piclist 1999\02\16\030311a >
Thread: Robust Software:
www.piclist.com/techref/index.htm?key=
flavicon
face BY : Mark Willis email (remove spam text)



Graeme Smith wrote:
> <snipped>
>         (un-programmed state) with a jump to preknown state, to redirect
>         errant programs back into the main loop, in a known safe state.
>
>                                         GREY

 What I think everyone here's saying, is that they've looked for such a
beastie, and there isn't such a beast as a "known safe state", once you
ended up in a unknown state through some unknown means.

 If the principle of least astonishment is voided, you're best off to
trust nothing, run a (at least partial) hardware test, and RESTART
otherwise, i.e. either do a power-up restart or a Watchdog restart.
Then, you at least know that your hardware's set correctly, etc. -
because YOU JUST SET IT CORRECTLY.  (You might think of a state machine
for your project - occasionally when everything tests OK, save state
"Checkpoint dump", should you end up in psychotic code space, TRUST
NOTHING, restart, and load your last checkpoint dump and work forwards
from there.  At least that way if you crash, you don't have to duplicate
ALL your work from scratch...  Also, the checkpoint dump can give you an
idea on what's going on <G>)

 When you work with embedded hardware that controls electronics that
can quite literally blow up when over-driven, ASSUMING that things are
safe just isn't a good idea at all.  (Say you were controlling a piece
of high powered pulsed RF transmitter with a PIC part, the transmitter's
turned on at super high power, and just before it is to be turned off,
the software crashes;  You then assume that the transmitter's off and go
ahead and process the next 15 minutes worth of received data in the PIC,
setting up for the next transmission, as the transmitter not-so-slowly
melts into $25,000 worth of slag, but your job's secure and the boss
will be happy - you assumed it was safe, so it was, right? <G>)  This is
different than a lamp dimmer or soundmaker where an occasional "oops"
just makes the light bulb flash a little brighter or the sound a little
different than expected;  I for one find that the way you GET good
habits, is to always be very aware of what you're doing, when you're
-developing- habits <G>

 (You can bet that any sane person who had that one, would make sure
that his power-up / watchdog software turned off the transmitter, first
thing.  THEN went on to other things...)

 Mark

<36C8D986.83F04227@nwlink.com> 7bit

See also: www.piclist.com/techref/index.htm?key=
Reply You must be a member of the piclist mailing list (not only a www.piclist.com member) to post to the piclist. This form requires JavaScript and a browser/email client that can handle form mailto: posts.
Subject (change) Robust Software:

month overview.

new search...