computer language used to program Mars Lander

[jhc0033]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation? I wonder also, do
they really mean C++ when they say C. In my experience, this is a
frequent, although disagreeable usage.

 

[jacob navia]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation? I wonder also, do
they really mean C++ when they say C. In my experience, this is a
frequent, although disagreeable usage.

They do not use even memory allocation. They use a subset of C

I am sure they do not use C++!

 

[Nick Keighley]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation? I wonder also, do
they really mean C++ when they say C. In my experience, this is a
frequent, although disagreeable usage.

contrary to popular expectations space probes are very
conservative in their use of technolgy. Processors are old
(and hence proven) memorys are small (less vulnerable to radiation).

Rememeber if there's a bug they can't just upgrade the software.
Well they can but it has to be mostly working for the download
to work.

These are essetially embedded systems and C is still popular
in that world.

I suspect its a damn sight easier to prove C correct than C++.

a = b + c;

probably does what it says in C (assuming b and c have good values
and it doesn't overflow). In C++ there could be half a dozen
overloaded
operators in there.

--
Nick Keighley

I know not what I appear to the world, but to myself I seem to have
been
only like a boy playing on the sea-shore, and diverting myself in now
and
then finding a smoother pebble or a prettier shell, whilest the great
ocean of truth lay all undiscovered before me.
(Sir Issac Newton)

 

[george.priv]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation? I wonder also, do
they really mean C++ when they say C. In my experience, this is a
frequent, although disagreeable usage.

As pointed out it was subset of C and the size of the software is
relatively small by todays standards if it all fits in 128M (no VM
AFAIK).

The specifics of this project differs from earthly "life safety" type
of applications. If probe software fails, watchdog will reboot it into
the safe mode. There it will sit waiting the instructions/patches from
home. Therefore, a critical part is a bootstrap and communication
module. The rest is allowed to fail and can be fixed.

George

 

[Keith Thompson]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation? I wonder also, do
they really mean C++ when they say C. In my experience, this is a
frequent, although disagreeable usage.

This was cross-posted to comp.lang.ada and comp.lang.c. I suggest we
all refuse to take the bait and *not* start a cross-language flame
war.

 

[Maciej Sobczak]

They do not use even memory allocation. They use a subset of C

I am sure they do not use C++!

Why? I would expect some parts of C++ being used, no matter how much
constrained is the target environment.
In particular, C++ has better and more expressive type system,
destructors that can ensure proper execution of "exit" actions, better
support for encapsulation, etc. All these are real advantages as far
as safe and secure code is concerned and none of these require
additional run-time resources.

For example, would you like to have custom integer types with range
checking in this critical software? (Expected answer on this group is
"yes".) This is trivial in C++ and almost impossible in C. This alone
is already a reason to prefer C++ over C for such systems.

Now, why there is no Ada on Mars is another story - but don't worry
about what Martians will think: they will not see the source code
anyway. ;-)

 

[CBFalconer]

This was cross-posted to comp.lang.ada and comp.lang.c. I
suggest we all refuse to take the bait and *not* start a
cross-language flame war.

It has nothing to do with wars. It is simply an illustration that
proves that it is _possible_ to generate accurate code with C. It
is also possible with assembly language. However, doing so
requires good programmers with plenty of experience. You can get
equal quality from poorer programmers with less experience by using
Ada. I leave it to you what you will get with experienced good
programmers and Ada.

 

[Maciej Sobczak]

I suspect its a damn sight easier to prove C correct than C++.

    a = b + c;

probably does what it says in C (assuming b and c have good values
and it doesn't overflow). In C++ there could be half a dozen
overloaded
operators in there.

Your reasoning is completely broken.
Let's try this one:

I suspect its a damn sight easier to prove C correct than Ada.

a = b + c;

probably does what it says in C. In Ada (substitute := for = ) there
could be half a dozen overloaded operators in there (and some
controlled operations as well).

Do you think that there are some monkeys in the project that randomly
overload operators? If yes, then Ada is equally vulnerable.

Another point: the operator + in C *is* overloaded and not only its
meaning, but also the generated object code differs depending on the
types of a and b. Yes, this is what overloading is all about and yes,
you can have serious errors in C because of that, especially when
combined with implicit conversions. What C++ or Ada can offer in this
area is at least to get rid of those implicit conversions. This is a
huge gain for proving correctness of the code.

 

[Stephen Leake]

Interesting article I came across on Slashdot:

http://developers.slashdot.org/developers/08/07/10/213211.shtml

They are using C at JPL to program Mars Lander and just about
everything now! Not Ada. Anyone got an explanation?

They are comfortable with their current tools, and simply refuse to
consider others.

I run into that attitude all the time. Even when they are considering
adding tools like static analyzers, they won't consider changing
languages. It's extremely frustrating!

In the short run, sticking with what you know is safe. In the long
run, it is a significant loss of productivity. JPL and many, many
other places are sticking with the safe route.

 

[jhc0033]

contrary to popular expectations space probes are very
conservative in their use of technolgy.

I disagree. Actually, the space industry will try anything and stick
with it until stuff explodes (Ariane rocket) or crashes into the wrong
celestial body because of faulty software. They did use Ada widely
before, and they even programmed some of their probes in Lisp. Seems
like C is the new fad there. Wait until they get bitten by macros and
dangling pointers.

 

[Paul Hsieh]

contrary to popular expectations space probes are very
conservative in their use of technology. Processors are old
(and hence proven) memories are small (less vulnerable to radiation).

Indeed. Ada is used by the military, because they have much more
sophisticated hardware in tanks and fighter jets. I would expect that
perhaps NASA also uses it for the space shuttle.

Remember if there's a bug they can't just upgrade the software.

They both can and *DO* do this. They typically use VxWorks as the
main operating system, which comes with a fairly powerful command
console that makes it practical to actually debug, upload bug fixes
and reboot the systems all remotely.

Well they can but it has to be mostly working for the download
to work.

Its in the OS they use (and didn't make themselves.)

These are essentially embedded systems and C is still popular
in that world.

The small memory footprint and VxWorks environment probably makes C a
very attractive language for the NASA guys. If they used Ada, they
would be slower, have much larger memory requirements and have a very
hard time debugging problems remotely.

I suspect its a damn sight easier to prove C correct than C++.

Well by definition, since every C bug can be mapped to a C++ bug
(except for certain implicit type conversion failures; but that can be
dealt with by requiring that the C code also be compilable with a C++
compiler.)

 

[Chris Thomasson]

Indeed. Ada is used by the military, because they have much more
sophisticated hardware in tanks and fighter jets.

Is this a trolling attempt? Anyway, the military uses C++ for all critical
system software in state-of-the-art fighter-bombers because they have much
more sophisticated hardware:

http://www.research.att.com/~bs/JSF-AV-rules.pdf

http://www.ldra.co.uk/nologindownload.asp?id=52

:^/

I would expect that
perhaps NASA also uses it for the space shuttle.

[...]

 

[Default User]

Is this a trolling attempt? Anyway, the military uses C++ for all
critical system software in state-of-the-art fighter-bombers because
they have much more sophisticated hardware:

We did quite a bit of code for avionics flight systems for military
aircraft in C++. It ran on top of an RTOS and there were certain
restrictions in the programming. Dynamic memory was only allocated at
startup, for instance.



Brian

 

[Gary Scott]

Is this a trolling attempt? Anyway, the military uses C++ for all critical
system software in state-of-the-art fighter-bombers because they have much
more sophisticated hardware:

http://www.research.att.com/~bs/JSF-AV-rules.pdf

http://www.ldra.co.uk/nologindownload.asp?id=52

It has very little to do with the "sophistication of the hardware".

:^/

I would expect that
perhaps NASA also uses it for the space shuttle.

[...]

--

Gary Scott
mailto:garylscott@sbcglobal dot net

Fortran Library: http://www.fortranlib.com

Support the Original G95 Project: http://www.g95.org
-OR-
Support the GNU GFortran Project: http://gcc.gnu.org/fortran/index.html

If you want to do the impossible, don't hire an expert because he knows
it can't be done.

-- Henry Ford

 

[Chris Thomasson]

We did quite a bit of code for avionics flight systems for military
aircraft in C++. It ran on top of an RTOS and there were certain
restrictions in the programming. Dynamic memory was only allocated at
startup, for instance.

Sounds pretty smart to me. IMHO, its nice that C++ is flexible enough
to work well under some fairly harsh, but necessary restrictions. Also,
IMVHO, it does not really matter what programming language is used because
in the end its all up to the programmer to "get it right". Even an ADA-
based system could contain subtle logic bugs. That would be very bad if
one of those nasty bugs revealed a code-path which could open the bomb
bay doors, arm something and let it loose!

:^o

 

[Chris Thomasson]

It has very little to do with the "sophistication of the hardware".

[...]

Yeah, I was "trying" to be sarcastic.

:^(

 

[Colin Paul Gloster]

On Thu, 17 Jul 2008, Paul Hsieh wrote:

|-------------------------------------------------------------------------|
|"On Jul 14, 4:49 am, Nick Keighley <[email protected]> |
|wrote: |
|> |
|> > Interesting article I came across on Slashdot: |
|> |
|> >http://developers.slashdot.org/developers/08/07/10/213211.shtml |
|> |
|> > They are using C at JPL to program Mars Lander and just about |
|> > everything now! Not Ada. Anyone got an explanation? I wonder also, do|
|> > they really mean C++ when they say C. In my experience, this is a |
|> > frequent, although disagreeable usage. |
|> |
|> contrary to popular expectations space probes are very |
|> conservative in their use of technology. Processors are old |
|> (and hence proven) [..] |
| |
|Indeed." |
|-------------------------------------------------------------------------|

Agreed.

|-------------------------------------------------------------------------|
|" memories are small" |
|-------------------------------------------------------------------------|

Agreed (in the sense that they do not have many binary digits).

|-------------------------------------------------------------------------|
|" (less vulnerable to radiation)." |
|-------------------------------------------------------------------------|

Memories used in space probes are less vulnerable to radiation than
normal memories, but this is not because of the centimeters cubed
used.

On Page 12 of
HTTP://AMS.Aeroflex.com/ProductFiles/DataSheets/4MSRAM/ut8r512x8.pdf
, dimensions of 0.575 inches by 0.910 inches by (0.117-0.013) inches
(approximately 14.6 millimeters by 23.1 mm by 2.6 mm approximately
equal to 877 mm cubed) are shown for an astronautical four megabit
SRAM excluding the legs, whereas we can see from
WWW.IDT.com/?genID=71V416L&source=products_genericPart_71V416L
and
WWW.IDT.com/?app=packaging&packageID=BE48&mktseg=IDT
that dimensions closer to 9 mm by 9 mm by 1.2 mm (97.2 mm cubed) are
available for four megabits of Terran SRAM.

Of course, a problem with radiation is more likely to happen to (2 x
877) mm cubed of 2 x 4 Mbits of SRAM than to 1 x 877 mm cubed of 1 x 4
Mbits of SRAM.

|-------------------------------------------------------------------------|
|" Ada [..] |
|[..] |
|[..] I would expect that |
|perhaps NASA also uses it for the space shuttle." |
|-------------------------------------------------------------------------|

I have heard that a language which is used only for the Space Shuttles
was used instead.

|-------------------------------------------------------------------------|
|> Remember if there's a bug they can't just upgrade the software. |
| |
|They both can and *DO* do this." |
|-------------------------------------------------------------------------|

They can upgrade the software. They can not do this easily, so Nick
Keighley's assertion "they can't just upgrade the software" is
correct. Were the probe on the Moon, there would be a latency

|-------------------------------------------------------------------------|
|" They typically use VxWorks as the |
|main operating system," |
|-------------------------------------------------------------------------|

Actually before the rovers launched in circa 2003, NASA used to not
use VxWorks. A port of VxWorks to a processor which had not been
supported before was specifically written for that mission. This is in
contrast to the often conservative nature of responsible astronautical
engineers, but NASA has shown itself to be reckless on a number of
occasions.

|-------------------------------------------------------------------------|
|" which comes with a fairly powerful command |
|console that makes it practical to actually debug, upload bug fixes |
|and reboot the systems all remotely. |
| |
|> Well they can but it has to be mostly working for the download |
|> to work. |
| |
|Its in the OS they use (and didn't make themselves.)" |
|-------------------------------------------------------------------------|

Were the probe on the Moon, the latency would be a few seconds
long. Latencies for other destinations would be much worse. If Mars
was at its closest to the Sun (i.e. at 1.381 Astronomical Units (A.U.s)) and
were Earth between the Sun and Mars, then there would be a distance of
approximately 0.381 A.U.s equal to circa 500 light seconds multiplied
by 0.381 equals 190.5 light seconds equals over three light minutes
between the Earthling operators and the probe. Between the time an
operator typed ps to list the processes and the time the telecommand
was received over three minutes later, plenty of terminal problems
could have ended the mission.

If you have software on the probe which is sorting ten numbers while
you are uploading a patch to the sorting algorithhm, and pausing or
terminating the current sorting is unacceptable (it might not actually
be buggy, perhaps it merely needs an adjustment), then does VxWorks
know that the only safe times to install the patch are between one
run's final iteration and the next run's next iteration. VxWorks can
not possibly know that without being told. This is independent of
operating system and language.

Are you aware that well-maintained unmanned spacecraft are not
rebooted even when software is being patched while most of the rest of
the software is still being run?

|-------------------------------------------------------------------------|
|"[..] |
| |
|The small memory footprint and VxWorks environment probably makes C a |
|very attractive language for the NASA guys. If they used Ada, they |
|would be slower, have much larger memory requirements and have a very |
|hard time debugging problems remotely. |
| |
|[..]" |
|-------------------------------------------------------------------------|

How is C on VxWorks faster than Ada? It is not clear to me whether you
believe that C on VxWorks makes the speed of light faster or whether
it teleports Mars to be situated closer to Earth.

Please explain the speeds of less than two microseconds without
VxWorks and over eight seconds with VxWorks in Table 1 of
"The Ravenscar Tasking Profile - Experience Report"
by Brian Dobbing and George Romanski in the PDF file hyperlinked to
from
HTTP://Portal.ACM.org/citation.cfm?...ortal&dl=GUIDE&CFID=37194600&CFTOKEN=70659176

VxWorks consumes "36KB" according to
WWW.Windriver.com/products/product-notes/Platform-for-Network-Equipment-ve-Note.pdf
whereas the Ada runtime overhead for Aonix ObjectRaven was claimed to
be less than five kilobytes in Table 2. Please explain how Ada using
less than five kilobytes is a "much larger memory" requirement than C
using 36KB.

Please show me something in your post about Ada which is not nonsense.

Sincerely,
Colin Paul Gloster

 

[Dmitry A. Kazakov]

On Thu, 17 Jul 2008, Paul Hsieh wrote:

|The small memory footprint and VxWorks environment probably makes C a
|very attractive language for the NASA guys. If they used Ada, they
|would be slower, have much larger memory requirements and have a very
|hard time debugging problems remotely.

How is C on VxWorks faster than Ada?

As a part of religious experience, I guess...

Actually some VxWorks guys, who are aware of Ada, tried to convince us that
our project on VxWorks should use C, rather than Ada, because "C is
faster."

 

[Gautier]

Paul Hsieh:

The small memory footprint and VxWorks environment probably makes C a
very attractive language for the NASA guys. If they used Ada, they
would be slower,

Oooh... This is a misconception that comes from the time of
non-optimizing compilers for PC's - around 20 years ago. At that time a
i++ was faster than a i:= i + 1, sure. But it was long long time ago.
Never heard of GCC ?...
_________________________________________________________
Gautier's Ada programming -- http://sf.net/users/gdemont/

NB: For a direct answer, e-mail address on the Web site!

 

[jacob navia]

Paul Hsieh:


Oooh... This is a misconception that comes from the time of
non-optimizing compilers for PC's - around 20 years ago. At that time a
i++ was faster than a i:= i + 1, sure. But it was long long time ago.
Never heard of GCC ?...
_________________________________________________________
Gautier's Ada programming -- http://sf.net/users/gdemont/

NB: For a direct answer, e-mail address on the Web site!

Do you have any data to prove that ADA is faster than C?
Or that has a smaller memory footprint?