From: russ lyttle <lyttlec@removegmail.com>
Subject: Re: Ada in command / control systems
Date: Wed, 27 Feb 2019 12:49:44 -0500
Date: 2019-02-27T12:49:44-05:00 [thread overview]
Message-ID: <q56ijo$1k5f$1@gioia.aioe.org> (raw)
In-Reply-To: gdnkf0Ft3v5U1@mid.individual.net
On 2/27/19 9:17 AM, Niklas Holsti wrote:
> On 19-02-27 15:22 , russ lyttle wrote:
>> On 2/26/19 6:09 PM, Simon Wright wrote:
>>
>>> I'm having a bit of trouble working out what you're trying to do. You
>>> seem to be targeting a wide range of platforms, from Linux to embedded
>>> MCUs. The need to control sizes etc is much less in a Unix-like
>>> environment, and I doubt very much you'd want to use EEPROM (do you mean
>>> that, by the way? MCUs seem to use Flash) or even bother to think about
>>> how the linker arranges things so that the program starts up properly.
>>>
>> Should have said Flash.
>> Watch
>> https://www.youtube.com/watch?v=3jstaBeXgAs
>
> Hacking automotive computers? You could have said. I suppose you are
> aiming at hack-resistant or hack-proof distributed (but closed) systems.
>
>> Not my project, but you get the idea. Lots of (small) computers
>> networked. Penney's count so the lowest cost mcu must be used.
>
> Minimizing repeating HW costs usually means increasing the design and
> development costs. Be sure to have your balance right, especially if you
> want to push the state of the art in safety and reliability proofs.
> Having more HW resources may allow simpler SW designs that are easier to
> prove and/or validate.
>
>> The life of the software will be long, even though some of the mcu
>> might change.
>
> Even more reason to allow margin in HW resources. You don't want to
> invest in super-optimizing your SW for a specific, minimal HW, because
> that usually reduces SW portability.
>
>> We will have one or more R-Pi class devices that need a provably secure
>> and correct OS. While Raspbian is much better than Windows 10, how would
>> you show that it is correct?
>
> So the central question is what services this "OS" should provide.
> Presumably not the full set provided by a typical Linux distro?
>
Yes
> Even with a reduced OS, the usual approach is to partition and separate
> the critical services from the less critical services, for example using
> a "separation kernel" like Muen.
>
Muen might be the answer. It is SPARK and Ada. Can it target anything
other than X86/64?
>>> ... A lot of this will have been looked after by
>>> whoever provides your runtime.
>> "Whoever provides your runtime" is me.
>
> Why should you provide runtimes yourself, when you can buy them from the
> Ada compiler vendors -- presumably at smaller total cost, with faster
> delivery? At most, you might yourself tailor the COTS runtimes for your
> targets.
>
Yep, those are the problems we face. A big problem is convincing
management that 40% free-board on all resources is required.
Run-time licensing fees could run into millions per year.There are lots
of buy-vs-build discussions going on.
next prev parent reply other threads:[~2019-02-27 17:49 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-25 6:51 Ada in command / control systems Jesper Quorning
2019-02-25 8:24 ` Dmitry A. Kazakov
2019-02-25 9:44 ` Jesper Quorning
2019-02-25 15:54 ` Dmitry A. Kazakov
2019-02-25 13:50 ` russ lyttle
2019-02-25 14:29 ` gautier_niouzes
2019-02-25 15:25 ` Simon Wright
2019-02-25 19:21 ` russ lyttle
2019-02-26 4:50 ` J-P. Rosen
2019-02-26 15:50 ` Simon Wright
2019-02-26 22:10 ` lyttlec
2019-02-26 22:39 ` Niklas Holsti
2019-02-26 23:09 ` Simon Wright
2019-02-27 13:22 ` russ lyttle
2019-02-27 14:17 ` Niklas Holsti
2019-02-27 17:49 ` russ lyttle [this message]
2019-02-25 19:53 ` Tero Koskinen
2019-02-25 20:15 ` russ lyttle
2019-03-01 14:56 ` fabien.chouteau
2019-03-01 16:58 ` Simon Wright
2019-03-01 21:19 ` russ lyttle
2019-03-01 22:32 ` fabien.chouteau
2019-03-01 23:24 ` russ lyttle
2019-02-25 21:18 ` Jesper Quorning
2019-02-26 9:28 ` Maciej Sobczak
2019-02-26 11:01 ` Dmitry A. Kazakov
2019-02-26 21:25 ` Maciej Sobczak
2019-02-27 9:33 ` Dmitry A. Kazakov
2019-02-27 20:46 ` Maciej Sobczak
2019-02-27 21:55 ` Dmitry A. Kazakov
2019-02-28 13:12 ` Maciej Sobczak
2019-02-28 17:43 ` Dmitry A. Kazakov
2019-03-01 9:22 ` Maciej Sobczak
2019-03-01 10:46 ` Dmitry A. Kazakov
2019-03-04 7:03 ` Maciej Sobczak
2019-03-04 14:38 ` Dmitry A. Kazakov
2019-03-05 9:33 ` Maciej Sobczak
2019-03-05 16:09 ` Dmitry A. Kazakov
2019-03-06 9:05 ` Maciej Sobczak
2019-03-06 14:14 ` Dmitry A. Kazakov
2019-03-07 7:02 ` Maciej Sobczak
2019-03-07 9:25 ` Dmitry A. Kazakov
2019-03-08 7:19 ` Maciej Sobczak
2019-03-08 11:08 ` Dmitry A. Kazakov
2019-03-08 17:00 ` Simon Wright
2019-03-08 17:38 ` Dmitry A. Kazakov
2019-03-05 7:18 ` G. B.
2019-03-05 9:28 ` Dmitry A. Kazakov
2019-03-05 9:51 ` Maciej Sobczak
2019-03-05 16:15 ` Dmitry A. Kazakov
2019-03-06 22:02 ` Randy Brukardt
2019-03-05 17:55 ` Niklas Holsti
2019-03-05 21:06 ` Simon Wright
2019-03-06 7:26 ` G. B.
2019-03-06 8:22 ` Dmitry A. Kazakov
2019-03-06 12:04 ` Simon Wright
2019-03-07 7:35 ` G. B.
2019-03-07 9:25 ` Dmitry A. Kazakov
2019-03-06 9:17 ` Maciej Sobczak
2019-03-08 22:45 ` russ lyttle
2019-03-09 8:16 ` Simon Wright
2019-03-09 8:59 ` Dmitry A. Kazakov
2019-03-09 18:47 ` russ lyttle
2019-03-09 20:06 ` G.B.
2019-03-09 20:38 ` Dmitry A. Kazakov
2019-03-09 18:34 ` russ lyttle
2019-03-09 19:28 ` Simon Wright
2019-03-10 21:13 ` lyttlec
2019-03-11 8:56 ` Simon Wright
2019-03-11 14:27 ` russ lyttle
2019-03-11 17:01 ` Simon Wright
2019-03-11 21:55 ` russ lyttle
2019-03-05 11:59 ` russ lyttle
2019-03-05 18:18 ` Dmitry A. Kazakov
2019-03-06 2:01 ` lyttlec
2019-03-06 8:29 ` Dmitry A. Kazakov
2019-02-26 15:54 ` Simon Wright
2019-02-26 21:43 ` Maciej Sobczak
2019-02-26 22:45 ` Simon Wright
2019-02-27 8:41 ` Dmitry A. Kazakov
2019-02-27 20:55 ` Maciej Sobczak
2019-02-27 21:26 ` Simon Wright
2019-02-27 22:08 ` Dmitry A. Kazakov
2019-02-27 11:04 ` Jesper Quorning
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox