p-lang thread: (now (have you (problems two)))

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > p-lang thread: (now (have you (problems two)))

«‹›1784 »

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

vapid cutlery posted:

it's cool how tihs always happens. some company or govt body that has been doing things successfully for over 50 years shares some insight into how they do things, and goons come out of everywhere to tell them they're wrong

adaz isn't a JPL developer thank god and it's his "explanation" i'm dismissing not the jpl document that he's using as an authority, come on ahhh spiders there's no way you are this dense

# ? Aug 8, 2012 20:21

Adbot: ADBOT LOVES YOU

# ? May 8, 2024 21:58

vapid cutlery

Apr 17, 2007

php:

<?
"it's george costanza" ?>

Gazpacho posted:

adaz isn't a JPL developer thank god and it's his "explanation" i'm dismissing not the jpl document that he's using as an authority, come on ahhh spiders there's no way you are this dense

you didn't link to the quote so i assumed it was from the document

# ? Aug 8, 2012 20:21

vapid cutlery

Apr 17, 2007

php:

<?
"it's george costanza" ?>

so yea that guys a dumbass

# ? Aug 8, 2012 20:22

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

2012: year of lua in space

# ? Aug 8, 2012 20:22

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Rule 14 (checking return values)
The return value of non-void functions shall be checked or used by each
calling function, or explicitly cast to (void) if irrelevant. [MISRA-C:2004 Rule
16.10; Power of Ten Rule 7]

Rule 15 (checking parameter values)
The validity of function parameters shall be checked at the start of each
public function. The validity of function parameters to other functions shall
be checked by either the function called or by the calling function. [MISRAC:2004 Rule 20.3; Power of Ten Rule 7]

This is consistent with the principle that the use of total functions is preferable over non-total functions. A total function is setup to handle all possible input values, not just those parameter values that are expected when the software functions normally.

# ? Aug 8, 2012 20:24

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Cocoa Crispies posted:

Rule 14 (checking return values)
The return value of non-void functions shall be checked or used by each
calling function, or explicitly cast to (void) if irrelevant. [MISRA-C:2004 Rule
16.10; Power of Ten Rule 7]

Rule 15 (checking parameter values)
The validity of function parameters shall be checked at the start of each
public function. The validity of function parameters to other functions shall
be checked by either the function called or by the calling function. [MISRAC:2004 Rule 20.3; Power of Ten Rule 7]

This is consistent with the principle that the use of total functions is preferable over non-total functions. A total function is setup to handle all possible input values, not just those parameter values that are expected when the software functions normally.

So, justifying these with Therac-25:

14: "Is the return value sane? If we don't care, make it explicit." Some compilers actually enforce/bitch if you get values but never use them. If you get a return value but never use it, why are you calling the function? If it's for the side effects, is the return value telling you something you need to know and you're just ignoring it? If so, this section of code needs to be reviewed for "why."

quote:

The engineer had reused software from older models. These models had hardware interlocks that masked their software defects. Those hardware safeties had no way of reporting that they had been triggered, so there was no indication of the existence of faulty software commands.

The hardware provided no way for the software to verify that sensors were working correctly (see open-loop controller). The table-position system was the first implicated in Therac-25's failures; the manufacturer revised it with redundant switches to cross-check their operation.

If the hardware was returning values and the software wasn't checking it, beep boop you just rape rayed somebody into oblivion.

15: "Make sure functions are called with valid arguments."

quote:

The software set a flag variable by incrementing it. Occasionally an arithmetic overflow occurred, causing the software to bypass safety checks.

JPL's rules are borne out of studying critical software systems: i.e. ones where lives or expensive poo poo are at risk and not just nudie videos or xml bullshit.

# ? Aug 8, 2012 20:32

Max Facetime: Apr 18, 2009

Gazpacho posted:

i know crazy poo poo happens in space but if you cant even trust your ALU then you better shield that poo poo until you can

Attack of the Cosmic Rays!

# ? Aug 8, 2012 20:59

Toady: Jan 12, 2009

i am a cowboy coder

a SPACE cowboy coder

# ? Aug 8, 2012 21:01

Star War Sex Parrot: Oct 2, 2003

Cocoa Crispies posted:

it's actually a 32-bit powerpc just like my olde ibook

serious question: why do NASA and defense contractors love these CPUs so much?

i seem to recall the F-22 and F-35 using powerpc CPUs as well.

# ? Aug 8, 2012 21:05

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Win8 Hetro Experie posted:

Attack of the Cosmic Rays!

http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf

quote:

Our data covers the majority of machines in Google�s fleet and spans nearly 2.5 years, from January 2006 to June 2008. Each machine comprises a motherboard with some proces- sors and memory DIMMs. We study 6 different hardware platforms, where a platform is defined by the motherboard and memory generation.

[�]

Conclusion 1: We found the incidence of memory errors and the range of error rates across different DIMMs to be much higher than previously reported.
About a third of machines and over 8% of DIMMs in our fleet saw at least one correctable error per year. Our per-DIMM rates of correctable errors translate to an aver- age of 25,000�75,000 FIT (failures in time per billion hours of operation) per Mbit and a median FIT range of 778 � 25,000 per Mbit (median for DIMMs with errors), while pre- vious studies report 200-5,000 FIT per Mbit. The number of correctable errors per DIMM is highly variable, with some DIMMs experiencing a huge number of errors, compared to others. The annual incidence of uncorrectable errors was 1.3% per machine and 0.22% per DIMM.

these machines have an atmosphere, magnetosphere, buildings, and heavy cases to protect them

spacecraft don't

# ? Aug 8, 2012 21:09

Blotto Skorzany: Nov 7, 2008; He's a PSoC, loose and runnin'
came the whisper from each lip
And he's here to do some business with
the bad ADC on his chip
bad ADC on his chiiiiip

Star War Sex Parrot posted:

serious question: why do NASA and defense contractors love these CPUs so much?

i seem to recall the F-22 and F-35 using powerpc CPUs as well.

the f-22 was born from the advanced tactical fighter program which started in 1990 or so, when the power architecture was hot poo poo

the f-35 is also made by lockheed and probably had some engineers overlapping

# ? Aug 8, 2012 21:10

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Star War Sex Parrot posted:

serious question: why do NASA and defense contractors love these CPUs so much?

i seem to recall the F-22 and F-35 using powerpc CPUs as well.

because they love 'em, know they work well, know vxworks for ppc works well, and know that their engineers work with all of the above well

# ? Aug 8, 2012 21:14

Gazpacho: Jun 18, 2004; by Fluffdaddy; Slippery Tilde

hey what i was sayin early about adaz and jpl, that was just :spergin:

pay it no mind

# ? Aug 8, 2012 21:16

Janitor Prime: Jan 22, 2004; PC LOAD LETTER

What da fuck does that mean; Fun Shoe

Win8 Hetro Experie posted:

Attack of the Cosmic Rays!

Nice!

# ? Aug 8, 2012 21:19

gangnam reference: Dec 26, 2010; shut up idiot shut up idiot shut up idiot shut up idiot

Star War Sex Parrot posted:

serious question: why do NASA and defense contractors love these CPUs so much?

i seem to recall the F-22 and F-35 using powerpc CPUs as well.

they know about the megahertz myth

# ? Aug 8, 2012 21:43

Star War Sex Parrot: Oct 2, 2003

hm, I thought they might somehow be more reliable/resilient in adverse conditions

i guess it just has more to do with the fact that these projects take decades to finish

# ? Aug 8, 2012 21:44

Nomnom Cookie: Aug 30, 2009

Cocoa Crispies posted:

because they love 'em, know they work well, know vxworks for ppc works well, and know that their engineers work with all of the above well

also the only rad-hardened x86 cpu intel produced until recently was a 386 variant

# ? Aug 8, 2012 21:45

Shaggar: Apr 26, 2006

Star War Sex Parrot posted:

serious question: why do NASA and defense contractors love these CPUs so much?

i seem to recall the F-22 and F-35 using powerpc CPUs as well.

non-commodity hardware is more expensive which makes padding budgets easier. "we gotta have these arcane procs because of magic so no price is too much"

# ? Aug 8, 2012 21:45

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Star War Sex Parrot posted:

hm, I thought they might somehow be more reliable/resilient in adverse conditions

i guess it just has more to do with the fact that these projects take decades to finish

they are, because they can get radiation hardened ones, because nobody bought anyone else's radiation hardened chips

Nomnom Cookie posted:

also the only rad-hardened x86 cpu intel produced until recently was a 386 variant

and then they quit making 386 variants and now don't make any or didn't make any when these projects were started

# ? Aug 8, 2012 21:48

Nomnom Cookie: Aug 30, 2009

Cocoa Crispies posted:

they are, because they can get radiation hardened ones, because nobody bought anyone else's radiation hardened chips

and then they quit making 386 variants and now don't make any or didn't make any when these projects were started

nah they've made 386s for fuckin ever and just stopped a couple years ago. now there's a new one that's probably sandy bridge or something

# ? Aug 8, 2012 21:51

tef: May 30, 2004; -> some l-system crap ->

Star War Sex Parrot posted:

hm, I thought they might somehow be more reliable/resilient in adverse conditions

i guess it just has more to do with the fact that these projects take decades to finish

they use radiation hardened chips

# ? Aug 8, 2012 21:52

vapid cutlery

Apr 17, 2007

php:

<?
"it's george costanza" ?>

my motherboard is military grade

# ? Aug 8, 2012 21:52

tef: May 30, 2004; -> some l-system crap ->

http://www.baesystems.com/product/BAES_028145/rad750-family-of-products

# ? Aug 8, 2012 21:53

Sneaking Mission: Nov 11, 2008

i spray painted camo onto my keyboard so that should count for something

# ? Aug 8, 2012 21:55

Star War Sex Parrot: Oct 2, 2003

tef posted:

they use radiation hardened chips

neat

# ? Aug 8, 2012 21:56

Cocoa Crispies: Jul 20, 2001; Vehicular Manslaughter!; Pillbug

Nomnom Cookie posted:

nah they've made 386s for fuckin ever and just stopped a couple years ago. now there's a new one that's probably sandy bridge or something

yeah that's what i said

but sandy bridge wasn't around when they started curiosity and you don't switch CPUs in the middle of a project especially if it's a new unproven one and your project is already hella over budget

# ? Aug 8, 2012 21:56

Sneaking Mission: Nov 11, 2008

can i get a rad hardened billy bass?

# ? Aug 8, 2012 21:56

Shaggar: Apr 26, 2006

my keyboard is black so its already space camo

# ? Aug 8, 2012 21:56

vapid cutlery

Apr 17, 2007

php:

<?
"it's george costanza" ?>

tef posted:

http://www.baesystems.com/product/BAES_028145/rad750-family-of-products

rad-hardened parts are going to be the next crazy in high end gaming rigs

# ? Aug 8, 2012 21:58

Nomnom Cookie: Aug 30, 2009

Cocoa Crispies posted:

yeah that's what i said

but sandy bridge wasn't around when they started curiosity and you don't switch CPUs in the middle of a project especially if it's a new unproven one and your project is already hella over budget

ah i thought you meant the f-22 and f-35. yeah i expect it'll be a little while before anyone thinks about shooting sandy bridge into space

# ? Aug 8, 2012 21:59

Max Facetime: Apr 18, 2009

Otto Skorzeny posted:

good luck not doing any dynamic allocation in java!

here's some java that does very little dynamic allocation:

Java code:

package no.dynamic;
public class Allocation {
  public static void main(String[] args) {
    int a = Complex.create(1, 0);
    int b = Complex.create(0, 1);
    int c = Complex.add(a, b);
    System.out.print("Result is ");
    System.out.print(Complex.getReal(c));
    System.out.print(",");
    System.out.println(Complex.getImag(c));
  }

  static class Complex {
    static int create(int real, int imag) {
      int thiz = allocate(2);
      setReal(thiz, real);
      setImag(thiz, imag);
      return thiz;
    }

    private static void setReal(int thiz, int real) { set(thiz, 0, real); }
    private static void setImag(int thiz, int imag) { set(thiz, 1, imag); }
    static int getReal(int thiz) { return get(thiz, 0); }
    static int getImag(int thiz) { return get(thiz, 1); }

    static int add(int thiz, int that) {
      return create(getReal(thiz) + getReal(that), getImag(thiz) + getImag(that));
    }
  }

  public static int get(int thiz, int index) { return ints[objects[thiz] + index]; }
  public static void set(int thiz, int index, int value) { ints[objects[thiz] + index] = value; }

  public static int allocate(int amount) {
    objects[objectsOffset] = intsOffset;
    intsOffset += amount;
    return objectsOffset++;
  }

  private static int[] objects = new int[1000];
  private static int[] ints = new int[10000];
  private static int objectsOffset;
  private static int intsOffset;
}

# ? Aug 8, 2012 21:59

tef: May 30, 2004; -> some l-system crap ->

fwiw, yeah the coding standards are mostly about having total coverage from static analysis. reminds me of what a PhD told me in passing "turing complete is overrated".

there are some other notes about how they do failure handling in software and hardware elsewhere.

and how much code is auto generated from specifications of state machines apparently depends on the flight director.

as much as I think the jpl standards are neat for lifting C into a mission critical language, I think in the future, languages like 'rust' could be a better tool for these sorts of systems.

# ? Aug 8, 2012 22:00

Rufus Ping: Dec 27, 2006; I'm a Friend of Rodney Nano

Win8 Hetro Experie posted:

here's some java that does very little dynamic allocation:

Java code:

package no.dynamic;
public class Allocation {
  public static void main(String[] args) {
    int a = Complex.create(1, 0);
    int b = Complex.create(0, 1);
    int c = Complex.add(a, b);
    System.out.print("Result is ");
    System.out.print(Complex.getReal(c));
    System.out.print(",");
    System.out.println(Complex.getImag(c));
  }

  static class Complex {
    static int create(int real, int imag) {
      int thiz = allocate(2);
      setReal(thiz, real);
      setImag(thiz, imag);
      return thiz;
    }

    private static void setReal(int thiz, int real) { set(thiz, 0, real); }
    private static void setImag(int thiz, int imag) { set(thiz, 1, imag); }
    static int getReal(int thiz) { return get(thiz, 0); }
    static int getImag(int thiz) { return get(thiz, 1); }

    static int add(int thiz, int that) {
      return create(getReal(thiz) + getReal(that), getImag(thiz) + getImag(that));
    }
  }

  public static int get(int thiz, int index) { return ints[objects[thiz] + index]; }
  public static void set(int thiz, int index, int value) { ints[objects[thiz] + index] = value; }

  public static int allocate(int amount) {
    objects[objectsOffset] = intsOffset;
    intsOffset += amount;
    return objectsOffset++;
  }

  private static int[] objects = new int[1000];
  private static int[] ints = new int[10000];
  private static int objectsOffset;
  private static int intsOffset;
}

get real

# ? Aug 8, 2012 22:01

vapid cutlery

Apr 17, 2007

php:

<?
"it's george costanza" ?>

tef posted:

fwiw, yeah the coding standards are mostly about having total coverage from static analysis. reminds me of what a PhD told me in passing "turing complete is overrated".

there are some other notes about how they do failure handling in software and hardware elsewhere.

and how much code is auto generated from specifications of state machines apparently depends on the flight director.

as much as I think the jpl standards are neat for lifting C into a mission critical language, I think in the future, languages like 'rust' could be a better tool for these sorts of systems.

do you think it's realistic for any language that's not C to be adopted by aerospace types? maybe once the olds die off

# ? Aug 8, 2012 22:02

Rufus Ping: Dec 27, 2006; I'm a Friend of Rodney Nano

Panic! At The cisco posted:

can i get a rad hardened billy bass?

rad hardened tofu bass

# ? Aug 8, 2012 22:02

Nomnom Cookie: Aug 30, 2009

tef posted:

fwiw, yeah the coding standards are mostly about having total coverage from static analysis. reminds me of what a PhD told me in passing "turing complete is overrated".

there are some other notes about how they do failure handling in software and hardware elsewhere.

and how much code is auto generated from specifications of state machines apparently depends on the flight director.

as much as I think the jpl standards are neat for lifting C into a mission critical language, I think in the future, languages like 'rust' could be a better tool for these sorts of systems.

i doubt anyone is going to bother porting rust to whatever janky isa satellite cpus use and going through the hell of getting their compiler certified to generate Space Binaries

# ? Aug 8, 2012 22:06