[Oberon] Oberon as (embedded) rtos.

Chris Burrows chris at cfbsoftware.com
Mon Nov 12 08:12:01 CET 2018



> -----Original Message-----
> From: Oberon [mailto:oberon-bounces at lists.inf.ethz.ch] On Behalf Of
> Paul Reed
> Sent: Monday, 12 November 2018 12:26 AM
> To: ETH Oberon and related systems
> Subject: Re: [Oberon] Oberon as (embedded) rtos.
> 
> > https://en.wikipedia.org/wiki/Rate-monotonic_scheduling#cite_note-
> 12
> > ..."What really happened on Mars Rover Pathfinder"
> > http://www.rvs.uni-
> bielefeld.de/lectures/TechInf/TI2/download/19.49-1.
> > 1.ht
> > ml
> > ...Some lessons learned...
> > https://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf
> 
> Thanks, nice reading!  It reminded me that Chris Burrows has already
> pointed out how much you need to do of MISRA-C when writing in C,
> which with Oberon you get out-of-the-box.
> 

Thanks for remembering, Paul!

For those who were not fortunate enough to be able to attend Oberon Day 2011
this is a summary of my attempts to get some measure of the comparative
reliability of C and Oberon-07 when used for embedded software development. 

>From Wikipedia: "MISRA C is a set of software development guidelines for the
C programming language developed by MISRA (Motor Industry Software
Reliability Association). Its aims are to facilitate code safety, security,
portability and reliability in the context of embedded systems"

I took the 142 rules of the MISRA-C:2004 "Guidelines for the use of the C
language in critical systems" and applied them to Oberon-07. I discovered
that more than 70% of the rules are NOT required when programming in
Oberon-07. They are either already enforced by the language or are not
applicable.

Examples of MISRA rules that are not applicable to Oberon-07: 

  Rule 14.4: The goto statement shall not be used. (Oberon-07 does not have
GOTO)

  Rule 14.5: The continue statement shall not be used. (Oberon-07 does not
have CONTINUE)

Examples of MISRA rules that are enforced by the design of Oberon-07: 

  Rule 14.7: A function shall have a single point of exit at the end of the
function.

  Rule 16.6: The number of arguments passed to a function shall match the
number of parameters.

The remaining 30% of MISRA rules would need to be followed if using
Oberon-07 for critical systems. They include: 

  Rule 2.4 (advisory): Sections of code should not be "commented out".

  Rule 20.4: Dynamic heap memory allocation shall not be used.

More information about MISRA and their guidelines can be found on their
website:

  www.misra.org.uk  

Regards,
Chris Burrows
CFB Software
http://www.astrobe.com




More information about the Oberon mailing list