Java-AutoTrac-min

Java 與 AutoTrac 3 :進一步質疑

本來暫時唔想再寫 Java 同 AutoTrac 3 嘅問題,只不過,Hong Kong Java User Group 呢班友,知得唔比我多,仲要學人批鬥人,我大學用 Java 到幾年前至停,同埋我本身有啲航空背景。我諗我有必要提出進一步質疑,免得一班傳教仲大過天嘅友仔,幫CAD打人打得咁過癮。

Safety-Critical Java 與AutoTrac 3

航空有關嘅應用,一般係視為 Safety-Critical 嘅應用,而Java為咗進軍呢方面領域,係有另一啲Java標準同JVM係serve呢件事,呢個標準叫 Safety-Critical Java Technology Specification ,好多航空人,都知道係乜嚟,所謂軍用有用 Java ,果啲 Java 程式,係跟呢套標準,唔係跟一般 Java 。

根據呢套標準,一開始引言已經講咗:

Safety-critical systems can be defined as systems in which an incorrect response or an incorrectly timed response can result in significant loss to its users; in the most extreme case, loss of life may result from such failures. For this reason, safety- critical applications require an exceedingly rigorous validation and certification process. Such certification processes are often required by legal statute or by certification authorities. For example, in the United States, the Federal Aviation Administration requires that safety-critical software be certified using the Software Considerations in Airborne Systems and Equipment Certification (DO-178B [6] or in Europe, the ED-12B [7]) standard controlled by an independent organization.

The development of certification evidence for a software work-product used within a safety-critical software system is extremely time-consuming and expensive. Most safety-critical software development projects are carefully designed to reduce the application size and scope to its most minimal form to help manage the costs associated with the development of certification evidence. Examples of the resulting restrictions may include the elimination or severe limitations on recursion and the rigorous and careful use of memory, especially heap space, to ensure that out-of-memory conditions are precluded.

所以我同時有三個問題出現:

  1. 香港民航處,點解俾一個明顯唔符合safety-critical systems 要求嘅系統出街?個程序出咗乜事?
  2. AutoTrac 3用嘅JVM,係唔係一個根據SCJ標準寫嘅JVM,業界得幾個JVM啱呢個要求,點解唔交代?
  3. SCJ標準講明 to ensure that out-of-memory conditions are precluded,點解會出現2.5GB 就出事嘅情況

特別係 DO-178B Level A要求敘明

Level A: Software whose anomalous behavior would cause or contribute to a failure of system function resulting in a catastrophic failure condition for the aircraft. A catastrophic failure is one which would prevent continued safe flight and landing.

AutoTrac 3已經係level A fail,我唔明點解咁都過得關。

而好多Java傳教士,話Java有 garbage collection,呢件事,係唔適合喺用SCJ標準寫嘅program,因為SCJ係用 Real-time Java,

The following defines the requirements for the SCJ memory model that enables object creation without requiring garbage collection, avoiding memory fragmentation, and without a need to explicitly free memory:

換言之,係無GC呢樣嘢,唔好再用GC同我sell,好唔好?

呢件事上,好我慎重再請教航空相關嘅人,無話 Java 完全唔用得航天領域,但如果係去到 DO-178B Level A 或 B嘅應用,會用得十分之保守。民航處係一定有失誤,但SCJ呢個技術,都係近十年至發展,用喺ATC係上係唔係太勇?值得大家思考。

後話:由今日開始,立場新聞同香港獨立媒體將會係本blog拒絕往來戶,而Hong Kong Java User Group 任何留言,一定block,呢件事上,無乜對話空間可言。證明呢班友,自己唔識仲要鬧人唔識,如果佢地一早知乜叫 Real-Time Java 或者 Safety-Critical Java,我或者唔會選擇同佢地開拖。有重大問題上唔分輕重,又唔係真係識嘅人,我亦無必要教曉佢地。

2 thoughts on “Java 與 AutoTrac 3 :進一步質疑

  1. 世澤兄:

    Agree with you.

    1. 當 “惡勢力上級” 話要買呢個 system, 不論任何居心, 下面驗收嘅會識做.

    2. 就天真啲, 假設驗收嘅有 “良知”, 會守尾關, 佢地唔一定識 IT.

    3. 又退多步, 假設驗收嘅有良知, 識航空兼識 IT, 當中又有幾多真係識 Safety-Critical system, real-time system 係點做出來, 點 Q? Real-time OS 有乜 timing 特性, 有乜 memory resource 特性, 點解要用同幾時一定要用?

    4. 有人話, 十個 IT 九個串嘴, 不幸地, 香港計, 呢個不過係事實嘅一部分, 另一部分就係茶博士充博士, 試下同佢地講 real-time system, 佢地會好X串咁講: “real-time clock 你都唔X識”, 仆街嗎?

    5. 教育問題, 香港 IT 根本就唔理呢啲, (最簡單, run time 時去 claim 多啲 memory resources “老奉” 無問題) electronic engineering / computer engineering 就有講, 但以 electronic engineering 計, 都係選修, 唔係必修.

    6. 近年 IT department 充斥啲乜人教?

  2. 澤兄你好,請問你點睇香港Java嘅整體水平呢?你認為Hong Kong Java User Group之水平又如何?謝謝

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *