Hi, I've been invited to a meeting to discuss am automotive like engineering project with a high level of safety critical requirements. They are using Simulink for some of the top level design work, but are programming the whole lot in C#, with some of the code already written. Not sure at this stage which rtos is being used, if at all. From what I've read, C# is a web / application / database programming language and a quick look at the Wiki page suggests that the two most recent versions are not approved by any international standards organisation. C# raises alarm bells here for all kinds of reasons, but what do you think ?... Regards, Chris
C# for Embedded ?...
Started by ●November 4, 2016
Reply by ●November 4, 20162016-11-04
On 4.11.16 15:12, Chris wrote:> Hi, > > I've been invited to a meeting to discuss am automotive like engineering > project with a high level of safety critical requirements. > > They are using Simulink for some of the top level design work, but are > programming the whole lot in C#, with some of the code already written. > Not sure at this stage which rtos is being used, if at all. > > From what I've read, C# is a web / application / database programming > language and a quick look at the Wiki page suggests that the two > most recent versions are not approved by any international standards > organisation. > > C# raises alarm bells here for all kinds of reasons, but what do you > think ?... > > Regards, > > ChrisIMHO, plain C, and maybe MISRA is the way to go. -- -TV
Reply by ●November 4, 20162016-11-04
On 11/04/16 13:16, Tauno Voipio wrote:> On 4.11.16 15:12, Chris wrote: >> Hi, >> >> I've been invited to a meeting to discuss am automotive like engineering >> project with a high level of safety critical requirements. >> >> They are using Simulink for some of the top level design work, but are >> programming the whole lot in C#, with some of the code already written. >> Not sure at this stage which rtos is being used, if at all. >> >> From what I've read, C# is a web / application / database programming >> language and a quick look at the Wiki page suggests that the two >> most recent versions are not approved by any international standards >> organisation. >> >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... >> >> Regards, >> >> Chris > > IMHO, plain C, and maybe MISRA is the way to go. >Thanks. My feelings exactly and if a rtos is needed, something qualified for avionics work. The project is very mech eng centric and i'm not convinced that they really understand how critical the control software is to the success and safety of the system. As for Misra, not sure they have ever heard of it... Regards, Chris
Reply by ●November 4, 20162016-11-04
On Friday, November 4, 2016 at 9:13:01 AM UTC-4, Chris wrote:> C# raises alarm bells here for all kinds of reasons, but what do you > think ?...Alarm bells are definitely in order. C# is MS's answer to Java, and highly Windows-centric. The Mono open-source port of the C# VM does have support for some embedded architectures, but this should have been verified for your target prior launching into development... See: http://www.mono-project.com/docs/about-mono/supported-platforms/ While I've used C# for Windows applications I haven't tried it on an embedded platform. For embedded projects normally I use C++ Hope that helps! Best Regards, Dave
Reply by ●November 4, 20162016-11-04
On 11/04/16 13:44, Dave Nadler wrote:> On Friday, November 4, 2016 at 9:13:01 AM UTC-4, Chris wrote: >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > Alarm bells are definitely in order. > > C# is MS's answer to Java, and highly Windows-centric. > The Mono open-source port of the C# VM does have support for > some embedded architectures, but this should have been verified > for your target prior launching into development... > > See: http://www.mono-project.com/docs/about-mono/supported-platforms/ > > While I've used C# for Windows applications I haven't tried it > on an embedded platform. For embedded projects normally I use C++ > > Hope that helps! > Best Regards, DaveThanks for the reply and link. Do homework before going in etc :-). So from what I can see, it's a big systems language in memory requirements for libraries and run time support. C# also uses dynamic memory allocation and garbage collection, another red line for the this type of application. Wouldn't surprise me to find out they are using Embedded Linux, but hope not... Regards, Chris
Reply by ●November 4, 20162016-11-04
Il giorno venerdì 4 novembre 2016 14:16:23 UTC+1, Tauno Voipio ha scritto:> On 4.11.16 15:12, Chris wrote: > > Hi, > > > > I've been invited to a meeting to discuss am automotive like engineering > > project with a high level of safety critical requirements. > > > > They are using Simulink for some of the top level design work, but are > > programming the whole lot in C#, with some of the code already written. > > Not sure at this stage which rtos is being used, if at all. > > > > From what I've read, C# is a web / application / database programming > > language and a quick look at the Wiki page suggests that the two > > most recent versions are not approved by any international standards > > organisation. > > > > C# raises alarm bells here for all kinds of reasons, but what do you > > think ?... > > > > Regards, > > > > Chris > > IMHO, plain C, and maybe MISRA is the way to go.or ADA. But it depends on the platform and the compilers. Bye Jack
Reply by ●November 4, 20162016-11-04
On 04/11/16 13:12, Chris wrote:> Hi, > > I've been invited to a meeting to discuss am automotive like engineering > project with a high level of safety critical requirements. > > They are using Simulink for some of the top level design work, but are > programming the whole lot in C#, with some of the code already written. > Not sure at this stage which rtos is being used, if at all. > > From what I've read, C# is a web / application / database programming > language and a quick look at the Wiki page suggests that the two > most recent versions are not approved by any international standards > organisation. > > C# raises alarm bells here for all kinds of reasons, but what do you > think ?...C# is a big red flag, not only for embedded but also for safety critical. Others have made suitable language suggestions, but I'll note that in safety critical applications the process is at least as important as the language and libraries. As with any engineering, it is necessary to consider not only what will "go right", but what could "go wrong" - and the latter will often shape the entire design and design process. In bad cases, "go wrong" includes lawyers doing "discovery" to find anything they can latch onto and prove liability.
Reply by ●November 4, 20162016-11-04
On Fri, 04 Nov 2016 13:12:57 +0000, Chris <xxx.syseng.yyy@gfsys.co.uk> wrote:> From what I've read, C# is a web / application / database programming >languageThe "application" part is pretty accurate. C# is designed primarily to be a safe(r) version of C with the addition of single inheritence objects [unlike C++ which has multiple inheritence]. C# is a managed language with GC - much like Java. However, unlike Java, C# has an "unsafe" mode that can bypass the runtime, eschew GC, and work directly with hardware.>and a quick look at the Wiki page suggests that the two >most recent versions are not approved by any international standards >organisation.That's probably true. I haven't paid attention to it.>C# raises alarm bells here for all kinds of reasons, but what do you >think ?...The "alarm bells" I hear are availabiliy and performance of the CLR runtime on your hardware. AFAIK, it's only available for Windows and Linux. The Mono version might also run on Unix, but I don't know that for certain. The "unsafe" mode of C# can do anything C can do ... but IMO there's no point to C# unless you are going to use objects and GC - and that requires the runtime. YMMV, George
Reply by ●November 4, 20162016-11-04
On Fri, 04 Nov 2016 15:37:22 +0000, Tom Gardner wrote:> On 04/11/16 13:12, Chris wrote: >> Hi, >> >> I've been invited to a meeting to discuss am automotive like >> engineering project with a high level of safety critical requirements. >> >> They are using Simulink for some of the top level design work, but are >> programming the whole lot in C#, with some of the code already written. >> Not sure at this stage which rtos is being used, if at all. >> >> From what I've read, C# is a web / application / database programming >> language and a quick look at the Wiki page suggests that the two most >> recent versions are not approved by any international standards >> organisation. >> >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > C# is a big red flag, not only for embedded but also for safety > critical. > > Others have made suitable language suggestions, but I'll note that in > safety critical applications the process is at least as important as the > language and libraries. > > As with any engineering, it is necessary to consider not only what will > "go right", but what could "go wrong" - and the latter will often shape > the entire design and design process. > > In bad cases, "go wrong" includes lawyers doing "discovery" > to find anything they can latch onto and prove liability.I just want to put an underscore here. I've had the "ADA vs. C" discussion with various high-rel types before, and you can pretty much divide the answers down to three bins: two are filled by "my language is better because it's better", and the remaining one is filled by "get the process right, and either C or ADA will do". I don't think that anyone who is sane would want to use a language like Java or C#. If a failure can injure or kill, you need to use a tool chain and library set that's up to the task -- for avionics, they need to be certified to the same level of criticality as the code itself; I would treat automotive with the same regard. I don't think you'll find a C# compiler, much less a platform on which C# will run, that even comes close. -- www.wescottdesign.com
Reply by ●November 4, 20162016-11-04
On 04/11/16 17:07, George Neuner wrote:> On Fri, 04 Nov 2016 13:12:57 +0000, Chris <xxx.syseng.yyy@gfsys.co.uk> > wrote: > >> From what I've read, C# is a web / application / database programming >> language > > The "application" part is pretty accurate. > > C# is designed primarily to be a safe(r) version of C with the > addition of single inheritence objects [unlike C++ which has multiple > inheritence]. > > C# is a managed language with GC - much like Java. However, unlike > Java, C# has an "unsafe" mode that can bypass the runtime, eschew GC, > and work directly with hardware. > >> and a quick look at the Wiki page suggests that the two >> most recent versions are not approved by any international standards >> organisation. > > That's probably true. I haven't paid attention to it. > >> C# raises alarm bells here for all kinds of reasons, but what do you >> think ?... > > The "alarm bells" I hear are availabiliy and performance of the CLR > runtime on your hardware. AFAIK, it's only available for Windows and > Linux. The Mono version might also run on Unix, but I don't know that > for certain. > > The "unsafe" mode of C# can do anything C can do ... but IMO there's > no point to C# unless you are going to use objects and GC - and that > requires the runtime. >There are two /very/ different meanings of "safe" here. In typical c.a.embedded systems, "safe" means "Code does exactly what the designer wants it to do, otherwise someone could be injured or killed". In the world of C#, Java, Windows, etc., "safe" means "is unlikely to have serious security flaws that let bad guys steal your passwords and send you adverts for small blue pills". I would not trust C# to be more than mid-level "safe" in its own meaning of the word, and that's before anyone writes a line of application code. Neither the tools, the run-time libraries, nor the platforms it runs on come anywhere close to c.a.e. "safe". (The language itself might be all right - as has been pointed out, it is the process that has to be safe, not the language.)