From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,59dddae4a1f01e1a X-Google-Attributes: gid103376,public From: eachus@spectre.mitre.org (Robert I. Eachus) Subject: Re: Need help with PowerPC/Ada and realtime tasking Date: 1996/05/31 Message-ID: #1/1 X-Deja-AN: 157751534 references: <1026696wnr@diphi.demon.co.uk> organization: The Mitre Corp., Bedford, MA. newsgroups: comp.lang.ada Date: 1996-05-31T00:00:00+00:00 List-Id: In article <637048781wnr@diphi.demon.co.uk> JP Thornley writes: > I wonder if this is where computer science and (my sort of) software > engineering part company. Or do you while away the hours when > travelling by Boeing 777 wondering whether the flight control computers > are about to be presented with an undecidable proposition? I wish I could take this as a joke. In commercial avionics, it is certainly a goal, and sometimes an achievable one, to design control systems to stay out of those modes. But in "high-performance" aircraft, and in particular the Space Shuttle, it is not always possible to come up with control laws which are not chaotic. And placard or no, the pilot will be in those regimes. In the case of the A320, I would say that the implicit denial by the software design process that such things could happen was much more at fault than the language chosen for implementations. When the software encountered situations not imagined by the specification authors, it behaved in predictable, but fatal fashion. I much prefer the design philoshy that things can go wrong, and you do want sanity checks in the software. -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is...