Forums

C# for Embedded ?...

Started by Chris November 4, 2016
Hi,

I've been invited to a meeting to discuss am automotive like engineering
project with a high level of safety critical requirements.

They are using Simulink for some of the top level design work, but are
programming the whole lot in C#, with some of the code already written.
Not sure at this stage which rtos is being used, if at all.

 From what I've read, C# is a web / application / database programming
language and a quick look at the Wiki page suggests that the two
most recent versions are not approved by any international standards
organisation.

C# raises alarm bells here for all kinds of reasons, but what do you
think ?...

Regards,

Chris
On 4.11.16 15:12, Chris wrote:
> Hi, > > I've been invited to a meeting to discuss am automotive like engineering > project with a high level of safety critical requirements. > > They are using Simulink for some of the top level design work, but are > programming the whole lot in C#, with some of the code already written. > Not sure at this stage which rtos is being used, if at all. > > From what I've read, C# is a web / application / database programming > language and a quick look at the Wiki page suggests that the two > most recent versions are not approved by any international standards > organisation. > > C# raises alarm bells here for all kinds of reasons, but what do you > think ?... > > Regards, > > Chris
IMHO, plain C, and maybe MISRA is the way to go. -- -TV
On 11/04/16 13:16, Tauno Voipio wrote:
> On 4.11.16 15:12, Chris wrote: >> Hi, >> >> I've been invited to a meeting to discuss am automotive like engineering >> project with a high level of safety critical requirements. >> >> They are using Simulink for some of the top level design work, but are >> programming the whole lot in C#, with some of the code already written. >> Not sure at this stage which rtos is being used, if at all. >> >> From what I've read, C# is a web / application / database programming >> language and a quick look at the Wiki page suggests that the two >> most recent versions are not approved by any international standards >> organisation. >> >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... >> >> Regards, >> >> Chris > > IMHO, plain C, and maybe MISRA is the way to go. >
Thanks. My feelings exactly and if a rtos is needed, something qualified for avionics work. The project is very mech eng centric and i'm not convinced that they really understand how critical the control software is to the success and safety of the system. As for Misra, not sure they have ever heard of it... Regards, Chris
On Friday, November 4, 2016 at 9:13:01 AM UTC-4, Chris wrote:
> C# raises alarm bells here for all kinds of reasons, but what do you > think ?...
Alarm bells are definitely in order. C# is MS's answer to Java, and highly Windows-centric. The Mono open-source port of the C# VM does have support for some embedded architectures, but this should have been verified for your target prior launching into development... See: http://www.mono-project.com/docs/about-mono/supported-platforms/ While I've used C# for Windows applications I haven't tried it on an embedded platform. For embedded projects normally I use C++ Hope that helps! Best Regards, Dave
On 11/04/16 13:44, Dave Nadler wrote:
> On Friday, November 4, 2016 at 9:13:01 AM UTC-4, Chris wrote: >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > Alarm bells are definitely in order. > > C# is MS's answer to Java, and highly Windows-centric. > The Mono open-source port of the C# VM does have support for > some embedded architectures, but this should have been verified > for your target prior launching into development... > > See: http://www.mono-project.com/docs/about-mono/supported-platforms/ > > While I've used C# for Windows applications I haven't tried it > on an embedded platform. For embedded projects normally I use C++ > > Hope that helps! > Best Regards, Dave
Thanks for the reply and link. Do homework before going in etc :-). So from what I can see, it's a big systems language in memory requirements for libraries and run time support. C# also uses dynamic memory allocation and garbage collection, another red line for the this type of application. Wouldn't surprise me to find out they are using Embedded Linux, but hope not... Regards, Chris
Il giorno venerdì 4 novembre 2016 14:16:23 UTC+1, Tauno Voipio ha scritto:
> On 4.11.16 15:12, Chris wrote: > > Hi, > > > > I've been invited to a meeting to discuss am automotive like engineering > > project with a high level of safety critical requirements. > > > > They are using Simulink for some of the top level design work, but are > > programming the whole lot in C#, with some of the code already written. > > Not sure at this stage which rtos is being used, if at all. > > > > From what I've read, C# is a web / application / database programming > > language and a quick look at the Wiki page suggests that the two > > most recent versions are not approved by any international standards > > organisation. > > > > C# raises alarm bells here for all kinds of reasons, but what do you > > think ?... > > > > Regards, > > > > Chris > > IMHO, plain C, and maybe MISRA is the way to go.
or ADA. But it depends on the platform and the compilers. Bye Jack
On 04/11/16 13:12, Chris wrote:
> Hi, > > I've been invited to a meeting to discuss am automotive like engineering > project with a high level of safety critical requirements. > > They are using Simulink for some of the top level design work, but are > programming the whole lot in C#, with some of the code already written. > Not sure at this stage which rtos is being used, if at all. > > From what I've read, C# is a web / application / database programming > language and a quick look at the Wiki page suggests that the two > most recent versions are not approved by any international standards > organisation. > > C# raises alarm bells here for all kinds of reasons, but what do you > think ?...
C# is a big red flag, not only for embedded but also for safety critical. Others have made suitable language suggestions, but I'll note that in safety critical applications the process is at least as important as the language and libraries. As with any engineering, it is necessary to consider not only what will "go right", but what could "go wrong" - and the latter will often shape the entire design and design process. In bad cases, "go wrong" includes lawyers doing "discovery" to find anything they can latch onto and prove liability.
On Fri, 04 Nov 2016 13:12:57 +0000, Chris <xxx.syseng.yyy@gfsys.co.uk>
wrote:

> From what I've read, C# is a web / application / database programming >language
The "application" part is pretty accurate. C# is designed primarily to be a safe(r) version of C with the addition of single inheritence objects [unlike C++ which has multiple inheritence]. C# is a managed language with GC - much like Java. However, unlike Java, C# has an "unsafe" mode that can bypass the runtime, eschew GC, and work directly with hardware.
>and a quick look at the Wiki page suggests that the two >most recent versions are not approved by any international standards >organisation.
That's probably true. I haven't paid attention to it.
>C# raises alarm bells here for all kinds of reasons, but what do you >think ?...
The "alarm bells" I hear are availabiliy and performance of the CLR runtime on your hardware. AFAIK, it's only available for Windows and Linux. The Mono version might also run on Unix, but I don't know that for certain. The "unsafe" mode of C# can do anything C can do ... but IMO there's no point to C# unless you are going to use objects and GC - and that requires the runtime. YMMV, George
On Fri, 04 Nov 2016 15:37:22 +0000, Tom Gardner wrote:

> On 04/11/16 13:12, Chris wrote: >> Hi, >> >> I've been invited to a meeting to discuss am automotive like >> engineering project with a high level of safety critical requirements. >> >> They are using Simulink for some of the top level design work, but are >> programming the whole lot in C#, with some of the code already written. >> Not sure at this stage which rtos is being used, if at all. >> >> From what I've read, C# is a web / application / database programming >> language and a quick look at the Wiki page suggests that the two most >> recent versions are not approved by any international standards >> organisation. >> >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > C# is a big red flag, not only for embedded but also for safety > critical. > > Others have made suitable language suggestions, but I'll note that in > safety critical applications the process is at least as important as the > language and libraries. > > As with any engineering, it is necessary to consider not only what will > "go right", but what could "go wrong" - and the latter will often shape > the entire design and design process. > > In bad cases, "go wrong" includes lawyers doing "discovery" > to find anything they can latch onto and prove liability.
I just want to put an underscore here. I've had the "ADA vs. C" discussion with various high-rel types before, and you can pretty much divide the answers down to three bins: two are filled by "my language is better because it's better", and the remaining one is filled by "get the process right, and either C or ADA will do". I don't think that anyone who is sane would want to use a language like Java or C#. If a failure can injure or kill, you need to use a tool chain and library set that's up to the task -- for avionics, they need to be certified to the same level of criticality as the code itself; I would treat automotive with the same regard. I don't think you'll find a C# compiler, much less a platform on which C# will run, that even comes close. -- www.wescottdesign.com
On 04/11/16 17:07, George Neuner wrote:
> On Fri, 04 Nov 2016 13:12:57 +0000, Chris <xxx.syseng.yyy@gfsys.co.uk> > wrote: > >> From what I've read, C# is a web / application / database programming >> language > > The "application" part is pretty accurate. > > C# is designed primarily to be a safe(r) version of C with the > addition of single inheritence objects [unlike C++ which has multiple > inheritence]. > > C# is a managed language with GC - much like Java. However, unlike > Java, C# has an "unsafe" mode that can bypass the runtime, eschew GC, > and work directly with hardware. > >> and a quick look at the Wiki page suggests that the two >> most recent versions are not approved by any international standards >> organisation. > > That's probably true. I haven't paid attention to it. > >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > The "alarm bells" I hear are availabiliy and performance of the CLR > runtime on your hardware. AFAIK, it's only available for Windows and > Linux. The Mono version might also run on Unix, but I don't know that > for certain. > > The "unsafe" mode of C# can do anything C can do ... but IMO there's > no point to C# unless you are going to use objects and GC - and that > requires the runtime. >
There are two /very/ different meanings of "safe" here. In typical c.a.embedded systems, "safe" means "Code does exactly what the designer wants it to do, otherwise someone could be injured or killed". In the world of C#, Java, Windows, etc., "safe" means "is unlikely to have serious security flaws that let bad guys steal your passwords and send you adverts for small blue pills". I would not trust C# to be more than mid-level "safe" in its own meaning of the word, and that's before anyone writes a line of application code. Neither the tools, the run-time libraries, nor the platforms it runs on come anywhere close to c.a.e. "safe". (The language itself might be all right - as has been pointed out, it is the process that has to be safe, not the language.)