![]() |
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
![]()
Dylan Smith wrote:
Like car crashes, most Windows crashes are caused by bad drivers. The same is true of all operating systems; I once had a Sun Solaris system crash because the tape driver had a bug. It's been a while since I worked on any RTOS, but I seem to (probably incorrectly) recall that applications running on VxWorks (the OS used on the Mars Explorer, among other spacecraft) generally have full run of the memory. That is, there is no distinction between the app and the OS as far as access privileges to memory or I/O. And I'll admit it eventually doesn't matter how reliable the OS is once it passes a certain reasonable level, since the application(s) are always going to be less reliable. If your app crashes, you may not get a "blue screen" but the end result for the pilot is the same: they have to restart the app somehow, and a cold restart is generally the easiest. (Though if the OS is running okay it can tell when the app dies and do a warm restart on the pilot's behalf.) |
#2
|
|||
|
|||
![]()
Jim Logajan writes:
It's been a while since I worked on any RTOS, but I seem to (probably incorrectly) recall that applications running on VxWorks (the OS used on the Mars Explorer, among other spacecraft) generally have full run of the memory. That is, there is no distinction between the app and the OS as far as access privileges to memory or I/O. It makes sense, since anything used in a truly mission-critical environment has to be error-free for the mission to succeed. Protecting the OS against applications serves no purpose, because any error in the applications will negatively impact or destroy the mission, anyway. In other words, even if the OS is protected against an application bug, the mere fact that there is a bug is going to prevent the mission from being carried out, so one gains nothing by protecting the OS. Ultimately you end up with a system that is entirely OS, with everything being privileged. A system that enforces restricted user privileges just does so to protect against poorly-written software; but you cannot afford poorly-written software to begin with in mission-critical systems, so such restrictions are too little, too late, if something goes wrong. And I'll admit it eventually doesn't matter how reliable the OS is once it passes a certain reasonable level, since the application(s) are always going to be less reliable. And vice versa. If it's all mission-critical, there's no reason to restrict any of it, because it all has to be 100% trustworthy to begin with. -- Transpose mxsmanic and gmail to reach me by e-mail. |
#3
|
|||
|
|||
![]()
In article ,
Jim Logajan wrote: It's been a while since I worked on any RTOS, but I seem to (probably incorrectly) recall that applications running on VxWorks (the OS used on the Mars Explorer, among other spacecraft) generally have full run of the memory. That is, there is no distinction between the app and the OS as far as access privileges to memory or I/O. There are versions of VxWorks that are certifiable to DO-178B level A. Kind of hard to do that while allowing full run of the memory. And I'll admit it eventually doesn't matter how reliable the OS is once it passes a certain reasonable level, since the application(s) are always going to be less reliable. um, not always. the complexity of the OS could dominate the complexity of the app, especially if the OS provides protection for the app (e.g., partitioning). -- Bob Noel Looking for a sig the lawyers will hate |
#4
|
|||
|
|||
![]()
Bob Noel writes:
There are versions of VxWorks that are certifiable to DO-178B level A. Kind of hard to do that while allowing full run of the memory. Why? um, not always. the complexity of the OS could dominate the complexity of the app, especially if the OS provides protection for the app (e.g., partitioning). In mission-critical systems, all of the software works as an integrated whole; you don't just load arbitrary code off a CD and run it. If you are running untrustworthy code, you're also running uncertified/unvalidated code, which is dangerous. -- Transpose mxsmanic and gmail to reach me by e-mail. |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
UAV's and TFR's along the Mexico boarder | John Doe | Piloting | 145 | March 31st 06 06:58 PM |
Air Force One Had to Intercept Some Inadvertent Flyers / How? | Rick Umali | Piloting | 29 | February 15th 06 04:40 AM |
terminology questions: turtledeck? cantilever wing? | Ric | Home Built | 2 | September 13th 05 09:39 PM |
I Hate Radios | Ron Wanttaja | Home Built | 9 | June 6th 05 05:39 PM |
AirCraft Radio Communications | [email protected] | Rotorcraft | 0 | November 13th 03 12:48 AM |