I believe the confusion between '500,000 lines' in the question vs '2.5 million/3.5 million' in the answers is the context.
The 500,000 number is involved in the entry, descent, and landing (EDL) process specifically, and the rover systems are millions overall.
Not sure why the values are 1m different, but the 2.5m citation is what is in the linked PDF.
It's hard for me to imagine 1M lines of code being written/generated in a year and then flown. I suspect either the first person was responsible for testing only 2.5M lines of it, or they used different counting methods.
As the one who posted the larger figure, I'd say it's more reliable because it comes from the man who sat at the Flight Control station in the control center :D
I'd think this is right, because the answer that gives the 2.5 million loc number also says that this code is descended from the code for Spirit/Oppie and further from Soujourner, but the EDL system for Curiosity is so different from the ones for the older rovers, it has to involve a lot of entirely new code.
You dug up a great talk, but I could not find the PDF. There's no link, and the expected file FSW10_Cichy.pdf is not present with all the other PDFs in the download directory.
The author, Ben Cichy, was the guy in Flight Control during the landing last night, sitting behind the position marked "Flight Software". So he's definitely a good source for the background ;-)
I don't know if there is a PDF. The media player is interesting, though, in that it's actually just some javascript that loads a sequence of stills at the appropriate time, and if you look at the source, you can write, say, a python script to download all the images, which I did. When I get home, I'll see if I can find it.
OK, here's the script I had hacked together. It (or some previous version), successfully downloaded all of the images, and a timings.txt. It was then supposed to create a movie file of each slide of the appropriate length, concatenate them all, and add the audio. But my VM kept crashing, and then I never had time to get back to it. Plus, the movie file ended up being very large. But if you have python 2.7.2+, you can run it and grab the images.
They make models of the software before writing any code, and a lot of the code can be generated from the models. There's a guarantee that if the model is correct so is the code. Or, you don't have to check that your hand-written C actually matches the system you were building.
This is really key. The guarantees provided by modeling systems are of limited value if the translation between model and runnable code involves manual labor.
A formal model of how the software is supposed to behave. Models can be proven to have certain properties (e.g. deadlock-free, cruise control always turns off when brake is hit), while with software you're usually limited to testing. A proof guarantees that the software works for all possible inputs, whereas when testing only some inputs are tried.
To model individual processes, one could use automata, for interaction of processes there are process calculi.
I wrote it[edit: by which, I mean the answer containing the sentence in question], and I'm not 100% sure, although there probably is a separate presentation in that year or a different year that describes their auto-generation process. I know that it was a popular topic in general at the FSW-11 conference.
Simulink is a possibility. It's a MATLAB component popular among mechanical engineers, and therefore most navigation & control engineers, and allows them to 'code' and simulate things without thinking they're coding.
Model-based programming is definitely a thing that the industry is slowly becoming aware of, but I don't know how well it's catching on at JPL or if they would have chosen to use it when the project started.
The third and most likely possibility is for the communication code. With all space systems, you need to send commands to the flight software from the ground software, and receive telemetry from the flight software and process it with the ground software. Each command/telemetry packet is a heterogeneous data structure, and is is necessary that both sides are working from the exact same packet definition, and format the packet so it is correctly formatted on the one side, and parsed on the other side. This involves getting a whole lot of things right, including data type, size, and endianness (although the latter is usually a global thing, you could have multiple processors onboard with different endianness).
But that's just the surface. You need lots of repetitive code on both sides to handle things like logging, command/telemetry validation, limit checking, and error handling. And then you can do more sophisticated things. Say you have a command to set a hardware register value, and that value is sent back in telemetry in a particular packet. You could generate ground software that monitors that telemetry point to ensure that when this register value is set, eventually the telemetry changes to reflect the change. And of course, some telemetry points are more important than others (e.g. main bus current), and are designated to come down in multiple packets, which involves extra copying on the flight side and data de-duplication on the ground side.
With all that, it's much easier (in my opinion) to write one collection of static text files (in XML, csv, or some DSL/what-have-you), run them through a perl/python script, and presto! Code!
Let's hope Nasa is not cutting corners like Boeing did (does?) running VxWorks on 747s and using telnet to connect to any 747 aircraft while in flight.
EDIT: Boeing only connected to aircrafts to retrieve flight stats and other data. Or when following a customer request. The point I wanna raise is not the fact Boeing connects to aircrafts, but the fact they do so using non-crypt ol'telnet
http://web.archive.org/web/20050830190246/www.fastcompany.co...