BLOG@CACM
Computing Applications

Developing Software For the Outer Space

Posted

Gerard Holzmann was a keynote speaker at OOPSLA today. Gerard is a fellow at NASA’s Jet Propulsion Laboratory (JPL) in Pasadena, California, and has done a great deal of software development for spacecrafts. It is indeed very interesting to see how NASA makes sure that their multi-million dollar space missions are not jeopardized due to programming glitches.

  

Gerard pointed out some interesting statistics on spacecraft software. The first moon lander in 1969 had a system equivalent to about 10,000 lines of code. By the estimates, the next Lunar mission to come in 2019 would have about 10 million lines of code! We would surely have the necessary hardware technologies to handle such a system, but it is inevitable that the number of defects also increase with such a large system. In Gerard’s own words "the human brain is not going to get bigger that soon" and at current rate about two residual defects are found per 1000 lines of code. Geralds guiding principle is "if we don’t learn to use computers to analyze our programs, we are in a losing battle."

  

JPL uses a number of automated code analyzing tools, both to verify the design and the code. Spin, an opensource formal verification tool, is one of NASA’s work horses. As Gerard pointed out, the improvements and optimization in algorithms and the advances in the hardware allows model checking to be performed extremely quickly now (in the order of seconds) and it does not make sense not to do it, especially when millions of dollars are at stake. Verifying code is harder. Gerard explained the JPL solution  for code verification, suitably named "scrub." Scrub is a hybrid system that has an automated verifier and also human reviewers that detect deviations from the coding guidelines. The effort that is taken to keep the complex spacecraft software working absolutely correct is indeed remarkable.

 

The lessons from JPL are equally applicable to today’s software development processes. The cost of formal verification, both in terms of time and effort, have come down and at the same time failures are becoming costlier than ever. Perhaps it’s time for us to take a lesson from NASA?

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More