From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	LOTS_OF_MONEY autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: "Robert I. Eachus" <rieachus@comcast.net>
Newsgroups: comp.lang.ada
Subject: Re: Ada-Oriented GUI
Date: Sun, 1 Apr 2018 13:37:59 -0400
Organization: Aioe.org NNTP Server
Message-ID: <p9r5dn$6gr$1@gioia.aioe.org>
References: <p8lpr4$bgl$1@dont-email.me> <p8t4t6$1j4v$1@gioia.aioe.org>
 <ea8acda4-bb00-43f5-b826-170bd8e0c2c9@googlegroups.com>
 <p8u168$1ag6$1@gioia.aioe.org>
 <9ed9edb1-3342-4644-89e8-9bcf404970ee@googlegroups.com>
 <p8u5j3$1ise$1@gioia.aioe.org>
 <26a1fe54-750c-45d7-9006-b6fecaa41176@googlegroups.com>
 <p8umk5$shj$1@franka.jacob-sparre.dk>
 <656fb1d7-48a4-40fd-bc80-10ba9c4ad0a4@googlegroups.com>
 <p91fae$3fs$1@franka.jacob-sparre.dk>
 <ef8da3f2-70b3-4412-8a28-cedfc463d7ff@googlegroups.com>
 <p9bs7i$rh2$1@franka.jacob-sparre.dk>
NNTP-Posting-Host: fZYVf2g/avGnWJvs1xVPEA.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
X-Notice: Filtered by postfilter v. 0.8.3
Content-Language: en-US
Xref: reader02.eternal-september.org comp.lang.ada:51282
Date: 2018-04-01T13:37:59-04:00
List-Id: <comp.lang.ada>

On 3/26/2018 6:29 PM, Randy Brukardt wrote:

> Calling an avionics display a "GUI" is confusing at best; there is little
> relationship because of the strict requirements on avionics software.
> (Something like RX would be unlikely to fly - pun intended - there can't be
> "unexpected" anything in avionics software.)

Sorry Randy I think I know what you were intending to say, but I suspect 
that many readers here will get the wrong impression.

Military Avionics software has to be written to minimize the effect of 
unexpected events,   If a sudden hole appears through the fuselage--and 
the avionics, the pilot would very much like the controls to work until 
he (or she) is back over friendly territory.  The government which paid 
$100 million plus for the aircraft would like it even more if the pilot 
can land the plane.

Both F-15E and A-10 have been successfully landed "on a wing and a 
prayer" with one wing missing.  To do this you need to design with most 
systems doing automatic fallbacks if some of its inputs are missing. (If 
one aileron is missing, it would be nice if the one on the remaining 
wing still worked.) More important, any system which is fubared (fouled 
up beyond all recovery) needs to tell the pilot that it has failed--and 
shut up.  Diagnostics are for after landing.  The A-380 passenger plane 
got this one wrong.  It took the crew hours to shut down systems which 
were periodically saying that they were inoperable, so they could figure 
out what was working and what wasn't, and land the plane.

I'd apologize for the rant, but I figure that if one person reads this 
and designs a system correctly it will have been worthwhile.  And this 
audience is probably a target rich environment for avionics software 
designers. ;-)