Thu, 9 Nov 2000 13:37:09 -0500
Roger Racine wrote:
> I was told by one of the NASA people that the slow roll was caused by the
> wrong value being used for one of the flight control gains. It had nothing
> at all to do with the programming language.
> I have said it before, and I will say it again: it is possible to write
> life-critical software in any language (Apollo software was written in
> assembler). It just takes longer to integrate and verify in some languages
> than in others.
> Roger Racine
George is not on the TEAM-ADA list and he asked me to forward the
message below on his behalf.
Ada Core Technologies
79 Tobey Road; Belmont, MA 02478; USA
+1 (617) 489-4027 (voice); +1 (617) 489-4009 (FAX)
[log in to unmask]
The fundamental question is, "are adequate software safety measures
applied to the project at all?"
While experimenting and not risking astronauts, it is quite legitimate
to use any COTS technology and 'hack-it' in whatever technology you like.
The concern I have is that after a couple of years testing of the system
as a whole, it may be found to work quite well, at least under the
conditions experienced during the test scenarios. The problem that I see
is that there is enormous pressure applied to keep the "field proven"
software intact and not apply the sort of certification work required by
the FAA in avionics systems, when fare paying passengers travel.
It is true that you can certify software written in any language and
some are easier than others. The problem of certification is one of cost.
There is only so many dollars that can be spent on certification. If the
certification cost exceed a certain threshold then the program becomes
not viable. For an agency that develops systems (or pays for them to be
developed) and then monitors its own safety measures it is easy to
adjust budgets and grant waivers on safety.
While your statement is true, in practice people adjust the verification
of safety to available dollars unless an outside agency sets the bar.
978 392 8850 x 103