Re: Boeing 777 - Totally Irresponsible?

Date:         05 Jan 97 03:22:37 
From:         "Peter Ashwood-Smith" <petera@nortel.ca>
Organization: Bell-Northern Research Canada
References:   1 2 3 4
Followups:    1
Next article
View raw article
  or MIME structure

>>A single program with a million lines of code will be more prone to
>>errors than 100 programs with a thousand lines of codes each.
>
>>If your software runs on a proven operating system, or on different
>>computers, modules are not likely to pollute other modules with memory
>>leaks etc. So you are looking at certifying separate smaller modules
>>instead of one huge module. The ods of errors in smaller modules is much
>>smaller than in a larger module.
>
>However, the odds of inter-process communication failures increase,
>so all you've done is move the errors from one part of the system to
>another.

   Yes, you have moved problems from one place to another but you
have reduced the total number of catastrophic problems dramatically.

   In that 1 million line program any errant process can reak havok
with all the other processes. With the 100 smaller modules a complete
catastrophic failure is less likely  but deadlock type problems
are more likely.

   One way to make the single CPU/single module system very
reliable is to properly isolate all tasks with fixed CPU bounds
on each task, fixed memory bounds etc.

   I don't know what approach is taken with the 777 and Airbus
software but I sure as hell hope the modules are either physically
isolated (separate CPU/memory) or totally logically isoated with
fixed CPU/memory bounds.

   Anybody know for sure what kind of architectures the Boeing
and Airbus systems use?

   Cheers,

   Peter
--
Peter Ashwood-Smith     | Email: petera@nortel.ca
Northern Telecom        | Work#: (613) 763-4534
Ottawa, Ontario, Canada | Home#: (819) 595-9032