ESA's Schiaparelli Mars probe crashed because of integer overflow
Shachar Shemesh via Digitalmars-d
digitalmars-d at puremagic.com
Sat Nov 26 21:43:11 PST 2016
On 26/11/16 07:50, Walter Bright wrote:
> I'd like to know what really happened with the code.
>
> But as someone who has worked on flight critical systems for airliners,
> the designs are required to account for any single failure of anything.
> That means all inputs must be validated for "reasonableness", and the
> same for outputs. If any of this is outside reasonable bounds, there
> must be failover to a backup method.
>
My experience is slightly different. More accurately, I think your
experience is too narrow.
Yes, civilian aviation code gets a very high level of scrutiny. Number's
I've heard range from 1:9 to 1:18 ratio between resources spent writing
the code and resources spent testing it. Code is written to extremely
high standards, that relate to the level of dependency flight safety has
on the code.
So, code actually flying the aircraft > code used to display flight
critical information to the pilot > code used to display information the
pilot may depend on > code used to display generic information.
That last category, BTW, may run Windows and off the shelf applications.
So that part corroborates Walter's story, BUT
THIS ONLY APPLIES TO CIVILIAN AIRCRAFTS
This level of standard does not apply to:
* Military aircrafts
* Spaceships
* Auto car industry
* Medical equipment
I'm sure there's more
Even drones, until fairly recently (around 2008), were completely
unregulated. I'm talking about huge unmanned flying platforms, some as
big as four seat airplanes.
In some of those fields, things aren't as bad as that. The car industry
is slowly getting better. High financial stakes in the space field cause
caution. The military aviation field is done by much of the same players
as the civilian aviation, and thus some care is carried over.
As far as regulations go, however, we're screwed.
Shachar
More information about the Digitalmars-d
mailing list