Le 25/07/2021 à 11:45, Andreas Messer a écrit : > Why I'm so critical about letting it crash: I typically deal with stack > sizes of no more around 2-8kB in automation devices and have to be careful > with that. You can't simply let a newspaper printing machine's motor control > crash, 1000's of newspaper pages would be trashed. Once we had a crash in > simple limit switch device. As a result the high-rack robot pushed a > pallet in 15m height out of the rack. Fortunately, it was just another > robot which was destroyed (stood just below) - not a human being. Still > a very expensive case for the company. So I'm used implement a lot of > checks :-). (Actually we even don't use heap allocation after booting > the firmware)
Note that not only a crash might cause this effect. C (and libc) is a language where "undefined behaviour" may happen at the corner of every streets, as mentionned everywhere in the mans. With all respect due to your work, I tend to think that with such expensive and dangerous machines, more investment should be put into hardware so as to get controllers with a decent ram. And maybe the firmware could take safety action when software crashes. Similarly, more investment should be put in software so as to make a review of available languages suited for mssion-critical applications and invest in learning the chosen language. C and C++ are so error-prone that they are really not suited. This went far off topic. I have more on the initial topic but am getting tired (~: -- Didier _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng