 |
C++Talk.NET
C++ language newsgroups
|
| View previous topic :: View next topic |
| Author |
Message |
Scott Meyers
Guest
|
 Posted: Wed Oct 19, 2005 8:41 am Post subject: Examples of C++ in Safety Critical Systems |
 |
|
I recently received the following message from an attendee of one of my C++
seminars:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
I'm personally worked in the past within the telecomunication
business. Here i implemented several thinks in C++ and in Java. Since two
years i'm now working for the transportation business systems unit. Here
we implement electronic interlocking systems to guarantee that a train
can pass a station by a secured way. An operator can see e.g. the layout
of a whole train station with all elements such as tracks, points,
signals, level crossings and so on. A main task is now to set a route for
a train e.g a route from the entry main signal to the exit main
signal. Now it must be guaranteed that no other train can pass this
route. The protection of the route can be done by pointing points of
neighbour routes into the opposite direction and by showing signals the
stop aspect to disallow trains to drive into the protected route.
Currently the system is implemented in C but we are in the progress to
move forward to C++. Do you know companies which have experiences in
programming safety critical systems using C++?
Note that the question has nothing to do with whether C++ is suitable or
not suitable for safety critical systems, only about
companies/systems/people with experience using C++ for such systems. My
knowledge of such companies/systems/people is very limited, so I'm hoping
that participants of this newsgroup may be able to point me and my
correspondent to people/places we are not familiar with.
Thanks,
Scott
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
 |
Maciej Sobczak
Guest
|
| Posted: Thu Oct 20, 2005 10:38 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Scott Meyers wrote:
| Quote: | I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
|
Please see this:
http://icalepcs2005.web.cern.ch/Icalepcs2005/
This conference took place just last week and the participants were
those who are involved in high-energy accelerators (including the ones
used for medical purposes), nuclear fusion, astronomy, etc. - most of
them are pure research projects (so you can always claim that they are
not safety critical  ), but for sure there is a lot of place for
safety considerations and some of the devices are available for "public"
use, like medical accelerators for the hadron cancer therapy or nuclear
fusion facilities which are going to be actually real power-stations.
I think they *are* safety critical.
(The abstracts of all the papers (and some posters) are already
available for download, so those who are interested may take a tour.)
The overall impression from the conference is that the *majority* of
such projects use C/C++ very extensively. The reasons (my humble opinion
and other disclaimers apply) are not because C++ is the best language
ever, but because the world of real-time and control systems is really
"natively" C/C++ - this means that operating systems, drivers for all
kinds of devices and even external utilities (LabView, Matlab, whatever)
all are made and sold with C(/C++) interfaces bundled, so it is just
easier to bring all those pieces together when C/C++ is the main language.
Of course, there are other languages as well, but not on the "critical"
side: Java is very actively used for the client applications (GUI
consoles), some people use Python as well for some non-real-time
activities, Tcl is less frequent, but also in use.
Interestingly: I can point only *two* projects presented at the
conference, where Ada was used as a main implementation language.
| Quote: | Note that the question has nothing to do with whether C++ is suitable or
not suitable for safety critical systems,
|
Apparently it is.
| Quote: | only about
companies/systems/people with experience using C++ for such systems.
|
The reseach and scientific community extensively uses C++ and again -
this seems to be the standard language. Some of the projects can be
qualified as safety-critical and some clearly end up as commercial
facilities with safety-critical label.
Having said that, I'm also interested in non-research uses of C++ (or at
least those that were not born as research activities) in
safety-critical systems.
--
Maciej Sobczak : http://www.msobczak.com/
Programming : http://www.msobczak.com/prog/
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Branimir Maksimovic
Guest
|
| Posted: Thu Oct 20, 2005 11:18 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Scott Meyers wrote:
| Quote: | I recently received the following message from an attendee of one of my C++
seminars:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
|
http://www.ctas.arc.nasa.gov/
is good reference for a start. They use C and C++ on unix.
I also worked on programs regarding ATC on unix(simulator program
and one project regarding tracking airplanes on the ground)
for company in Germany, but that company doesn't work any more
, so it's not relevant.
Greetings, Bane.
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Gabriel Dos Reis
Guest
|
| Posted: Thu Oct 20, 2005 11:27 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Scott Meyers <usenet (AT) aristeia (DOT) com> writes:
| Quote: | I recently received the following message from an attendee of one of my C++
seminars:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
|
Some companies are listed at Bjarne Stroustrup's "Application" website; you
might find Lockheed Martin, the rover on Mars (OK, it is not a company
but whoever sent it there was using C++ ), etc.
--
Gabriel Dos Reis
[email]gdr (AT) integrable-solutions (DOT) net[/email]
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Stefan Näwe
Guest
|
| Posted: Thu Oct 20, 2005 5:31 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Gabriel Dos Reis wrote:
| Quote: | Scott Meyers <usenet (AT) aristeia (DOT) com> writes:
| I recently received the following message from an attendee of one of my C++
| seminars:
|
| I ask you if you know any companies which are using C++ within safety
| critical systems like flight control systems.
Some companies are listed at Bjarne Stroustrup's "Application" website; you
might find Lockheed Martin, the rover on Mars (OK, it is not a company
but whoever sent it there was using C++ ), etc.
|
Isn't that rover currently 'missing in action' ?
SCNR
Stefan
--
Stefan Naewe
naewe.s_AT_atlas_DOT_de
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Gabriel Dos Reis
Guest
|
| Posted: Fri Oct 21, 2005 8:16 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Stefan Näwe <please (AT) nospam (DOT) net> writes:
| Quote: | Gabriel Dos Reis wrote:
Scott Meyers <usenet (AT) aristeia (DOT) com> writes:
| I recently received the following message from an attendee of one of my C++
| seminars:
|
| I ask you if you know any companies which are using C++ within safety
| critical systems like flight control systems.
Some companies are listed at Bjarne Stroustrup's "Application" website; you
might find Lockheed Martin, the rover on Mars (OK, it is not a company
but whoever sent it there was using C++ ), etc.
Isn't that rover currently 'missing in action' ?
|
There must be a joke here that I missed.
--
Gabriel Dos Reis
[email]gdr (AT) integrable-solutions (DOT) net[/email]
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Martin Bonner
Guest
|
| Posted: Fri Oct 21, 2005 4:28 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Maciej Sobczak wrote:
| Quote: | Scott Meyers wrote:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
Please see this:
http://icalepcs2005.web.cern.ch/Icalepcs2005/
[snip]
The overall impression from the conference is that the *majority* of
such projects use C/C++ very extensively.
|
But the context of Scott's question was clearly C++ as opposed to C.
Not C and C++ as opposed to Java or Ada.
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Carlos Moreno
Guest
|
| Posted: Fri Oct 21, 2005 10:08 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Martin Bonner wrote:
| Quote: | Maciej Sobczak wrote:
Scott Meyers wrote:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
Please see this:
http://icalepcs2005.web.cern.ch/Icalepcs2005/
[snip]
The overall impression from the conference is that the *majority* of
such projects use C/C++ very extensively.
But the context of Scott's question was clearly C++ as opposed to C.
Not C and C++ as opposed to Java or Ada.
|
Huh?? Where did you read that?? I guess it would be up to Scott to
clarify if this is what he really meant, but I really don't see how
one could draw this conclusion... (the question he was asked does
mention that the system is in C, and they're moving away from that;
but I don't see that as a "how is C++ compared to C for safety-critical
applications?")
Personally, I think C is like 180 degrees opposed to safety-critical
systems. C is satirically described as operating a chainsaw (or a
table-saw, or whatever other power tools) with all the safety switches
off -- you get all the raw power, but you're taking very high risks
in exchange.
C++'s increased type safety and "task-automation" idioms (constructors
and destructors as the most obvious examples -- you make sure that
you don't forget to do certain things) definitely make the C vs. C++
a non-contest when we're talking about safety-critical systems....
But I do believe Scott's question was more along the lines of "is C++
sufficiently safe to be used for safety-critical applications?" (well,
his question really, and explicitlym, asks for statistics about use --
what I mean is that, if anything, the intent behind the question would
be C++ vs. other alternatives usually perceived as "safer" than C++,
such as Ada and the what-the-hell-is-wrong-with-this-planet Java option)
Carlos
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Scott Meyers
Guest
|
| Posted: Sat Oct 22, 2005 3:20 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Carlos Moreno wrote:
| Quote: | Huh?? Where did you read that?? I guess it would be up to Scott to
clarify if this is what he really meant, but I really don't see how
one could draw this conclusion... (the question he was asked does
mention that the system is in C, and they're moving away from that;
but I don't see that as a "how is C++ compared to C for safety-critical
applications?")
|
My reading between the lines of the message I received is that a decision has
been made to add C++ to an existing safety-critical system in C, but the
decision was not without controversy, and everybody involved would be reassured
to find that others have already successfully implemented such systems in C++,
i.e., this company won't be blazing brand new trails. That's just a guess,
however. The words I posted are the words that were sent to me. It's also
possible that the person who wrote me would like to contact other people who
have experience using C++ in safety-critical systems to find out what issues
they encountered.
Scott
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
P.J. Plauger
Guest
|
| Posted: Sat Oct 22, 2005 3:25 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
"Carlos Moreno" <moreno_at_mochima_dot_com (AT) mailinator (DOT) com> wrote
| Quote: | Personally, I think C is like 180 degrees opposed to safety-critical
systems. C is satirically described as operating a chainsaw (or a
table-saw, or whatever other power tools) with all the safety switches
off -- you get all the raw power, but you're taking very high risks
in exchange.
|
Yep, with emphasis on the "satirically". While all those folks
are tossing off bon mots at conferences about how dangerous
C is, programmers are busy delivering software that works in C.
And as for all those systems written in "safer" languages,
guess what all their low-level code is written in?
| Quote: | C++'s increased type safety and "task-automation" idioms (constructors
and destructors as the most obvious examples -- you make sure that
you don't forget to do certain things) definitely make the C vs. C++
a non-contest when we're talking about safety-critical systems....
|
Uh huh. Except for the uncertainties of new expressions, and
thrown exceptions, and ...
| Quote: | But I do believe Scott's question was more along the lines of "is C++
sufficiently safe to be used for safety-critical applications?" (well,
his question really, and explicitlym, asks for statistics about use --
what I mean is that, if anything, the intent behind the question would
be C++ vs. other alternatives usually perceived as "safer" than C++,
such as Ada and the what-the-hell-is-wrong-with-this-planet Java option)
|
Yep. And at the end of the day, the safety of a system depends
remarkably little on the choice of programming language, and
(not at all remarkably) much on the robustness of the *process*
by which the product is developed and tested.
P.J. Plauger
Dinkumware, Ltd.
http://www.dinkumware.com
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Bjorn Reese
Guest
|
| Posted: Sat Oct 22, 2005 6:08 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Scott Meyers wrote:
| Quote: | I recently received the following message from an attendee of one of my C++
seminars:
I ask you if you know any companies which are using C++ within safety
critical systems like flight control systems.
|
Lockheed Martin. Most of the on-board software for the Joint Strike
Fighter (F-35) will be written in C++.
--
mail1dotstofanetdotdk
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Francis Glassborow
Guest
|
| Posted: Sat Oct 22, 2005 6:13 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
In article <heb6f.27691$HE6.161045 (AT) wagner (DOT) videotron.net>, Carlos Moreno
<moreno_at_mochima_dot_com (AT) mailinator (DOT) com> writes
| Quote: | C++'s increased type safety and "task-automation" idioms (constructors
and destructors as the most obvious examples -- you make sure that
you don't forget to do certain things) definitely make the C vs. C++
a non-contest when we're talking about safety-critical systems...
|
LOL. Yes, C with a suitable tool chain is much safer than C++, but
somehow I do not think that is what you meant.
--
Francis Glassborow ACCU
Author of 'You Can Do It!' see http://www.spellen.org/youcandoit
For project ideas and contributions: http://www.spellen.org/youcandoit/projects
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
bjarne
Guest
|
| Posted: Sat Oct 22, 2005 6:14 pm Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
One of the Rovers had a problem last week and had to be re-set:
http://marsrovers.jpl.nasa.gov/home/
They require a bit more care now that they have lasted 5 times their
promised "life span". The original mission was 3 months, the engineeres
hoped for half a year, and both rovers have now functioned almost
flawless for more than 15 months.
- Bjarne Stroustrup; http://www.research.att.com/~bs
PS the majority of the code on the rovers is C and assembler. The C++
part is the scene analysis and the autonomous driving (a rover has to
manage on its own for something like 24 hours between receiving new
instructions about what to do).
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
Branimir Maksimovic
Guest
|
| Posted: Sun Oct 23, 2005 9:56 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Carlos Moreno wrote:
| Quote: |
Personally, I think C is like 180 degrees opposed to safety-critical
systems. C is satirically described as operating a chainsaw (or a
table-saw, or whatever other power tools) with all the safety switches
off -- you get all the raw power, but you're taking very high risks
in exchange.
|
C's power is in simplicity. One who writes safe critical code
doesn't like complex language. If one is not able to write
safe code in C it is not capable to write safe code in ADA or C++
or anything. So called safer languages are safe that are fault
tolerant to programer errors. Safety critical system isn't. That's
why in such cases primary choice for language is simplicity.
One who is responsible for lifes doesn't want to rely on
complex tools, rather on him/herself.
| Quote: |
C++'s increased type safety and "task-automation" idioms (constructors
and destructors as the most obvious examples -- you make sure that
you don't forget to do certain things) definitely make the C vs. C++
a non-contest when we're talking about safety-critical systems....
|
Primary choice for C++ would be close integration with C, not safety.
What if you have to use threads? Threads are undefined behavior in
C++. thread programming in C is simple, but even experienced
C++ programers doesn't know that they can't start/join in
constructors/destructors of shared objects.
And we were doing software for air traffic control.
I found such bug in code of very good programmer and I saw book which
*recommends* such code!
Because of lot of problems with C++, some older programers felt that
C++ is too complex and unpredictable. They wanted to revert to pure C.
These are just scratch of problems.
Greetings, Bane.
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
James Kanze
Guest
|
| Posted: Mon Oct 24, 2005 12:15 am Post subject: Re: Examples of C++ in Safety Critical Systems |
|
|
Branimir Maksimovic wrote:
| Quote: | Carlos Moreno wrote:
Personally, I think C is like 180 degrees opposed to
safety-critical systems. C is satirically described as
operating a chainsaw (or a table-saw, or whatever other power
tools) with all the safety switches off -- you get all the raw
power, but you're taking very high risks in exchange.
C's power is in simplicity. One who writes safe critical code
doesn't like complex language. If one is not able to write
safe code in C it is not capable to write safe code in ADA or
C++ or anything.
|
That's probably true. The question is how much it costs to
acheive the same level of reliability.
| Quote: | So called safer languages are safe that are fault tolerant to
programer errors.
|
Actually, I think that Ada is safer above all because it is more
readable. It is easier to prove an Ada program (without
e.g. pointer arithmetic) correct that it is a C program.
| Quote: | Safety critical system isn't. That's why in such cases
primary choice for language is simplicity. One who is
responsible for lifes doesn't want to rely on complex tools,
rather on him/herself.
|
Actually, when writing code responsible for human life, one
wants redundancy. Relying uniquely on oneself is not a very
redundant solution, and would not be considered acceptable.
| Quote: | C++'s increased type safety and "task-automation" idioms
(constructors and destructors as the most obvious examples --
you make sure that you don't forget to do certain things)
definitely make the C vs. C++ a non-contest when we're talking
about safety-critical systems....
Primary choice for C++ would be close integration with C, not
safety. What if you have to use threads? Threads are
undefined behavior in C++. thread programming in C is simple,
but even experienced C++ programers doesn't know that they
can't start/join in constructors/destructors of shared
objects.
|
The status of threading in C and in C++ is exactly identical.
It's undefined behavior as far as the language standard is
concerned, but most implementations where it is relevant do
define something.
As for the problem of starting a thread in a constructor, given
the amount that has been written about it, it's a pretty poor
programmer who isn't aware of it. (And of course, you can do
just as stupid things in C.)
| Quote: | And we were doing software for air traffic control.
I found such bug in code of very good programmer and I saw
book which *recommends* such code!
|
I've seen a lot of junk in books. It's well known that some
books are to be avoided.
| Quote: | Because of lot of problems with C++, some older programers
felt that C++ is too complex and unpredictable. They wanted
to revert to pure C. These are just scratch of problems.
|
There is a potential problem that the C++ world is not yet as
mature as the C world in this respect. Which is sort of normal;
it hasn't been around as long. But I know of some pretty large
and robust applications written in C++, without problems. All
in all, in the measure that C++ can make the code more readable,
it is a positive factor, compared to C. Obviously, if instead
you use it to make the code less readable (which it can also do,
if used incorrectly), then it becomes a negative factor. But,
coming back to your initial comment, if your shop is so
organized that using C++ results in less readable code, then it
is organized in a fashion that makes reliable code impossible in
any language.
--
James Kanze mailto: [email]james.kanze (AT) free (DOT) fr[/email]
Conseils en informatique orientée objet/
Beratung in objektorientierter Datenverarbeitung
9 pl. Pierre Sémard, 78210 St.-Cyr-l'École, France +33 (0)1 30 23 00 34
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
