=Loose rivets;10525526]Just noticed this:-
Just imagine showing Ada a few pictures of the future ..
<Link to Quora question about aviation flight-safety critical software>
Nowadays the high level flight control is designed with tools like SCADE or Matlab/Simulink.
Both tools generate a simple subset of C.
The projects I have been involved in used:
- SCADE / absint
- TMS470 Lock-stepped CPU
- TTEthernet
https://www.tttech.com/wp-content/up...ule_Core_2.pdf
Safety critical software generally need a deterministic CPU's with Lock-stepping, either with two CPU's or a Lock-steeped CPU.
For higher safety levels things like operating systems, unbound loops, and run-time memory allocation is not allowed.
Basically IO's are handled via. small interrupt routines, and the rest of the control runs in one large control loop with a constant fixed scan rate.
This makes it possible to ensure Worst Case Execution time is fulfilled even if an event occur that makes all states change in the same scan.
For this a tool absint
https://www.absint.com/ can be used to analyse the binary object code to calculate the number of clock cycles the CPU need to execute the worst case program flow.
This is why I'm baffled that Boeing have released software for flight that could be 'overloaded'.
https://projekter.aau.dk/projekter/f...os_Ganitis.pdf