computer language used to program Mars Lander

Re: computer language used to program Mars Lander

jhc0033@gmail.c om wrote:They do not use even memory allocation. They use a subset of C

I am sure they do not use C++!


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: computer language used to program Mars Lander

On 14 Jul, 12:18, "jhc0...@gmail. com" <jhc0...@gmail. comwrote:contrary to popular expectations space probes are very
conservative in their use of technolgy. Processors are old
(and hence proven) memorys are small (less vulnerable to radiation).

Rememeber if there's a bug they can't just upgrade the software.
Well they can but it has to be mostly working for the download
to work.

These are essetially embedded systems and C is still popular
in that world.

I suspect its a damn sight easier to prove C correct than C++.

a = b + c;

probably does what it says in C (assuming b and c have good values
and it doesn't overflow). In C++ there could be half a dozen
overloaded
operators in there.

--
Nick Keighley

I know not what I appear to the world, but to myself I seem to have
been
only like a boy playing on the sea-shore, and diverting myself in now
and
then finding a smoother pebble or a prettier shell, whilest the great
ocean of truth lay all undiscovered before me.
(Sir Issac Newton)

Re: computer language used to program Mars Lander

On Jul 14, 7:18 am, "jhc0...@gmail. com" <jhc0...@gmail. comwrote:As pointed out it was subset of C and the size of the software is
relatively small by todays standards if it all fits in 128M (no VM
AFAIK).

The specifics of this project differs from earthly "life safety" type
of applications. If probe software fails, watchdog will reboot it into
the safe mode. There it will sit waiting the instructions/patches from
home. Therefore, a critical part is a bootstrap and communication
module. The rest is allowed to fail and can be fixed.

George

Re: computer language used to program Mars Lander

"jhc0033@gmail. com" <jhc0033@gmail. comwrites:This was cross-posted to comp.lang.ada and comp.lang.c. I suggest we
all refuse to take the bait and *not* start a cross-language flame
war.

--
Keith Thompson (The_Other_Keit h) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"

Re: computer language used to program Mars Lander

On 14 Lip, 13:21, jacob navia <ja...@nospam.c omwrote:
Why? I would expect some parts of C++ being used, no matter how much
constrained is the target environment.
In particular, C++ has better and more expressive type system,
destructors that can ensure proper execution of "exit" actions, better
support for encapsulation, etc. All these are real advantages as far
as safe and secure code is concerned and none of these require
additional run-time resources.

For example, would you like to have custom integer types with range
checking in this critical software? (Expected answer on this group is
"yes".) This is trivial in C++ and almost impossible in C. This alone
is already a reason to prefer C++ over C for such systems.

Now, why there is no Ada on Mars is another story - but don't worry
about what Martians will think: they will not see the source code
anyway. ;-)

--
Maciej Sobczak * www.msobczak.com * www.inspirel.com

Re: computer language used to program Mars Lander

Keith Thompson wrote:It has nothing to do with wars. It is simply an illustration that
proves that it is _possible_ to generate accurate code with C. It
is also possible with assembly language. However, doing so
requires good programmers with plenty of experience. You can get
equal quality from poorer programmers with less experience by using
Ada. I leave it to you what you will get with experienced good
programmers and Ada.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.

Re: computer language used to program Mars Lander

On 14 Lip, 13:49, Nick Keighley <nick_keighley_ nos...@hotmail. com>
wrote:
Your reasoning is completely broken.
Let's try this one:

I suspect its a damn sight easier to prove C correct than Ada.

a = b + c;

probably does what it says in C. In Ada (substitute := for = ) there
could be half a dozen overloaded operators in there (and some
controlled operations as well).

Do you think that there are some monkeys in the project that randomly
overload operators? If yes, then Ada is equally vulnerable.

Another point: the operator + in C *is* overloaded and not only its
meaning, but also the generated object code differs depending on the
types of a and b. Yes, this is what overloading is all about and yes,
you can have serious errors in C because of that, especially when
combined with implicit conversions. What C++ or Ada can offer in this
area is at least to get rid of those implicit conversions. This is a
huge gain for proving correctness of the code.

--
Maciej Sobczak * www.msobczak.com * www.inspirel.com

Re: computer language used to program Mars Lander

"jhc0033@gmail. com" <jhc0033@gmail. comwrites:
They are comfortable with their current tools, and simply refuse to
consider others.

I run into that attitude all the time. Even when they are considering
adding tools like static analyzers, they won't consider changing
languages. It's extremely frustrating!

In the short run, sticking with what you know is safe. In the long
run, it is a significant loss of productivity. JPL and many, many
other places are sticking with the safe route.

--
-- Stephe

Re: computer language used to program Mars Lander

On Jul 14, 4:49 am, Nick Keighley <nick_keighley_ nos...@hotmail. com>
wrote:
I disagree. Actually, the space industry will try anything and stick
with it until stuff explodes (Ariane rocket) or crashes into the wrong
celestial body because of faulty software. They did use Ada widely
before, and they even programmed some of their probes in Lisp. Seems
like C is the new fad there. Wait until they get bitten by macros and
dangling pointers.

Re: computer language used to program Mars Lander

On Jul 14, 4:49 am, Nick Keighley <nick_keighley_ nos...@hotmail. com>
wrote:Indeed. Ada is used by the military, because they have much more
sophisticated hardware in tanks and fighter jets. I would expect that
perhaps NASA also uses it for the space shuttle.
They both can and *DO* do this. They typically use VxWorks as the
main operating system, which comes with a fairly powerful command
console that makes it practical to actually debug, upload bug fixes
and reboot the systems all remotely.
Its in the OS they use (and didn't make themselves.)
The small memory footprint and VxWorks environment probably makes C a
very attractive language for the NASA guys. If they used Ada, they
would be slower, have much larger memory requirements and have a very
hard time debugging problems remotely.
Well by definition, since every C bug can be mapped to a C++ bug
(except for certain implicit type conversion failures; but that can be
dealt with by requiring that the C code also be compilable with a C++
compiler.)

--
Paul Hsieh

Re: computer language used to program Mars Lander

Chris Thomasson wrote:
We did quite a bit of code for avionics flight systems for military
aircraft in C++. It ran on top of an RTOS and there were certain
restrictions in the programming. Dynamic memory was only allocated at
startup, for instance.



Brian

Re: computer language used to program Mars Lander

Chris Thomasson wrote:
It has very little to do with the "sophistica tion of the hardware".

--

Gary Scott
mailto:garylsco tt@sbcglobal dot net

Fortran Library: http://www.fortranlib.com

Support the Original G95 Project: http://www.g95.org
-OR-
Support the GNU GFortran Project: http://gcc.gnu.org/fortran/index.html

If you want to do the impossible, don't hire an expert because he knows
it can't be done.

-- Henry Ford

Re: computer language used to program Mars Lander

On Thu, 17 Jul 2008, Paul Hsieh wrote:

|-------------------------------------------------------------------------|
|"On Jul 14, 4:49 am, Nick Keighley <nick_keighley_ nos...@hotmail. com |
|wrote: |
|On 14 Jul, 12:18, "jhc0...@gmail. com" <jhc0...@gmail. comwrote: |
| |
| Interesting article I came across on Slashdot: |
| |
|http://developers.slashdot.org/devel...0/213211.shtml |
| |
| They are using C at JPL to program Mars Lander and just about |
| everything now! Not Ada. Anyone got an explanation? I wonder also, do|
| they really mean C++ when they say C. In my experience, this is a |
| frequent, although disagreeable usage. |
| |
|contrary to popular expectations space probes are very |
|conservative in their use of technology. Processors are old |
|(and hence proven) [..] |
| |
|Indeed." |
|-------------------------------------------------------------------------|

Agreed.

|-------------------------------------------------------------------------|
|" memories are small" |
|-------------------------------------------------------------------------|

Agreed (in the sense that they do not have many binary digits).

|-------------------------------------------------------------------------|
|" (less vulnerable to radiation)." |
|-------------------------------------------------------------------------|

Memories used in space probes are less vulnerable to radiation than
normal memories, but this is not because of the centimeters cubed
used.

On Page 12 of

, dimensions of 0.575 inches by 0.910 inches by (0.117-0.013) inches
(approximately 14.6 millimeters by 23.1 mm by 2.6 mm approximately
equal to 877 mm cubed) are shown for an astronautical four megabit
SRAM excluding the legs, whereas we can see from

and

that dimensions closer to 9 mm by 9 mm by 1.2 mm (97.2 mm cubed) are
available for four megabits of Terran SRAM.

Of course, a problem with radiation is more likely to happen to (2 x
877) mm cubed of 2 x 4 Mbits of SRAM than to 1 x 877 mm cubed of 1 x 4
Mbits of SRAM.

|-------------------------------------------------------------------------|
|" Ada [..] |
|[..] |
|[..] I would expect that |
|perhaps NASA also uses it for the space shuttle." |
|-------------------------------------------------------------------------|

I have heard that a language which is used only for the Space Shuttles
was used instead.

|-------------------------------------------------------------------------|
|Remember if there's a bug they can't just upgrade the software. |
| |
|They both can and *DO* do this." |
|-------------------------------------------------------------------------|

They can upgrade the software. They can not do this easily, so Nick
Keighley's assertion "they can't just upgrade the software" is
correct. Were the probe on the Moon, there would be a latency

|-------------------------------------------------------------------------|
|" They typically use VxWorks as the |
|main operating system," |
|-------------------------------------------------------------------------|

Actually before the rovers launched in circa 2003, NASA used to not
use VxWorks. A port of VxWorks to a processor which had not been
supported before was specifically written for that mission. This is in
contrast to the often conservative nature of responsible astronautical
engineers, but NASA has shown itself to be reckless on a number of
occasions.

|-------------------------------------------------------------------------|
|" which comes with a fairly powerful command |
|console that makes it practical to actually debug, upload bug fixes |
|and reboot the systems all remotely. |
| |
|Well they can but it has to be mostly working for the download |
|to work. |
| |
|Its in the OS they use (and didn't make themselves.)" |
|-------------------------------------------------------------------------|

Were the probe on the Moon, the latency would be a few seconds
long. Latencies for other destinations would be much worse. If Mars
was at its closest to the Sun (i.e. at 1.381 Astronomical Units (A.U.s)) and
were Earth between the Sun and Mars, then there would be a distance of
approximately 0.381 A.U.s equal to circa 500 light seconds multiplied
by 0.381 equals 190.5 light seconds equals over three light minutes
between the Earthling operators and the probe. Between the time an
operator typed ps to list the processes and the time the telecommand
was received over three minutes later, plenty of terminal problems
could have ended the mission.

If you have software on the probe which is sorting ten numbers while
you are uploading a patch to the sorting algorithhm, and pausing or
terminating the current sorting is unacceptable (it might not actually
be buggy, perhaps it merely needs an adjustment), then does VxWorks
know that the only safe times to install the patch are between one
run's final iteration and the next run's next iteration. VxWorks can
not possibly know that without being told. This is independent of
operating system and language.

Are you aware that well-maintained unmanned spacecraft are not
rebooted even when software is being patched while most of the rest of
the software is still being run?

|-------------------------------------------------------------------------|
|"[..] |
| |
|The small memory footprint and VxWorks environment probably makes C a |
|very attractive language for the NASA guys. If they used Ada, they |
|would be slower, have much larger memory requirements and have a very |
|hard time debugging problems remotely. |
| |
|[..]" |
|-------------------------------------------------------------------------|

How is C on VxWorks faster than Ada? It is not clear to me whether you
believe that C on VxWorks makes the speed of light faster or whether
it teleports Mars to be situated closer to Earth.

Please explain the speeds of less than two microseconds without
VxWorks and over eight seconds with VxWorks in Table 1 of
"The Ravenscar Tasking Profile - Experience Report"
by Brian Dobbing and George Romanski in the PDF file hyperlinked to
from


VxWorks consumes "36KB" according to

whereas the Ada runtime overhead for Aonix ObjectRaven was claimed to
be less than five kilobytes in Table 2. Please explain how Ada using
less than five kilobytes is a "much larger memory" requirement than C
using 36KB.

Please show me something in your post about Ada which is not nonsense.

Sincerely,
Colin Paul Gloster

Re: computer language used to program Mars Lander

Paul,
That's just good-old-wrong-assumption made by lot of people. Ada is
slower? I see nothing slow in Ada which is a language. Does a language
has speed now?

More seriously, some benchmarks have shown that some Ada compiler have
been generating faster code than C compiler on a given application. And
of course, some other benchmarks have shown the opposite.

The memory requirement for Ada is wrong too. Using a zero-foot-print
runtime you have zero memory requirement from the runtime.
Still lot easier to prove Ada correct. And in any case on critical
applications there is no Ada nor C but some subset that makes the
languages safer (e.g. SPARK for Ada or MISRA-C for C).

Please let's try to at least have constructive criticisms.

Thanks.
Pascal.

--

--|------------------------------------------------------
--| Pascal Obry Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://www.obry.net
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595