ESA's Schiaparelli Mars probe crashed because of integer overflow

Sun Nov 27 13:18:02 PST 2016

On Sunday, 27 November 2016 at 05:43:11 UTC, Shachar Shemesh 
wrote:
> On 26/11/16 07:50, Walter Bright wrote:
>
>> I'd like to know what really happened with the code.
>>
>> But as someone who has worked on flight critical systems for 
>> airliners,
>> the designs are required to account for any single failure of 
>> anything.
>> That means all inputs must be validated for "reasonableness", 
>> and the
>> same for outputs. If any of this is outside reasonable bounds, 
>> there
>> must be failover to a backup method.
>>
>
> My experience is slightly different. More accurately, I think 
> your experience is too narrow.
>
> Yes, civilian aviation code gets a very high level of scrutiny. 
> Number's I've heard range from 1:9 to 1:18 ratio between 
> resources spent writing the code and resources spent testing 
> it. Code is written to extremely high standards, that relate to 
> the level of dependency flight safety has on the code.
>
> So, code actually flying the aircraft > code used to display 
> flight critical information to the pilot > code used to display 
> information the pilot may depend on > code used to display 
> generic information.
>
> That last category, BTW, may run Windows and off the shelf 
> applications.
>
> So that part corroborates Walter's story, BUT
>
> THIS ONLY APPLIES TO CIVILIAN AIRCRAFTS
>
> This level of standard does not apply to:
> * Military aircrafts
> * Spaceships
> * Auto car industry
> * Medical equipment
> I'm sure there's more
>
> Even drones, until fairly recently (around 2008), were 
> completely unregulated. I'm talking about huge unmanned flying 
> platforms, some as big as four seat airplanes.
>
> In some of those fields, things aren't as bad as that. The car 
> industry is slowly getting better. High financial stakes in the 
> space field cause caution. The military aviation field is done 
> by much of the same players as the civilian aviation, and thus 
> some care is carried over.
>
> As far as regulations go, however, we're screwed.
>
> Shachar

My real world experience differs from yours but probably it comes 
down to the organisation you're with and for larger companies 
even which group. I've worked in military aviation, commercial 
drones for mining and exploration, not military, and medical 
devices and it was all heavily regulated software. I haven't come 
across too many cowboy outfits. I cannot speak for the other 
industries you mention such as automotive.

The problem we face today in medical is not the lack of scrutiny 
and regulation but that regulations have not caught up with the 
security issues. The latest FDA guidelines address this somewhat 
for for pre and post market devices but there are many devices 
out there running a full linux with nothing more than SSH 
disabled. The majority will still have a root user account and 
probably even enable root over serial console.

bye,
lobo