Re: Boeing 777 - Totally Irresponsible?

Date:         05 Jan 97 03:22:37 
From:         "Peter Ashwood-Smith" <>
Organization: Bell-Northern Research Canada
References:   1 2 3 4
Followups:    1
Next article
View raw article
  or MIME structure

>>A single program with a million lines of code will be more prone to
>>errors than 100 programs with a thousand lines of codes each.
>>If your software runs on a proven operating system, or on different
>>computers, modules are not likely to pollute other modules with memory
>>leaks etc. So you are looking at certifying separate smaller modules
>>instead of one huge module. The ods of errors in smaller modules is much
>>smaller than in a larger module.
>However, the odds of inter-process communication failures increase,
>so all you've done is move the errors from one part of the system to

   Yes, you have moved problems from one place to another but you
have reduced the total number of catastrophic problems dramatically.

   In that 1 million line program any errant process can reak havok
with all the other processes. With the 100 smaller modules a complete
catastrophic failure is less likely  but deadlock type problems
are more likely.

   One way to make the single CPU/single module system very
reliable is to properly isolate all tasks with fixed CPU bounds
on each task, fixed memory bounds etc.

   I don't know what approach is taken with the 777 and Airbus
software but I sure as hell hope the modules are either physically
isolated (separate CPU/memory) or totally logically isoated with
fixed CPU/memory bounds.

   Anybody know for sure what kind of architectures the Boeing
and Airbus systems use?


Peter Ashwood-Smith     | Email:
Northern Telecom        | Work#: (613) 763-4534
Ottawa, Ontario, Canada | Home#: (819) 595-9032