Incomplete Or Misleading



Quality assurance of coding is the next step toward reliable software. All coding should be reviewed by someone other than the original author. This review serves to enforce programming standards, detect coding errors, and reduce interface problems between systems which are being developed independently.

The final step in the development of reliable software is extensive testing by an independent testing group, using realistic simulated data. Test cases should be selected to exercise all program options and to generate results which can be independently verified; this should include testing for proper handling of error conditions. Testing of filtering algorithms is described in detail in Section 14.1. Myers [1975] and Dahl, el al., [1972] suggest additional techniques for the development of reliable software. Table 20-1 lists some of the more common causes of software errors encountered in mission support programs, along with suggested methods for avoiding or minimizing these errors. The table is based primarily on experience with FORTRAN scientific applications programs.

Finally, standardization of software can significantly improve reliability and reduce software development costs. Using standard interfaces between modules and standard units (such as the fundamental SI units) for variables reduces program complexity and facilitates reuse of the module. In general, the reliability of a module tends to increase with time, as errors are detected and corrected; however, this is true only if the original specifications for the module remain fixed. Thus, if a library of standard multimission utility routines is developed and maintenance of the library is carefully controlled, these utilities can achieve a very high reliability. Specific utility routines appropriate for attitude systems are discussed in Section 20.3.

20.2 Use of Graphic Support Systems

Department Staff

In standard usage, graphic implies a pictorial representation. The terms conversational and interactive are used interchangeably to define a mode of processing which involves an exchange of information and control between a user at a terminal and a computer. In this section, we will use the term graphic to describe conversational processing with a cathode ray tube as the user's terminal.

Attitude support software systems operate in both the graphic mode and the batch, or nongraphic, mode. Some systems are designed to operate strictly non-graphically, some are designed to operate only with the direction of an operator at a display terminal, and some are designed to operate in either mode. Each processing technique provides some operational benefit.

Batch processing provides no means for interaction. Intermediate results may not be viewed and control parameters may not be modified during processing., Systems designed to operate solely in the batch mode use automated techniques, such as multiple sets of input parameters, for processing several segments of data in one job. In addition, batch systems are often programmed with logical switches which determine the level of output and the options to be employed. Because batch processing systems operate without the intervention and guidance of an operator, they normally require less core residence time than do graphic systems. This approach minimizes the use of resources and susceptibility to human error. However, the inability to dynamically modify control parameters after viewing intermediate results and to redirect program flow is a disadvantage for any system which is required to process data acquired under a wide variety of circumstances.

Graphic processing allows for modification of parameters and data and for redirection of processing by a display operator. This flexibility can be invaluable if the right parameters are available for modification. That is, the designer of a graphic system must make available to the display operator those items which may require modification. Because these parameters may be difficult to identify in advance, most systems display more parameters than are normally modified in practice.

In addition to flexibility, graphic processing techniques free the system designer from providing algorithms for all contingencies because the choice of processing options can be left to the judgment of the display operator. Although the flexibility provided by graphic processing appears to make this technique far superior to a strictly batch system, graphic processing is costly. A knowledgeable display operator must be present to operate the system, a graphic device must be allocated, and the core residence time of the system is increased because of the long idle periods while the program is awaiting operator action at a display.

The best approach to attitude software design is a system which can be executed in either mode. Such a system provides the flexibility required for nonnominal conditions but does not use the resources required by a graphic system when data conditions are nominal. The system's designer can provide both automatic recycling and contingency procedures for nongraphic runs and display parameters, data, and flow control switches for modification when a display device is available.

Early attitude support systems at NASA's Goddard Space Flight Center used the general-purpose Graphic Subroutine Package (GSP) to perform graphic functions [IBM, 1972]. This package supports the construction of display images and allows operator intervention. However, a knowledge of the package and a limited knowledge of the device are required to develop the graphic interface. Adding a new display image to the system generally entails developing and testing a new subroutine.

An alternative to generalized packages such as GSP is a graphic support system which provides fewer capabilities but is easier to use. A graphic support system offers the advantages of standard display formats and operating procedures, simple display creation, and usability without knowledge of a graphic device. The use of standard display formats means that display images can be considerably more sophisticated than would be possible with a generalized package, given the same amount of development time. The graphic support system permits the analyst to use many techniques previously available only to a few experts. In addition, an operator or analyst working with several systems can understand and use a new display even though he may be completely unfamiliar with the particular attitude system being used. This aspect is particularly important for bringing past .experience to bear on current problems.

The features which make a graphic support system beneficial also tend to reduce operating efficiency. Because of the limited capabilities, which make it easy to use, the support system may not be adaptable to special-purpose requirements.

0 0

Post a comment