C is Brittle D is Plastic
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Wed Apr 8 22:02:31 UTC 2026
On 09/04/2026 9:33 AM, Walter Bright wrote:
> On 4/8/2026 1:48 PM, Richard (Rikki) Andrew Cattermole wrote:
>> Given how prevalent software is now in aerospace, the fact that planes
>> aren't falling out of the sky on a regular basis is pretty incredible.
>> No amount of hardware can make up for how invasive it is.
>
> Having done design work for 3 years at Boeing, I can tell you that the
> software does fail. So does the hardware. And so does the nut behind the
> wheel.
>
> The reason planes don't fall out of the sky is:
>
> * backup systems and workarounds *
>
> (I don't know how often this happens, but airplanes are given the green
> light to fly even when many things are broken. There is a "minimum
> equipment list" which specifies what cannot be let slide.)
>
> The reality is one cannot make perfect parts. But one can greatly reduce
> the consequences by making the system *tolerant* of faults. It's a
> different mindset.
>
> Note that the Fukushima reactor and the Deepwater Horizon rig did not
> have backup systems. And so when something went wrong, a zipper effect
> resulted.
>
> (I don't recall the details, but I went through the zipper for both of
> them. It was rather astonishing for me as redundancy and fault tolerance
> was hammered into me.)
Over the last 50 years, software has replaced hardware, and simpler
hardware became more complex. Both introduce their own new risks that
didn't exist when you were working on it.
The significantly increased surface area and responsibility of behavior
controlled by software, and the fact that aircraft are still flying
without catastrophic failures on a regular basis due to software alone
is what is so amazing.
While I'm sure we could if we really tried, could find examples where
software failed and could not recover, finding hardware faults causing
software faults is a lot easier than just software faults by itself.
I.e.
https://www.eplaneai.com/news/airbus-to-update-a380-engine-software-by-q1-2026
Note: I picked Airbus to search for, because I know that they use Astrée.
By all accounts, we should be seeing a lot more catastrophic level
problems with articles on software failures in aircraft, yet we are not.
The surface area is simply too large for humans to be the only ones
catching problems.
More information about the Digitalmars-d
mailing list