[fpc-other] Re: A question or two regarding the FPC

Sat May 9 16:44:04 CEST 2009

<<This was getting off topic so decided to put this thread here.>>

I my past life as a control systems engineer for real time industrial  
safety logic systems, there is no system that is 100% perfect. You can  
only do as much as you can.   As far as hardware is concerned, you can  
use a 2 of 3 voting system, but that assumes there is no systemic  
hardware, OS, or application logic error.

You usually want a simple, small real time OS that doesn't do much but  
run simple procedural code without any dynamic memory allocation.

To deal with systemic hardware and OS problems, I worked o n a project  
were we used a redundant hardware of two totally different types: one  
off the shelf vendor and another circuit designed in house which  
either would shut down the operation if a fault was detected.   
Shutdown scenarios are easier (but often not simple) to deal with than  
something you have to keep running.

To deal with logic errors, there is just not much you can do except  
for having two completely different software teams work from the same  
design specification - and hope you have a "perfect" design.   The  
design is usually improved over time as you get experience working  
with the controlled process.

There are ISO specifications and other cross industry organization  
which meet for guides on doing critical work.

I'm not sure how things are done for medical equipment but I would  
imagine they have similar stuff going on.

The main problem in industry is that the people who make the designs  
are all retiring and you have a lot of lost knowledge and then someone  
new comes along and tries something new but didn't know that was tried  
10 years ago and failed.   It is a serious problem, especially when  
companies i n the US first lay off their experienced workers (over 50)  
to save money.   The other problem (which causes much more casualties  
and loss of property) is human error and bypassing the shutdown system  
because it is inconvenient to do some other tasks fo maintenance or  
process start up where not all the interlocks are satisfied - i.e.  
chicken or egg situation.

The nice thing about FPC and open source in general, is that anyone  
can take a look at the code and anyone can submit bug reports or  
discuss things openly in various ways such as this mailing list.    
Even if most people don't delve into the code, many more can and do  
than if it were closed software.  - R