Linked by Thom Holwerda on Sun 12th Aug 2012 22:16 UTC
General Development "I cannot help but speculate on how the software on the Curiosity rover has been constructed. We know that most of the code is written in C and that it comprises 2.5 Megalines of code, roughly. One may wonder why it is possible to write such a complex system and have it work. This is the Erlang programmers view."
Permalink for comment 530884
To read all comments associated with this story, please click here.
How
by Treza on Mon 13th Aug 2012 00:38 UTC
Treza
Member since:
2006-01-11

I don't know how things are done in Curiosity but I know a bit about critical software in aircrafts.

- The operating systems are deliberately crippled and very static. Task scheduling is fixed with pre-defined deadlines. For hardcore stuff (flight controls for example), equipments are single-purpose and there is often no "real" operating system, just a scheduler.
The Arinc653 standard for operating systems is now more and more used for "modular avionics" : Multi-purpose onboard computers.

- Safety is usually obtained by using both redundancy and dissemblance. Redundancy by using several identical equipments for fault tolerance, dissemblance by selecting different components and software (including eventually different programming languages) to avoid systematic issues.
For example, Boeing "triple" B777 : Three primary computers based each on three dissimilar CPUs : intel 486, AMD 29k and Motorola 68040.

- The 2.5M LOC can be misleading as often C is not the original programming language (except for some special parts for system control, drivers) but instead an intermediate format generated by higher level tools (for example "SCADE, Matlab"). C compilers are often the most mature, and proven reliable compilers exists for subsets of the C langage. Optimisers are used with a lot of caution.
The auto-generated C code is (deliberately) very dumb and basic (no pointers, global variables at fixed memory addresses...)

I suppose also that for Curiosity there are plenty of backup mechanisms. The software is certainly very very complex but in most of the software, eventual bugs don't compromise the mission and can be patched remotely.

[As an afterthought, I realise that this post is not that much related to the subject. Sorry !]

Reply Score: 9