Rebreather World - View Single Post

AD_ward9 · 18th December 2007, 06:06

Quote: (Originally Posted by caveseeker7)

Even if it's just a powerpoint ...

You're not using MSware in the OS of your CCR I hope.

I saw proposals for a rebreather controlled from a PC and thought at first it was an April fool joke, but then saw the dates were not right for that ...

The Powerpoint contains photos of the production unit: with the plastic items injection moulded etc. Incidentally, I have come full circle and use Unix (in this case, MacOS), so no MSware in the Powerpoint

(I assume you mean Microsoft software: MSWare is a company on its own). We have a Powerpoint showing the unit in lots more shots underwater: just waiting for Feb/March to get some real ice diving pics in there: the unit is designed to operate in water temperatures of -4C, and we know just where to go for that. I have posted some of the underwater trial pics already onto RBW.

Anyhow, to answer your point: there is no software controlling the rebreather, nor the comms systems or topside terminator. Software verification is extremely time consuming, so where we can we eliminate it. The entire rebreather, comms and remote control of lighting etc, operates with dual redundancy without any microcontroller in the path. We use instead hard logic, most of which is specified in Verilog. The Verilog HDL is used across the industry for designing extremely large silicon chips (ASICs), where hundreds of millions of gates have to work first time: it costs over $1mn and 9 months to fabricate and test a new ASIC, so the tools exist to enable the Verilog to be fully verified (formally). Any company that does not get its Verilog verification right in the ASIC world, where we live, goes out of business very quickly. It is akin to a ten million line software program running perfectly the first time: that is what formal verification delivers in hardware time after time. If it was not for design verification tools, hardly any silicon chip would ever work!

There are three points where software comes into the picture:

The web server that allows supervisors to manage the dive in comfort, with the fancy GUI, rather than plugging into the Topside terminator: that web server runs on a high reliability Linux machine (RAID 1 0, redundant PSUs etc). This requirement was assessed at no SIL, as the supervisor can always plug into the Topside terminator.
The supervisor can use any browser he wishes to access the web server: it even works from a mobile phone! If the browser crashes, he just opens another one. If all else fails, he just plugs his headset and video monitor into the Topside terminator.
We do use a microcontroller for the monitors that check the hardware. These have no third party software at all, they run a Time Triggered Architecture, and are formally verified, running a formally verified program, open compiler, Monte Carlo verification against formal models of compiled code.

Alex

18th December 2007, 06:06	#78 (permalink)
AD_ward9 RBW Member Current Rebreather/s: Other CCR Other Rebreather/s: Other CCR Join Date: Jun 2005 Location: Scotland Posts: 1,998	Re: Any news? Quote: (Originally Posted by caveseeker7) Even if it's just a powerpoint ... You're not using MSware in the OS of your CCR I hope. I saw proposals for a rebreather controlled from a PC and thought at first it was an April fool joke, but then saw the dates were not right for that ... The Powerpoint contains photos of the production unit: with the plastic items injection moulded etc. Incidentally, I have come full circle and use Unix (in this case, MacOS), so no MSware in the Powerpoint (I assume you mean Microsoft software: MSWare is a company on its own). We have a Powerpoint showing the unit in lots more shots underwater: just waiting for Feb/March to get some real ice diving pics in there: the unit is designed to operate in water temperatures of -4C, and we know just where to go for that. I have posted some of the underwater trial pics already onto RBW. Anyhow, to answer your point: there is no software controlling the rebreather, nor the comms systems or topside terminator. Software verification is extremely time consuming, so where we can we eliminate it. The entire rebreather, comms and remote control of lighting etc, operates with dual redundancy without any microcontroller in the path. We use instead hard logic, most of which is specified in Verilog. The Verilog HDL is used across the industry for designing extremely large silicon chips (ASICs), where hundreds of millions of gates have to work first time: it costs over $1mn and 9 months to fabricate and test a new ASIC, so the tools exist to enable the Verilog to be fully verified (formally). Any company that does not get its Verilog verification right in the ASIC world, where we live, goes out of business very quickly. It is akin to a ten million line software program running perfectly the first time: that is what formal verification delivers in hardware time after time. If it was not for design verification tools, hardly any silicon chip would ever work! There are three points where software comes into the picture: The web server that allows supervisors to manage the dive in comfort, with the fancy GUI, rather than plugging into the Topside terminator: that web server runs on a high reliability Linux machine (RAID 1 0, redundant PSUs etc). This requirement was assessed at no SIL, as the supervisor can always plug into the Topside terminator. The supervisor can use any browser he wishes to access the web server: it even works from a mobile phone! If the browser crashes, he just opens another one. If all else fails, he just plugs his headset and video monitor into the Topside terminator. We do use a microcontroller for the monitors that check the hardware. These have no third party software at all, they run a Time Triggered Architecture, and are formally verified, running a formally verified program, open compiler, Monte Carlo verification against formal models of compiled code. Alex Last edited by AD_ward9 : 18th December 2007 at 06:47.
(Offline)