←back to thread

The C++ standard for the F-35 Fighter Jet [video]

(www.youtube.com)
327 points AareyBaba | 2 comments | 07 Dec 25 18:07 UTC | HN request time: 0s | source
Show context
barfoure ◴[07 Dec 25 18:29 UTC] No.46183842[source]
Do avionics in general subscribe to MISRA C/C++ or do they go even further with an additional (or different) approach?
replies(3): >>46183870 #>>46184021 #>>46184148 #
stackghost ◴[07 Dec 25 19:06 UTC] No.46184148[source]
Depends on the company in my experience. I've seen some suppliers that basically just wire up the diagram in Matlab/simulink and hit Autocode. No humans actually touch the C that comes out.

Honestly I think that's probably the correct way to write high reliability code.

replies(2): >>46184199 #>>46192932 #
garyfirestorm ◴[07 Dec 25 19:13 UTC] No.46184199[source]
You’re joking right? That autogenerated code is generally garbage and spaghetti code. It was probably the reason for Toyotas unintended acceleration glitch.
replies(6): >>46184323 #>>46184469 #>>46184508 #>>46184621 #>>46185898 #>>46186758 #
1. cpgxiii ◴[07 Dec 25 20:02 UTC] No.46184621[source]
In the case of the Toyota/Denso mess, the code in question had both auto-generated and hand-written elements, including places where the autogenerated code had been modified by hand later. That is the worst place to be, where you no longer have whatever structure and/or guarantees the code gen might provide, but you also don't have the structure and choices that a good SWE team would have to develop that level of complexity by hand.
replies(1): >>46192956 #
2. superxpro12 ◴[08 Dec 25 15:00 UTC] No.46192956[source]
The toyota code was a case of truly abysmal software development methodology. The resultant code they released was so bad that neither NASA, nor Barr, nor Koopman could successfully decipher. (Although Barr posited that the issue was VERY LIKELY in one of a few places with complex multithreaded interactions).

Which therein lies the clue. They wrote software that was simply unmaintainable. Autogenerated code isnt any better.