Slashdot Mirror

There's C++ in there, they bill it as such.

We were once required to use a MIL-STD-1760 processor with Ada or other military languages; now we use commercial PowerPC with C++."

source

Here's their toolchain: https://www.ghs.com/AerospaceD...

From RTOS to IDE to Compiler, GHS the only name in this space.

The features most new cars have is better than most humans. I *wish* a good portion of the old people around here had auto stop. Florida would rejoice that a good portion of their population wasn't behind the wheel.

ISO26262 is no small certification. There's a reason my RTOS and compiler cost tens of thousands of dollars.

It's the same stuff Aviation / Defense has been using for a while: https://www.ghs.com/AerospaceD...

Er, "IEEE 1394 and Power ISA v.2.03".

Working in automotive I understand how "vintage" tech makes it into "current" production: Timelines, budgets, work with what is known to work. That said, it is entertaining to read press releases from last decade surrounding what is going into the F35.

The 'high speed data bus' is IEEE 1394b. It's running on Freescale/NXP/Qualcomm PowerPC embedded processors designed off of the PowerPC G4 (in triplicate) built by the GreenHills compiler. I haven't found any info on it but I'd hate to see what version of Matlab/Simulink they're stuck with as well. Likely 6.5 or R13.

The problem with that was it was pitched as a "COTS" system to save cost. None of those products are "commercial off the shelf" solutions anymore. The hayday of the G4 in mass quantities is gone. I wonder how much money Freescale is guaranteed to keep fab lines up and running for a chip designed in the 90s. I also want to know how the NXP acquisition went through.

End of the day the feds would have probably been better off just making their own CPU and fab lines.

In a lot of bigger old companies OpenSource is a forbidden word. Working with AUTOSAR and ISO26262 at separate companies it's sad how many companies are reinventing the wheel on their own because: "Our competitors might steal our work." Our legal team forbid us from sending in bug reports to something as popular as Numpy because: "The information could reveal _____ proprietary information." Despite the fact that where it was found is such a niche of a niche of a part of the programming industry that I could hand out our source code and there may be 1000 people at 10 different companies that even knew what it did.

I'd love to see what VW, BMW, Benz, Caterpillar, Cummins, Ford, and Toyota are doing for their on-highway software certifications. Maybe provide some feedback. I'd like to share with them what I use, maybe they can improve it and save some time doing the same thing.

Go through the Fortune 500 and see how many companies have an active GitHub repository. Everyone on slashdot did a doubletake when Walmart opensourced its cloud ops. It seemed to be a shock that Walmart got as big and efficient as they did without some technology pulling the strings.

NXP just released a $35 development board that is hampered by terrible software and outdated business practices. Despite being "free" you need a license key that multiple people have trouble with. All of the Matlab and Simulink code they released is protected. However for the first time, ever, the GCC source code for e200 core PPC chips with VLE extensions has been released for free. Previously you had to have a WindRiver or GreenHills.

Who knows what random product or software people could come up with if they were allowed to work with peers doing the same thing. Even if it was for a sworn corporate mortal enemy.

they usually run at a minimum of 200MHz with a few megabytes for software because they run full-blown operating systems.

No. No. Just No.

The top of the line MPC57xx is only ranges from 32 MHz to over 300 MHz. Most of the ones that are currently in production are more than likely the MPC56xx or MPC55xx line. All of which are much more reliable than the 68ks. The highest end/safest ones run lock step cores with a 3rd core that compares the output to make sure that they're both calculating the same values.

For OS' it's running a RTOS of some sort, not a 'full blown OS'. There are a few different vendors: GreenHills, WindRiver, ETAS, etc.

For compilers it's either WindRiver's Diab or Green Hills. To my knowledge GCC doesn't work on the MPC5xxx line. I've been trying to talk my boss into sponsoring a grad student to get LLVM ported so we can at least do some prototyping without paying for a license.

And not if you're going to be using the eTPU, which requires a separate compiler.

With most of the control algorithms written in Simulink and the HAL done in C or C++.

What we need is standardized and open source ECUs that handle all the basic systems needed for the car to function.

I'll be the first in line.

So to recap:

• The dev boards start at ~$500+.
• Theres' no opensource compiler for the chips.
• There's no opensource RTOS for the chips.

A single small team *may* be able to make ECM for vehicles ~10+ years old but unless you have a lot of money to donate to a cause, a fully opensource everything for 2017 vehicles isn't going to happen.

Looks like they are using an RTOS that is commonly used.

http://www.ghs.com/customers/n...

Pretty cool system

According to a press release, it's certified by the NSA to be EAL 6+:

http://www.ghs.com/news/20110307_Second_EAL6_SKPP.html

It's also certified by the FAA:

http://www.ghs.com/news/230210r.html

Looks like they are using an RTOS that is commonly used.

http://www.ghs.com/customers/n...

Pretty cool system

Which C library is that? Is it under a free software license, or is it included only with one of those $6000 per seat (source) compiler toolchains that only professionals working for established companies in the richest countries and students and faculty at accredited postsecondary institutions can reasonably get their hands on? StoneCypher used to be a big proponent of C++ using the Green Hills compiler, but there's no way the median hobbyist developer could afford that.

Yes, people are using Ada, in fact, it's been making a quiet comeback. Ada is the #16 most popular language according to the TIOBE programming language survey of November and December 2012, an increase from #19 in November 2011. Keller reports that by 2000 Ada use had decreased and then increased again. It's not huge compared to C or Java, of course; its use is focused in certain domains. In certain communities, such as aviation software, it continues to be a popular language and has been credited with helping to produce high-quality software within time and budget.

Historically, Ada was developed by the Department of Defense (DoD), and the DoD tried to make it the one and only universal language . An NRC report on Ada talks about this. Fundamentally, trying to make one language do everything was a bad idea, and predictably failed; there is still no one language that can be all things to all people, even many years later.

Ada isn't a complex language by today's standards, but it has a lot of "pickiness" that means you have to obey more rules. Is that a good thing? Well, you first have to understand what it was designed for - and then decide if that design is what you want.

Ada focuses on software that needs high reliability and yet absolutely no compromise of performance. If reliability isn't really all that important to you, or you can give up a lot of performance, then Ada's trade-offs may not work for you. For reliability, it has a strong typing system, and you have to use generics (etc.) instead of just saying "shut up and trust me" a la C. For performance, it doesn't mandate automatic garbage collection (as compared to Java or Python). Ada shines when you're writing programs that will could un-intentionally kill people if the program is wrong or takes too long. Think airplane flight controls, train systems, medical systems, that sort of thing. A lot of Slashdot readers have never tried to write software that could accidentally kill people, and thus can't understand why you might want a "picky" language like Ada. If your response to "it has a bug" is just "install this patch" maybe another language would be fine. But when mistakes can kill, having a language that helps prevent them can be literally a lifesaver.

Yes, and from reading my message (and the link) attentively it's clear that I don't consider GPL (much less GPL v3) to be "genuinely free" software - and neither should you.

Ada compiler implementations that I'm aware of:

* GNAT - part of GCC, restrictively licensed as (GM)GPL

* SPARK (dialect?) - GPL v3

* A#.net - GPL, and requires Mono (part (L)GPL v2) or MS .NET

* AdaCore (now also encompasses AdaMagic) - proprietary

* Aonix ObjectAda - proprietary

* Green Heels Software - proprietary

(Am I missing any?)

The short list of major languages without a fully-functional copyfree implementation includes: Perl, C#/VB.NET, Java (and Groovy / other languages that require the JVM), Delphi (and other dialects not covered by copyfree Pascal compilers, which are ancient), Erlang, and Ada. These are the languages that people should avoid - which isn't much of a loss, because all of them have already been surpassed by better-designed languages that come with no coercive demands attached.

A language without a copyfree implementation is not a free language - not just because of the severe practical restrictions of how it can be used, but for philosophical / ethical reasons as well!

--libman

They have a hilarious anti-Linux rant where they claim Linux is unsafe for critical applications (like airplanes), Windows is more secure and safer (despite the fact that Windows malware on a system for computing weight and balance was responsible for a plane crash), and that Linux makes it easier for foreign spies, saboteurs and terrorists to attack us.

They even work 9/11 into their argument! OMG!

http://www.ghs.com/linux/security.html
http://www.ghs.com/linux/threat.html

"The 9/11 terrorist organizers had creativity, patience, and a desire to kill as many people as possible. The terroristsâ(TM) success and their continued ability to evade capture provides an example and encouragement to others. We must not turn our national defense over to Linux or any other operating system that is vulnerable to easy attack and subversion at all times. The 9/11 terrorist organizers, and all those whom they have inspired, are still out there, and they are still creative and patient. And if we make our national defense easy to attack, they will kill a lot more people. If Linux is deployed in critical defense systems, the result will be catastrophic."

WOW!

Sounds like a conspiracy rant, but it is a corporate website pushing their own OS!

They have a hilarious anti-Linux rant where they claim Linux is unsafe for critical applications (like airplanes), Windows is more secure and safer (despite the fact that Windows malware on a system for computing weight and balance was responsible for a plane crash), and that Linux makes it easier for foreign spies, saboteurs and terrorists to attack us.

They even work 9/11 into their argument! OMG!

http://www.ghs.com/linux/security.html
http://www.ghs.com/linux/threat.html

"The 9/11 terrorist organizers had creativity, patience, and a desire to kill as many people as possible. The terroristsâ(TM) success and their continued ability to evade capture provides an example and encouragement to others. We must not turn our national defense over to Linux or any other operating system that is vulnerable to easy attack and subversion at all times. The 9/11 terrorist organizers, and all those whom they have inspired, are still out there, and they are still creative and patient. And if we make our national defense easy to attack, they will kill a lot more people. If Linux is deployed in critical defense systems, the result will be catastrophic."

WOW!

Sounds like a conspiracy rant, but it is a corporate website pushing their own OS!

Microsoft doesn't offer a 64-bit compiler that cross-compiles to 32-bit. Fine, I can accept that. But there are other compilers one could use:

http://software.intel.com/en-us/articles/intel-compilers/ is still reputed to produce the tightest, fastest WinXX executables available.

http://www.embarcadero.com/products/cbuilder (formerly Borland C++)

The venerable http://gcc.gnu.org/

http://www.ghs.com/products/optimizingC++EC++Compilers.html (though it looks like GHC might no longer target Windows at all)

The point is, if I'm using the tools you're using

And my point is, this can't easily be guaranteed. The ARM compilers claimed to have stronger optimization than GCC, such as Green Hills tools, are priced out of the range of most end users.

functionally the same

This is halting-complete to verify.

It's Ada, not ADA. It's a first name like Sally or Jane.

So yes, you have to create procedures or functions to import C functions. These are often called bindings, and there's a thin and thick variety. There are numerous examples of Ada using C libraries. I've personally rewritten thick bindings for expat and zlib. The GNAT compiler has an in-built function to generate bindings given a C header or a C++ header, so the majority of the work is done for you.

As far as verbosity goes, I don't consider verbosity a detraction although I realize many people do. Yes, it's verbose, although the machine code it gets compiled to isn't much bigger than C.

Also I believe some embedded systems have already been written in Ada. Here's a link to the most secure OS in the world: Integrity RTOS. Green Hills is one the main commercial solutions for Ada, so it's likely most of RTOS is written in Ada or SPARK, although it doesn't say on the product page. There are other Ada OS projects out there, so the answer is yes, somebody wants to write an OS in Ada.

As you suggested, I won't comment on ObjC because I can't speak intelligently about it.

I guess you are thinking of Integrity.

Presumably Green Hills put a lot of work into that OS to make it secure (probably with the incentive of getting sold on government contracts with security requirements). It should be known however that your typical RTOS (eg: Green Hill's much more common vxWorks) is not like that. They generally operate like old 16-bit user OS's, where every application shares the same memory space, even the OS calls. So RTOS is typically an antonym for "secure".

The main part of this that is appalling to me is that they would have software that controls centrifuges available on a network where it could get infected by a wild virus. Although perhaps the virus was instead inserted manually. All you'd need would be a few collaborators (or dupes) in the right places....

but doing it the right way front loads cost on the company that builds the correct system and places them at a competitive disadvantage with respect to shoddy software firms, say for example Microsoft and Apple.

besides, there is secure by design software. It just lacks features which makes it less competitive. Alternatively you can put a feature-rich OS on top of it, but then you've compartmentalized the problem, not eliminated it. Plus it's damned expensive. http://www.ghs.com/products/rtos/integrity_virtualization.html

Myself, I like freeBSD as a compromise. It's not provably correct, but it's 2-3 known exploitable bugs in 10+ years are a good empirical indication of security. And it's free.

BUT, I got to disagree with your sig! Build a system that even a fool can use, and only fools will use it. ;-P

LOL - well, I think the best operating systems are the ones that are nearly invisible compared to the tools running on them (hence the light switch example).
I shouldn't have to spend time on the care and feeding of an OS, I should be doing whatever it is I got a computer to use.

Great examples of this: http://www.ghs.com/products/safety_critical/integrity-do-178b.html

An OS should stay out of the way at all times, function nearly instantly, and use the least resources possible (leaving the rest for apps).

Now, I agree with your comment about fools and what not - but I'm not talking about kinder-toys here. I'm just saying that the same rigid quality controls and thinking that are behind quality (non-Toyota? ;) ) RTOS systems should be behind your desktop OS.

Sheer crap. http://www.ghs.com/products/safety_critical/integrity-do-178b.html/

Good luck with that EAL7 certification.

Oh, and Integrity is only EAL6+

http://www.ghs.com/products/rtos/integrity.html

This is the reason why the NSA has never approved any computer system for handling all classification levels -- it is not economical to develop a custom system, but it is not secure to trust a third party system

Not true. The INTEGRITY RTOS has been deemed EAL6+ certified by NSA, from what I've heard it has so little lines of code that auditing is possible.

Uh... I think not. $20 that Vista SP2 still won't achieve EAL6+ by the NSA. Apparently he's never heard of INTEGRITY.

Keep in mind that the key customer table that you pointed me to is on a page specific to aerospace. If we were to look at this page: http://www.ghs.com/ConsumerProductsCustomers.html then we'd think HP owns them.

Clicking the "about us" link says they were founded in 1982 and were profitable since the beginning. This was well before the Integrity product launched, so I'm sure they had something good going for them for the previous 15 years. It could be military, it could be something else. But I don't see a clear military connection for a company that started it's product line with compilers and logic probes.

My opinion regarding military outsourcing and ownership is that if it's developed internally by the military, it should be shared with taxpayers as long as it's not a national security issue. It's the military. I have to assume that being the military, they'd want to have every advantage possible over any other military. So I would think that for the most important pieces, they'll do the R&D, but for anything that can be cheaply covered by commercial offerings, save the time and money and just buy it. If they decided it was more cost effective to buy it off the shelf or pay somebody else to develop it, then it's not ours. This would be simply because part of that discount in outsourcing is because it either leverages tech already developed or because the outsourced company still owns the tech.

I think should we own a part of NASA's tech and findings. But I don't think Garmin or SiRF owes me any source code just because their entire product lines depends on the military-developed GPS system.

Scroll down to the bottom, and scan the list of names of their "Key Customers." Although GHS funding does not all come from military projects, so many of their "Key Customers" are military contractors that I doubt they'd be where they are today without military contracts and I stand by my previous statement: I funded that already and I don't welcome their second pass at my money.

What do you think about military outsourcing, generally? I know this isn't how it currently works, but my opinion is that GHS is welcome to provide this "Integrity-178B" product free of charge to net taxpayers like me, and cover their costs with their contracts with net tax recipients Raytheon, Lockheed Martin, etc. And the national defense should never have been privatized.

Look at the VPL entry for the product:

"Science Application International Corporation (SAIC) determined that the TOE doesnâ(TM)t satisfy any EAL defined in the Common Criteria, but rather fulfills the High Robustness requirements as defined in the U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03, 29 June 2007. The TOE, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Security Target."

It's unclear what this means. I haven't seen anything like this on any other evaluation.

On the other hand, the certificate indicates EAL 6. There have been press releases that point to both stories.

found this http://www.ghs.com/linux/threat.html on the Green Hills site, while looking for non-existent documentation.

there are a few other articles there talking about how horrible linux is.

Add to that the fact that the CEO of Greenhills software has spewed all sorts of bullshit FUD against Linux claiming that it is a "threat to national security".

How did this moronic ad for the company appear on slashdot?

A hardened operating system used in the B1B bomber and other military aircraft has now been released commercially

B1 Accidents, OS Homepage, More Wikipedia!

valgrind, BoundsChecker, and I believe the others mentioned, are all run-time error checkers. These require a test case that execises the bug. The static analysis tools the poster was asking about, like those from Coverity and Green Hills, don't need test cases. They work by analyzing the actual semantics of the source code. I've found bugs with tools like these in code that was hard enough to read that I had to write test cases to verify that the tool was right. And it was! The bug would have caused an array overflow write under the right conditions.

This is faulty logic. Paranoia and conspiracy theories do not apply in this case- security patches are an important part of any operating system. There is no perfectly secure, unhackable system. This is a large part of why major enterprises use commercial supported linux distro's with professional security teams.

Assume linux security > windows security.

windows has more security holes than linux- or so you say. This isn't necessarily true in the server market.

Therefore linux has no security holes?

A system is only as good as its admin. The biggest problem is that more amateurs run windows boxes, using wizards to set their junk up. There's no perfect solution to workstation or server security.

Other than integrity.

No, but seriously- hypervisors, virtualization.

Which section of which manual details how to reduce the binary footprint of <iostream> in static libstdc++? I read the libstdc++ FAQ, but it just says that you can replace g++ with gcc -lsupc++ if you need new and delete but not <iostream>. It states that splitting up parts of libstdc++ into individual sections is currently not implemented due to implementation defects in GNU ld's garbage collection; is there a good way to work around this?

Or which query in which Web search engine should I use? I tried iostream binary footprint in Google and iostream code size in Google, but I didn't see anything relevant in the first pages.

Which section of which manual details how to reduce the binary footprint of <iostream> in static libstdc++? I read the libstdc++ FAQ, but it just says that you can replace g++ with gcc -lsupc++ if you need new and delete but not <iostream>. It states that splitting up parts of libstdc++ into individual sections is currently not implemented due to implementation defects in GNU ld's garbage collection; is there a good way to work around this?

Or which query in which Web search engine should I use? I tried iostream binary footprint in Google and iostream code size in Google, but I didn't see anything relevant in the first pages.

How would I go about this?

And what is GHOC?

So, my question is: Is there similar functionality in the works for Linux?

Green Hills Software already has a product which can trace anything. I think it does it by recompiling (or relinking?) the software with its proprietary compiler. But once you do that you can trace anything, not just system code. Seems like a cool product if you have the dough. Here's more info, with screenshots: http://www.ghs.com/products/timemachine.html

Really?

http://www.ghs.com/news/20051115_medical_devices.h tml

Are you sure about that?

Really?

But I would think the people who want a compartmentalized OS would also be the ones to get reliable and certified hardware. And I think in some cases it would be possible for the OS to actually compensate for some hardware flaws - think of hard drives. Even as you look at this page, your hard drive head could have probably mis-read one of the bits from the platter but the _software_ in its controller corrected the mistake and you didn't even notice that anything happened. Here is the case where the hardware was designed to fail gracefully and the software was designed to cooperate with it and correct the problem.

In case of a video card, if it fails (say performing some exotic 3D shading operation) but in a non-fatal way, such that the processor can still re-initialize it, then the separation kernel can choose a generic default driver that uses only the minimal subset of features (think VESA) and will re-initialize in that mode, so you would still see the console prompt and the network would still be up. Maybe the application that was trying to do the rendering might have to quit but the rest of the machine would be usable. These kind of requirements are not easy to justify for home desktops but for medical equipment, airplanes, military application it is very useful.

Check the INTEGRITY 178B from Green Hills for a commercial example of such a system.

How does it stack up to something like OSE-RTOS or GreenHills?

"With INTEGRITY, the highest priority interrupt is always serviced with absolute minimum latency. This results in latencies on the order of 140ns on a 233 MHz PowerPC. Similarly, context switches typically exhibit times on the order of 870ns, many times faster than most other RTOSes."

From TFA:
And there are plenty of strings!

Here are some clues about tools used to build the project:

Copyright (c) 1996-2001 Express Logic Inc. * ThreadX LX4180/Green Hills Version G4.0.4.0 *
G-GB-GL-M-D-DL-KML-CMR-HMR-ML2-GZ-KH2-CM-RP-TC- NH- TD-AP-HA-GF-DD-AT-MF-MS-DW-USA-CA-SD-SDSU

Copyright (c) 1996-2004 Express Logic Inc. * FileX LX4180/Green Hills Version G3.1a.3.1a *


I find ironical that the reverse engineered firmware was built using tools from the same Green Hills Software that spread that FUD about Linux not so long ago.

From TFA:
And there are plenty of strings!

Here are some clues about tools used to build the project:

Copyright (c) 1996-2001 Express Logic Inc. * ThreadX LX4180/Green Hills Version G4.0.4.0 *
G-GB-GL-M-D-DL-KML-CMR-HMR-ML2-GZ-KH2-CM-RP-TC- NH- TD-AP-HA-GF-DD-AT-MF-MS-DW-USA-CA-SD-SDSU

Copyright (c) 1996-2004 Express Logic Inc. * FileX LX4180/Green Hills Version G3.1a.3.1a *


I find ironical that the reverse engineered firmware was built using tools from the same Green Hills Software that spread that FUD about Linux not so long ago.

http://www.ghs.com/customers/lockheedmartin.html

No version of Windows is FAA certified for flight control. There are some pieces of equipment like this that are certified as supplementary equipment, but they are just additional information sources for the pilot. Critical flight systems must be "DO-178B Level A" certified by the FAA. Most aircraft manufacturers develop their own, the only off the shelf certifed system is the INTEGRITY RTOS.

Quote: The NSA has not fixed, or even seriously tried to fix, the security problems (documented in this series of white papers) that make Linux unsafe for defense systems.

[...] If secrecy isn't important to security, then why does Linus Torvalds keep the means of accessing the core Linux development tree a secret from all but a few people?

Another FUD dose says

The GPL was designed by Richard Stallman to prevent you from making a profit from distributing his software (which makes up a large part of Linux).

Quote: The NSA has not fixed, or even seriously tried to fix, the security problems (documented in this series of white papers) that make Linux unsafe for defense systems.

[...] If secrecy isn't important to security, then why does Linus Torvalds keep the means of accessing the core Linux development tree a secret from all but a few people?

Another FUD dose says

The GPL was designed by Richard Stallman to prevent you from making a profit from distributing his software (which makes up a large part of Linux).

The Green Hills Website lists a bunch of OSs on the front page: velOSity, INTEGRITY, and INTEGRITY-178B which is a version of INTEGRITY that was DO-178B certified.

Tim

Their corporate brochure gives some insight to why GNU/Linux is dangerous to their bottom line. BTW, the link is to a +3M file on their web site so only download it if you're interested.

Remember this guy? He also wrote "Linux Security: Unfit for Retrofit" ( http://www.ghs.com/linux/unfit.html )

This was covered by LWN back in May: http://lwn.net/Articles/83242/

IIRC, GHS does development on embedded XP stuff? I don't remember the details...

Green Hills Sparks Embedded Linux Security Row, Computer Business Review Online

Wow, Green Hills shares the same opinions as SCO -- big surprise. Gee, I don't suppose that's because Green Hills makes a competiting embedded operating system.

Then again, after being forced to program with INTEGRITY and its brain-damaged development interface for the past fourteen months, I can certainly attest that it has high security; why, even the API documentation and manuals appear to be encrypted.

(Damn right I'm posting anonymously; I'm not done with this project yet.)

"The Titanic sank because it filled up with water pouring in through a single hole in the hull. The lesson that was learned from this disaster is that ships should be divided into many watertight compartments. When the hull is breached and water starts pouring in, all of the watertight compartments are sealed so that only the compartment with the hole fills up with water. The ship stays afloat."