Hacker News new | past | comments | ask | show | jobs | submit login

In this case, C++ code is written in a different style than regular applications: exceptions are not allowed, allocations are not allowed past a certain point in program initialization, raw pointers are frowned upon, etc. This is common in this type of software and when you pair it with the right development culture it really makes a difference in the robustness of the result.



Is C++ code formally verified, e.g. with something like Coq?


Any idea if there's a database layer (eg SQLite, PG, etc) on the systems?


None if possible. In the safety critical parts you want to use software that

- don't do dynamic any memory allocation, has bounded memory usage, never runs out of memory.

- has bounded execution times

- has low interrupt latency

- can do checksum on data and internal state an option. (if need to load into memory)

- is tested using the most rigorous standards, 100% verification and code coverage.

If you write great relatively general but customizable database system like this with good indexing, you need only 5-10 customers and you are set. Safety-critical systems are growing in size and there is real need for software that can get easily certified.

SQLite could probably get certified as a part a system at least as read only database. It's relatively solid code. But it will cost big money and I don't think anyone has done it.


On the ground side, yes, there are many databases for different purposes. But not on the actual flight software.


Very curious, how is state persisted where non-volatile storage is needed, and how is that persistence structured?


It is never persisted outside of RAM. The flight computers are never powered off during a mission. You rely on two flight computers to always be functioning, that’s why the system is one-fault redundant.

You can think as each string being “functional“: given the same set of inputs you expect the same set of outputs.


What happens if some anomaly happens where the shuttle loses power for a second?


Are you asking about what happens if all the power goes out or are you asking how they get state back? If everything reboots it’s fine. On restart the computers will look at all the sensors add project the state of now. There is no reason to keep the state of the past is there? Why does it matter where the craft was 5 minutes before? What matters is what is what is in front of them and the future right? If you tell the computer I want to fly home it looks at where you are and tells you how to get there. It does not need to remember the past parts of the trip does it?


It'd have to know that it's destination was earth, or does it just sit idle after a power on and wait for the command? What happens if the astronauts are asleep? I feel like it needs some persisted data.


I'm reminded of the quote from Linus:

"Real men don’t use backups, they post their stuff on a public ftp server and let the rest of the world make copies."

Real programmers don't use persistent storage, they just rely on physical reality in general.


State is, as far as the system is concerned, is what values the multitude of sensors are reporting at any given moment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: