How about a disk drive that reports a negative amount of free disk space? Better yet, how about a launch vehicle that fails and requires triggering of a self-destruct sequence with a really expensive satellite on board? This is the topic of Jack Ganssle’s latest column, titled “Assume Nothing: 1 + 1 ≠ 2”. Ganssle is the world’s foremost authority on creating good embedded code (in my opinion) and he’s written about these topics for many years. This column is merely the latest of his musings.
The firmware disasters that Ganssle describes arise from inadequate testing and poor initial design. These are the factors that drive the EDA360 concept of System Realization. The earlier you can start code development, the sooner you can start to test the limits of your assumptions. The more time you have for development, the better your code will be (assuming you’ve got a quality code-development process). Be sure to take a look at Ganssle’s latest thought-provoking column.
EDA360 Insider 