From: mheaney@ni.net (Matthew Heaney)
Subject: Re: Beware: Rep spec on an enumeration type causes code explosion
Date: 1997/12/11
Date: 1997-12-11T00:00:00+00:00 [thread overview]
Message-ID: <mheaney-ya023680001112972244020001@news.ni.net> (raw)
In-Reply-To: 66po35$1a1$1@gte2.gte.net
In article <66po35$1a1$1@gte2.gte.net>, Rakesh Malhotra
<rakesh.malhotra@safetran.com> wrote:
>We work on safety critical projects. And if we have a safety critical
>bit of code that defines and uses an enumeration then we use the rep
>clause to provide more than 1 bit separation between adjacent values in
>the enumeration. That way if 1 bit got corrupted the value could not
>become some other legal value.
>
>Hence type SIGNAL_TYPE is (RED, GREEN);
>for SIGNAL_TYPE use (RED => 16#00#, GREEN => 16#03#);
>
>So if a signal was supposed to be RED, with just a 1 bit corruption it
>could never become GREEN. Obviously we have these kinds of enum's and
>rep clauses all over the code space, and they are used in arrays to
>index etc etc. An even worse example (from the coder's point of view)
>is that we create our own BOOLEAN_TYPE with states defined as TRUE_STATE
>and FALSE_STATE ; then give both true and false explicit values; and
>then test for those in "if" statements etc :) Pretty horrible eh ?
This is a seriously wrong way to build safety-critical software. As a
matter of fact, it's a wrong way to build *any* software. You are quite
correct in pointing out that it is "pretty horrible."
As John Volan wisely pointed out, create holey types for use at the
EXTERNAL INTERFACE ONLY. You should have an "interface object,"
implemented as a layered machine, to manage communication with each
external device. The machine has three purposes: to read in the data from
the hardware, verify that the data received is valid, and then convert that
data from interface format to application format.
If you are using a holey type inside the application, ie not at the
interface layer only, then you are probably doing something wrong. The
fact that you're using your own Boolean type does not bode well!
--------------------------------------------------------------------
Matthew Heaney
Software Development Consultant
<mailto:matthew_heaney@acm.org>
(818) 985-1271
next prev parent reply other threads:[~1997-12-11 0:00 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-12-05 0:00 Beware: Rep spec on an enumeration type causes code explosion Joe Gwinn
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Matthew Heaney
1997-12-10 0:00 ` GNORT information ( Was Re: Beware: Rep spec on an enumeration type causes code explosion ) Mark Bennison
1997-12-10 0:00 ` Robert Dewar
1997-12-06 0:00 ` Beware: Rep spec on an enumeration type causes code explosion Kevin D. Heatwole
[not found] ` <dewar.881478386@merv>
1997-12-07 0:00 ` Robert Dewar
1997-12-09 0:00 ` Jim Gleason
1997-12-06 0:00 ` David Marshall
1997-12-06 0:00 ` Tucker Taft
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-08 0:00 ` Mats Weber
1997-12-09 0:00 ` Geert Bosch
1997-12-10 0:00 ` Robert Dewar
1997-12-09 0:00 ` Tucker Taft
1997-12-09 0:00 ` Matthew Heaney
1997-12-10 0:00 ` Charles Hixson
1997-12-10 0:00 ` Stanley R. Allen
1997-12-14 0:00 ` Robert Dewar
1997-12-10 0:00 ` Stephen Leake
1997-12-14 0:00 ` Robert Dewar
1997-12-10 0:00 ` Ken Garlington
1997-12-11 0:00 ` John G. Volan
1997-12-11 0:00 ` Ken Garlington
1997-12-12 0:00 ` Matthew Heaney
1997-12-12 0:00 ` Ken Garlington
1997-12-16 0:00 ` John G. Volan
1997-12-17 0:00 ` Ken Garlington
1997-12-12 0:00 ` Joe Gwinn
1997-12-12 0:00 ` Robert Dewar
1997-12-16 0:00 ` John G. Volan
1997-12-17 0:00 ` Ken Garlington
1997-12-17 0:00 ` Joe Gwinn
1997-12-17 0:00 ` John G. Volan
1997-12-18 0:00 ` Joe Gwinn
1997-12-12 0:00 ` Alan E & Carmel J Brain
1997-12-12 0:00 ` Robert Dewar
1997-12-15 0:00 ` Tucker Taft
1997-12-16 0:00 ` Brian Rogoff
1997-12-10 0:00 ` Jean-Pierre Rosen
1997-12-10 0:00 ` Robert Dewar
1997-12-11 0:00 ` Rakesh Malhotra
1997-12-11 0:00 ` Matthew Heaney [this message]
1997-12-12 0:00 ` Robert Dewar
1997-12-12 0:00 ` Samuel Tardieu
1997-12-12 0:00 ` Robert Dewar
1997-12-12 0:00 ` Rakesh Malhotra
1997-12-14 0:00 ` Alan E & Carmel J Brain
1997-12-12 0:00 ` Joe Gwinn
1997-12-15 0:00 ` Robert Dewar
1997-12-16 0:00 ` Joe Gwinn
1997-12-16 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-06 0:00 ` Robert Dewar
1997-12-08 0:00 ` Joe Gwinn
1997-12-09 0:00 ` Stanley R. Allen
1997-12-06 0:00 ` Corey Minyard
1997-12-08 0:00 ` Joe Gwinn
1997-12-10 0:00 ` Robert Dewar
1997-12-06 0:00 ` Ken Garlington
1997-12-07 0:00 ` Larry Kilgallen
-- strict thread matches above, loose matches on Subject: below --
1997-12-09 0:00 tmoran
1997-12-11 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-12-11 0:00 ` Robert Dewar
1997-12-11 0:00 Marin David Condic, 561.796.8997, M/S 731-96
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox