The Invisible Programmers Mordechai (Moti) Ben-Ari http://stwww.weizmann.ac.il/g-cs/benari/ Department of Science Teaching Weizmann Institute of Science Methods, Materials and Tools for Programming Education Tampere, Finland, 4 May 2006 � 2006, M. Ben-Ari. – p. 1 c
An (Expensive) Personal Computer Don’t You Wish You Had One? � 2006, M. Ben-Ari. – p. 2 c
Automotive Computing � 2006, M. Ben-Ari. – p. 3 c
Automotive Computing is Complex Courtesy of Klaus Grimm, DaimlerChrysler AG � 2006, M. Ben-Ari. – p. 4 c
Automotive Computing Expensive! Courtesy of Klaus Grimm, DaimlerChrysler AG � 2006, M. Ben-Ari. – p. 5 c
The Future is Embedded Systems √ The amount of code for embedded systems, to be implemented by programmers, doubles every 10 months and will reach 90% of all code being written by about the year 2010. Quoted by Rainer Hartenstein, The Digital Divide of Computing, Proceedings of the 1st Conference on Computing Frontiers , 2004. � 2006, M. Ben-Ari. – p. 6 c
Characteristics of Embedded Systems √ Longed-lived and difficult to upgrade. √ Responsibility for reliability. � 2006, M. Ben-Ari. – p. 7 c
Microsoft End-User License Agreement √ Microsoft warrants that the Software will perform substantially in accordance with the [documentation] for a period of ninety (90) days √ YOU ARE NOT ENTITLED TO ANY DAMAGES √ Microsoft . . . provide[s] the Software . . . AS IS AND WITH ALL FAULTS, and hereby disclaim[s] all other . . . implied warranties . . . of reliability or availability, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, . . . � 2006, M. Ben-Ari. – p. 8 c
Characteristics of Embedded Systems √ Longed-lived and difficult to upgrade. √ Responsibility for reliability. √ Systems knowledge needed for development. √ Parallel development of hardware and software. √ Difficult to test. √ Integration with subcontractors. √ Cost and schedule pressures. √ Specialized technology. � 2006, M. Ben-Ari. – p. 9 c
Technology for Embedded Systems √ Architectures: ⋆ Digital signal processors. ⋆ Field programmable gate arrays. ⋆ Morphware; reconfigurable computing. √ Languages: VHDL, Verilog. � 2006, M. Ben-Ari. – p. 10 c
Checking Ads—Employment in “IT” √ Gallivan, Truex & Kvasny (The DATA BASE for Advances in Information Systems 35(3), 2004) also used Computerworld as well as an Atlanta newspaper. The words “science” and “mathematics” do not appear in the article! √ Sami Surakka (DSc thesis, HUT, 2005) examined Computerworld . “Physics and continuous mathematics were not important for software developers.” � 2006, M. Ben-Ari. – p. 11 c
Employment Opportunity at Boeing—Description √ Perform Avionics System and Software Requirements Analysis, Design, Development, Unit Test and Integration for Real Time Embedded Software for the International Space Station program in Houston. √ Specifically, program real-time embedded software and code in Ada, in a Vax and Windows 2000/NT/XP environment; develop/update and execute unit/integration tests; and develop/update supporting documentation. Debug problems encountered on-orbit. Assist with the resolution of complex programmatic and technical problems. � 2006, M. Ben-Ari. – p. 12 c
Employment Opportunity at Boeing—Qualifications √ Competencies Requires the education credentials meeting the classification standards for engineers (such as a bachelor’s degree in computer science, math or engineering). Programming experience and Software Engineering knowledge are desirable. Strong skills in verbal and written communication are also desirable. Must work well in teams. √ Education BS in Computer Science, Software Engineering, Math, Physics, Electrical Engineering or Aerospace Engineering. � 2006, M. Ben-Ari. – p. 13 c
Employment Opportunity at DaimlerChrysler—Description √ In this role you will be responsible for the design, development and implementation of embedded transmission / engine controller software. This individual will work within a team of software engineers in the development of powertrain controller production software to be used for DaimlerChrysler vehicles. He or she will interface with powertrain and electrical systems engineers to specify, develop, and verify powertrain controller functionality. � 2006, M. Ben-Ari. – p. 14 c
Employment Opportunity at DaimlerChrysler—Qualifications √ Minimum of two years embedded C/C++ software experience. √ Matlab experience; Simulink and/or Stateflow experience; and familiarity with microprocessor based controls and development tools (emulators, debuggers, etc.). √ Bachelor Degree in Electrical or Computer Engineering . � 2006, M. Ben-Ari. – p. 15 c
The Sad Truth from a Project Leader “It is easier to teach computing to a physics graduate than it is to teach physics to a computer science graduate.” � 2006, M. Ben-Ari. – p. 16 c
Rotations: Pitch, Roll, Yaw � 2006, M. Ben-Ari. – p. 17 c
Coordinate Rotation by Euler Angles cos ψ cos θ sin ψ cos θ − sin θ cos ψ cos θ sin φ − sin ψ sin θ sin φ + cos θ sin φ sin ψ cos φ cos ψ cos φ cos ψ cos θ cos φ + sin ψ sin θ cos φ − cos θ cos φ sin ψ sin φ cos ψ sin φ � 2006, M. Ben-Ari. – p. 18 c
Complex numbers √ z = a + bi , where i 2 = − 1 , so i = √− 1 . √ Polar coordinates can be used to describe rotations in two dimensions: ( a 2 + b 2 ) and ψ = tan − 1 ( b/x ) . � r = � 2006, M. Ben-Ari. – p. 19 c
The Quaternion Plaque In 1843, Sir William Rowan Hamilton thought of a generalization of complex numbers while walking along a canal in Dublin and carved the equation on a nearby bridge. � 2006, M. Ben-Ari. – p. 20 c
Quaternions √ Four dimensional vector: q = a + bi + cj + dk , where | q | = 1 . √ i 2 = j 2 = k 2 = ijk = − 1 , ij = − ki = k , jk = − kj = i , ki = − ik − j . √ Coordinate rotation in three dimensions given by q ′ = Q ∗ qQ . √ Only four numbers need be stored and roundoff errors are reduced because quaternions can be easily normalized. � 2006, M. Ben-Ari. – p. 21 c
Techniques for high-reliability software √ Praxis High Integrity Systems (http://www.praxis-his.com/). √ They developed a 100,000-line project for Mondex with strict security requirements. √ Four (!) bugs were found after delivery and were fixed under the Praxis guarantee (!!). Three were fixed in a few hours and one took two days. √ The formal specification language Z. √ Programming languages for reliable software: Ada and Spark. � 2006, M. Ben-Ari. – p. 22 c
Ada Download for free at: http://stwww.weizmann.ac.il/g-cs/benari/books/ � 2006, M. Ben-Ari. – p. 23 c
Spark � 2006, M. Ben-Ari. – p. 24 c
SPARK Program for Integer Division --# main_program; procedure Divide( X1,X2: in Integer; Q,R : out Integer) --# derives Q, R from X1,X2; --# pre (X1>=0) and (X2>0); --# post (X1=Q*X2+R) and (X2>R) and (R>=0); is N: Integer; begin Q := 0; R := 0; N := X1; while N /= 0 --# assert(X1=Q*X2+R+N)and(X2>R)and(R>=0); loop ... end loop; end Divide; � 2006, M. Ben-Ari. – p. 25 c
SPARK Program for Integer Division while N /= 0 --# assert (X1=Q*X2+R+N)and(X2>R)and(R>=0); loop if R+1 = X2 then Q := Q + 1; R := 0; else R := R + 1; end if; N := N - 1; end loop; � 2006, M. Ben-Ari. – p. 26 c
Spark Examiner - Flow Analysis ****************************************** SPARK95 Examiner with VC and RTC Generator Release 6.3 / 11.02 Demonstration Version ****************************************** Examining main program Divide ... +++ Flow analysis of subprogram Divide performed: no errors found. -----------End of SPARK Examination------- � 2006, M. Ben-Ari. – p. 27 c
Finding a Mistake with Flow Analysis procedure Divide(X1,X2: in Integer; Q: out Integer; R: in out Integer) 4 --# derives Q, R from X1,X2; ˆ Semantic Error :504: *** Parameter R is of mode in out and must appear as an import. � 2006, M. Ben-Ari. – p. 28 c
Verification Conditions for Integer Division ( X 1 ≥ 0) ∧ ( X 2 > 0) → ( X 1 = Q · X 2 + R + N ) ∧ ( X 2 > R ) ∧ ( R ≥ 0) . ( X 1 = Q · X 2 + R + N ) ∧ ( X 2 > R ) ∧ ( R ≥ 0) ∧ ( N = 0) → ( X 1 = Q · X 2 + R ) ∧ ( X 2 > R ) ∧ ( R ≥ 0) . ( X 1 = Q · X 2 + R + N ) ∧ ( X 2 > R ) ∧ ( R ≥ 0) ∧ ( R + 1 = X 2) → ( X 1 = Q ′ · X 2 + R ′ + N ′ ) ∧ ( X 2 > R ′ ) ∧ ( R ′ ≥ 0) . ( X 1 = Q · X 2 + R + N ) ∧ ( X 2 > R ) ∧ ( R ≥ 0) ∧ ( R + 1 � = X 2) → ( X 1 = Q ′ · X 2 + R ′ + N ′ ) ∧ ( X 2 > R ′ ) ∧ ( R ′ ≥ 0) . � 2006, M. Ben-Ari. – p. 29 c
Spark Examiner - Generated VC 1 From start to assertion of line 11: procedure_divide_1. H1: x1 >= 0 . H2: x2 > 0 . H3: x1 >= integer__first . H4: x1 <= integer__last . H5: x2 >= integer__first . H6: x2 <= integer__last . -> C1: x1 = x2 * 0 + 0 + x1 . C2: x2 > 0 . C3: 0 >= 0 . � 2006, M. Ben-Ari. – p. 30 c
Recommend
More recommend
