echristley(at)nc.rr.com
Guest
|
 Posted: Thu Jun 29, 2006 10:27 am Post subject: AeroElectric-List Digest: 24 Msgs - 06/28/06 |
 |
|
AeroElectric-List Digest Server wrote:
| Quote: |
Time: 07:29:12 AM PST US
From: "Robert L. Nuckolls, III" <nuckollsr(at)cox.net>
Subject: RE: Software in the cockpit
I'm not suggesting that "fully validated" software
is a bad or unnecessary goal to strive for . . . but
in the OBAM aircraft world, it's unlikely that were going to see
a DO-178, Level A qualification on ANY offerings.
I'll suggest that building a firewall between simple
save-your-life and the more complex but convenient,
dish-washing-silver-polishing system is easy, prudent
and greatly reduces risks.
Bob . . .
Good design direction, Bob. You isolate the piece that is actually
|
manipulating controls into a tiny box that will need only a few hundred
lines of code. An easily verifiable amount of code. More importantly,
you strictly limit the numbers of inputs to be guarded and sanity
checked. But I don't believe it to be the best that we can do.
Let me suggest the simple idea that the autopilot be allowed to talk to
the glitzy, high-res PocketPC, but not the other way around. There is
no way humanly possible to verify all the code in that thing, and the
people wouldn't let you see their code is it were possible. Don't give
it the chance to whisper in your autopilot's ear without you being in
the loop. You work around that requirement with multiple autopilots
watching over one another, but that can get really complicated, really
fast. How about the PC listens to the autopilot and tells the real
pilot when it is time to turn. The pilot will then have to validate it
with other instruments, but he is much more likely to do the validation
BEFORE the turn is started. Let the PC listen and make all sorts of
pretty pictures, but don't give it a modicum of control. With the
autopilot to keep the plane straight and level, the pilot should have
plenty of resources to watch multiple instruments and point the ship in
the proper direction. The PocketPC as a control element becomes an
unecessary (but potentially dangerous) convenience.
At this point, we're getting close to counting the number of angels on
the head of a pin. My earlier post concerned how I would select a
company to provide an EFIS. The simple ideas I have today are for how
to write software code for a cockpit:
- keep the code short enough that every path can be mapped
- keep the number of inputs extremely limited (making it possible to map
every path).
- guard EVERY input such that it is limited to pre-declared limits
(making it possible to map every path).
- have the code reviewed by a disinterest 'coder'. If it takes him/her
more than a 1/2 hour to understand the flow...rewrite it. If it isn't
clear and obvious to them, it won't be clear and obvious to you three
weeks from now. Having 'inherited' codebases that had passed through
many hands, let me testify that code that must be maintained but isn't
well understood gets badly munged really fast.
As for the comments made by others about suing Bill Gates...that is
silly and irrelevant. I use Linux and before that I used OS/2, after
having found Windows to be an unstable toy on top of an unstable
operating system. I only work with Microsoft products when forced to
through Microsoft foisting so many proprietary and incompatible file
formats on the world. People seem to like spending their money on that
marginally useful stuff because it has lots of glitz and widgets, and
sometimes I choose to interact with those people. Thanks to OpenOffice,
I rarely must do that any more. Personally, I prefer to spend my money
on things that bring me value. BUT NOBODY CARES!! It has nothing to do
with what should be in the cockpit. I would not care to fly behind a
PFD that was based on Windows, any more than one based on Workplace
Shell, KDE or Gnome. NONE of them are appropriate. The question is not
"What operating system is best?", the question is "What design
philosophy is best for a limited function, life-critical software system?"
--
,|"|"|, Ernest Christley |
----===<{{(oQo)}}>===---- Dyke Delta Builder |
o| d |o http://ernest.isa-geek.org |
| | - The Matronics AeroElectric-List Email Forum - | | | Use the List Feature Navigator to browse the many List utilities available such as the Email Subscriptions page, Archive Search & Download, 7-Day Browse, Chat, FAQ, Photoshare, and much more:
http://www.matronics.com/Navigator?AeroElectric-List |
|
|
|
Get Email Distribution Too!
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
