ESA's Schiaparelli Mars probe crashed because of integer overflow

[Shachar Shemesh via Digitalmars-d]

On 26/11/16 07:50, Walter Bright wrote:

> I'd like to know what really happened with the code.
>
> But as someone who has worked on flight critical systems for airliners,
> the designs are required to account for any single failure of anything.
> That means all inputs must be validated for "reasonableness", and the
> same for outputs. If any of this is outside reasonable bounds, there
> must be failover to a backup method.
>

My experience is slightly different. More accurately, I think your 
experience is too narrow.

Yes, civilian aviation code gets a very high level of scrutiny. Number's 
I've heard range from 1:9 to 1:18 ratio between resources spent writing 
the code and resources spent testing it. Code is written to extremely 
high standards, that relate to the level of dependency flight safety has 
on the code.

So, code actually flying the aircraft > code used to display flight 
critical information to the pilot > code used to display information the 
pilot may depend on > code used to display generic information.

That last category, BTW, may run Windows and off the shelf applications.

So that part corroborates Walter's story, BUT

THIS ONLY APPLIES TO CIVILIAN AIRCRAFTS

This level of standard does not apply to:
* Military aircrafts
* Spaceships
* Auto car industry
* Medical equipment
I'm sure there's more

Even drones, until fairly recently (around 2008), were completely 
unregulated. I'm talking about huge unmanned flying platforms, some as 
big as four seat airplanes.

In some of those fields, things aren't as bad as that. The car industry 
is slowly getting better. High financial stakes in the space field cause 
caution. The military aviation field is done by much of the same players 
as the civilian aviation, and thus some care is carried over.

As far as regulations go, however, we're screwed.

Shachar