From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED.fn3LatRFkm9/xzEj7F2/NQ.user.gioia.aioe.org!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Ada in command / control systems Date: Thu, 7 Mar 2019 10:25:08 +0100 Organization: Aioe.org NNTP Server Message-ID: References: <2199b15b-d704-403f-a6c4-00fab29792d5@googlegroups.com> <72738cc8-3f65-4cc1-8c61-b1166cb5e3c2@googlegroups.com> <9807ec3a-4c34-4641-acfa-e9cf22de95ce@googlegroups.com> <51611452-1f49-4d8d-b93d-363cbbee29d0@googlegroups.com> <6a0fe4c2-a8e6-4d15-8cbf-f5a85ba0cd86@googlegroups.com> <1a5fae09-bbbf-4bdb-be8c-6a2e3fd70dfa@googlegroups.com> <1c62f33a-d3a0-4a64-b66f-c82328cfb52a@googlegroups.com> NNTP-Posting-Host: fn3LatRFkm9/xzEj7F2/NQ.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 Content-Language: en-US X-Notice: Filtered by postfilter v. 0.9.2 Xref: reader01.eternal-september.org comp.lang.ada:55805 Date: 2019-03-07T10:25:08+01:00 List-Id: On 2019-03-07 08:02, Maciej Sobczak wrote: >>> What do you mean "nothing above that"? There can be many levels of requirements. [...] > >> Thus it is simply code in some mostly declarative language. As such it >> must undergo testing, verification, validation etc. > > No, it's not code. It's requirements. Yes, in undergoes verification. Which is actually good - I don't understand, are you now criticizing models for them being verified? > >>> The fact that Simulink can generate code automatically is actually not important here, >> >> It is a key feature allowing to circumvent normal software quality >> assertion and developing process. > > I don't understand this statement (maybe we are running out of fuel in this discussion). Models are used to express ideas and expectations. A model is an object representing another object usually from another space so, that the former has the features of interest of the latter. > Whether there is a code generation involved is a secondary issue. It was your thesis that people want to avoid writing code, which I agree with. Remove that and the bureaucratic incentives, and nobody would ever use it. >> I don't think there are many people who could write code from a >> non-trivial Simulink diagram. > > Great, we are now focusing on some added value. So let's remove Simulink from the process and we have what? I never proposed that. Simulink has its place in engineering. BTW, we are actually talking about the real-time workshop, Simulink generates no code, it does off-line simulation. The discussion was about the place and whether the paradigm of using a domain-specific language to express models of the software system (note the difference) may work. It cannot. >> It is far more difficult than writing >> assembler code from Ada program. > > Then maybe the intellectual gap is still too wide. And that only confirms my previous statements: source code is the lowest-level artifact we should care about (assembler can be written by a machine). Moving from requirements to source requires intellectual contribution from the expert and automating that part is not necessarily easy or desired (but still interesting). You ignore here software design. The problem and the point is that the software systems (and models of) are far more complex than the models of physical processes these systems are supposed to control/automate. Tools and ideas like Simulink come from the era when it was the opposite. Then you had a 8-bit microcontroller with a few soldered in AD/DC converters. That was all. You had a nice way to design, test and deploy a control loop. That time is gone. > I did. The purpose is to reduce the gap that is to be covered by a single engineering activity. Writing source code while listening to the customer over the phone does not work, so let's try to create something intermediary to provide opportunity to verify that our understanding of the high-level requirements are correct and that there is an idea for actual implementation that is feasible and has desired properties. This is exactly the purpose of the low-level model. This is not a purpose, it is a desired feature of the code writing process. The purpose is fulfilled by writing the code. You want to write the code in a different language? Fine, but do not tell me you are writing no code. >> One must know everything about programming, >> control, about numeric methods, and about domain-space problem in order >> to use Simulink en large. > > So Simulink is bad, because you have to be competent? No, Simulink is bad when you try to use it where it does not belong, i.e. for software development. > That's a really poor criticism of modeling. BTW, the customers I know do not deploy the code generated by the real-time workshop. The code (in C) is manually rewritten and reviewed. Yes, one must have the worst from both worlds! > I'm asking whether the process can benefit from the presence of such tools. I'm ready to acquire the competencies that I lack, if needed. It cannot. Any extra layer of languages increases complexity exponentially. Argumentation that these language are not for code, but for requirements etc is bogus. BTW, if Simulink et al were used as SPARK is used, I would have no objection. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de