Matt Brenneke
2003-06-20 17:23 ` Wojtek Narczynski
2003-06-21 4:28 ` rleif
2003-06-22 3:56 ` Hyman Rosen
2003-06-22 9:15 ` Preben Randhol
2003-06-23 18:00 ` Mike Silva
2003-06-22 11:51 ` Larry Kilgallen
2003-06-22 13:37 ` Marin David Condic
2003-06-22 15:06 ` James Rogers
2003-06-22 15:52 ` Dmitry A. Kazakov
2003-06-22 18:18 ` Tino Goertemoeller
2003-06-23 3:26 ` John R. Strohm
2003-06-23 5:54 ` Robert I. Eachus
2003-06-23 10:12 ` Understanding and Teaching: Who may teach Ada? Georg Bauhaus
2003-06-24 1:34 ` Robert I. Eachus
2003-06-24 12:13 ` Georg Bauhaus
2003-06-25 2:59 ` John R. Strohm
2003-06-25 4:44 ` Wesley Groleau
2003-06-25 5:55 ` Anders Wirzenius
2003-06-25 14:03 ` Georg Bauhaus
2003-06-23 21:08 ` Boeing and Dreamliner Alexander Kopilovitch
2003-06-24 3:16 ` Robert I. Eachus
2003-06-23 15:40 ` Wesley Groleau
2003-06-23 5:04 ` rleif
2003-06-22 18:07 ` Frank J. Lhota
2003-06-23 9:32 ` AG
2003-06-23 11:12 ` Larry Kilgallen
2003-06-27 16:30 ` Richard Riehle
2003-06-22 15:10 ` Vinzent Hoefler
2003-06-22 18:22 ` Robert I. Eachus
2003-06-23 18:24 ` Mike Silva
2003-06-24 2:13 ` Alexander Kopilovitch
2003-06-24 2:35 ` Hyman Rosen
2003-06-24 5:22 ` Mike Silva
2003-06-24 6:14 ` Hyman Rosen
2003-06-24 6:38 ` tmoran
2003-06-24 13:08 ` Hyman Rosen
2003-06-24 17:59 ` tmoran
2003-06-24 18:01 ` Mike Silva
2003-06-25 11:50 ` Marin David Condic
2003-06-24 10:56 ` Preben Randhol
2003-06-24 13:04 ` Hyman Rosen
2003-06-24 20:54 ` Pascal Obry
2003-06-24 12:06 ` Marin David Condic
2003-06-24 13:12 ` Hyman Rosen
2003-06-24 14:20 ` Larry Kilgallen
2003-06-24 14:33 ` Vinzent Hoefler
2003-06-24 20:37 ` Alexander Kopilovitch
2003-06-25 11:58 ` Marin David Condic
2003-06-24 7:10 ` Robert I. Eachus
2003-06-24 7:35 ` Hyman Rosen
2003-06-24 17:29 ` Robert I. Eachus
2003-06-27 17:15 ` Richard Riehle [this message]
2003-06-27 17:31 ` Warren W. Gay VE3WWG
2003-06-28 1:27 ` Wesley Groleau
2003-06-28 6:32 ` Robert I. Eachus
2003-06-27 17:38 ` Preben Randhol
2003-06-28 2:18 ` Alexander Kopilovitch
2003-06-24 16:35 ` Warren W. Gay VE3WWG
2003-06-24 10:48 ` Preben Randhol
2003-06-24 13:16 ` Hyman Rosen
2003-06-24 14:49 ` Preben Randhol
2003-06-24 22:48 ` Wesley Groleau
2003-06-25 0:41 ` Hyman Rosen
2003-06-25 10:28 ` Dmitry A. Kazakov
2003-06-25 21:15 ` Robert I. Eachus
2003-06-26 2:30 ` Alexander Kopilovitch
2003-06-27 17:19 ` Richard Riehle
2003-06-25 18:00 ` Mike Silva
2003-06-24 6:22 ` Robert I. Eachus
2003-06-24 13:21 ` Hyman Rosen
2003-06-24 16:38 `
2003-06-24 18:00 ` Robert I. Eachus
2003-06-26 2:00 ` Alexander Kopilovitch
2003-06-26 19:12 ` Robert I. Eachus
2003-06-27 2:21 ` Alexander Kopilovitch
[not found] ` <ts6hs-vk4.ln1@beastie.ix.netcom.com>
2003-06-22 18:59 ` Simon Wright
2003-06-23 18:20 ` Pascal Obry
2003-06-25 8:08 ` Thierry Lelegard
2003-06-27 16:24 ` Richard Riehle
2003-06-27 16:31 ` Hyman Rosen
2003-06-27 18:08 ` Robert I. Eachus
2003-06-27 19:00 ` Hyman Rosen
2003-06-28 0:33 ` Alexander Kopilovitch
2003-06-29 6:54 ` Hyman Rosen
2003-06-29 8:30 ` AG
2003-06-29 16:06 ` Chad R. Meiners
2003-06-29 20:20 ` Hyman Rosen
2003-06-30 13:50 ` Alexander Kopilovitch
[not found] ` <t9i7t-0i3.ln1@beastie.ix.netcom.com>
2003-07-01 11:55 ` Marin David Condic
2003-07-02 15:02 ` rleif
2003-07-03 7:38 ` Robert I. Eachus
2003-06-29 16:56 ` Alexander Kopilovitch
2003-06-29 20:22 ` Hyman Rosen
2003-06-29 21:09 ` Larry Kilgallen
2003-06-29 21:19 ` Hyman Rosen
2003-06-29 21:31 ` Larry Kilgallen
2003-06-29 21:39 ` Hyman Rosen
2003-06-30 0:07 ` Berend de Boer
2003-06-29 18:26 ` Richard Riehle
2003-06-29 20:45 ` Hyman Rosen
2003-06-30 15:55 ` Warren W. Gay VE3WWG
2003-07-04 0:21 ` Dave Thompson
2003-07-04 16:42 ` Warren W. Gay VE3WWG
2003-07-01 1:08 ` Alexander Kopilovitch
2003-07-03 16:43 ` Warren W. Gay VE3WWG
2003-07-01 1:14 ` Richard Riehle
2003-07-01 5:31 ` Hyman Rosen
2003-07-01 7:30 ` Dmitry A. Kazakov
2003-07-01 12:57 ` John R. Strohm
2003-07-04 3:56 ` Wesley Groleau
2003-07-04 5:05 ` Robert I. Eachus
2003-06-21 12:55 ` Pascal Obry
2003-06-20 19:59 ` Jeffrey Carter
2003-06-20 22:40 ` Mark Lorenzen
2003-06-20 21:21 ` Jeffrey Carter
2003-06-21 4:28 ` rleif
2003-06-21 8:05 ` Preben Randhol
2003-06-21 10:32 ` Bobby D. Bryant
2003-06-21 10:44 ` Preben Randhol
2003-06-23 16:57 ` Warren W. Gay VE3WWG
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox