From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED.yTvCNOh9TRCAIcX40YItlQ.user.gioia.aioe.org!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Ada in command / control systems Date: Wed, 27 Feb 2019 22:55:29 +0100 Organization: Aioe.org NNTP Server Message-ID: References: <2199b15b-d704-403f-a6c4-00fab29792d5@googlegroups.com> <72738cc8-3f65-4cc1-8c61-b1166cb5e3c2@googlegroups.com> NNTP-Posting-Host: yTvCNOh9TRCAIcX40YItlQ.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 Content-Language: en-US X-Notice: Filtered by postfilter v. 0.9.2 Xref: reader01.eternal-september.org comp.lang.ada:55711 Date: 2019-02-27T22:55:29+01:00 List-Id: On 2019-02-27 21:46, Maciej Sobczak wrote: > Here I disagree. Even if we stick to Simulink (which was never intended), operators can nested and higher-level modules can be easily created. You can build blocks out of blocks. In terms of software development this is trivial aggregation. Modern languages have a lot more under the belt. How about user-defined types of edges? Groups of edges used together? How about parametrized blocks? Substitutability of blocks upon connection with other blocks and polymorphism of blocks and edges? Interfaces of blocks constraining implementations of? >> It is OK >> when fancy blocks and edges fit into one screen. What about two? What is >> when they do not fit into ten football fields? > > What if your source code does not fit into one screen? It's the same problem and has similar solutions. Alas these solutions do not really work with networks of blocks. > At least on diagrams, lines going over the football field can be continuous, which makes them somewhat easier to follow. This has no equivalent in source code and if you have the same signal referred by N places in source, there is no visual clue that they are related at all. We had a project where the customer required the HMI designed in a graphical language like Simulink. Once the diagram became impossible to read and even less to understand. We stopped using it. The biggest problem was missing edges. If a block misses an input how to find the block providing it among thousands of blocks? Instead we took the internal representation of the diagram. It was a file with sections describing blocks, edges and their connections. So we edited that file directly! Remember an anecdote about OS 360 which allegedly lacked most of its source code because people simply patched the object code instead of the sources? (:-)) That was our case exactly. When the patched file got loaded, it was rendered as an utter mess of overlapping blocks and edges leaving nowhere, piercing the diagram like cosmic rays. Naturally our manual editing destroyed the layout! The automatic rearranging tool indignantly crashed when faced proud results of our creativity. The diagram worked but nobody could see it. Nice to feel yourself IBM! >>>> The software designed this way is not verifiable, non-testable. >> >> How do you merge or decide if two graphs are equivalent? > > This has nothing to do with testability. OK, but if you have a block of N inputs and M outputs which is supposed to implement some part of controller activity. In order to test it, you must know what kind of analytical function it represents. Engineers designing these blocks rather feel this stuff based on their experience than test like we used to test normal software. >> So, for the sake of argument, let's consider Ada program a requirement >> and Ada compiler a generator of object code (which Ada compiler indeed is). >> >> I claim that Ada is an infinitely better requirement language than >> Simulink blocks. > > You are almost correct, except you have mixed levels. Simulink blocks are considered low-level requirements and Ada source code is further below it in the hierarchy. So it cannot be better. It can be better than something at the same level, for example C source code. But it cannot be better than something higher, because you cannot replace one with another. So if Ada were used to generate Simulink blocks, the roles would change? In my view the level is determined not by artifacts of software design process but by the abstraction level and closeness to the domain in the sense how many errors can slip through. If the language of the model is less safe/obvious than the object language then it makes no sense to use it, because it is effectively lower level then. > However, it is reasonable to treat package specs (especially with contracts) as low-level requirements, which are then fulfilled at the implementation level by package body sources. Now your claim would be interesting - and I would actually agree. I have actually promoted such idea on one of the LinkedIn groups. SPARK rules! > But nobody cares. Get ready for MBD. Always ready! MBD was a hype already in late 90's. Remember OOA&D? Code generated from class diagrams? This wave will not be that big. Especially because there are rivals on the market of snake oil sellers, the AI is back! I expect mission critical software written in the form of trained NN! (:-)) >> It is like with all other entitlements. When you run out of other >> people's money the party ends... > > But you have noted yourself that other domains are happy to bleed to keep financing this mess. So the party goes on. Yes, for a while. But you and I have suspicion that this is not really sustainable. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de