Re: Boeing 787 integer overflow

[robin.vowels@gmail.com]

On Sunday, May 3, 2015 at 9:23:45 PM UTC+10, Maciej Sobczak wrote:
> W dniu niedziela, 3 maja 2015 01:34:59 UTC+2 użytkownik Robert Love napisał:
> 
> > Ars Tecnica has this article:
> > 
> > http://arstechnica.com/information-technology/2015/05/01/boeing-787-dreamliners-contain-a-potentially-catastrophic-software-bug/ 
> > 
> > 
> > Can anyone comment on what language Boeing used for this?
> 
> It does not matter. The ability to run continuously for 8 months was most likely not in the requirements (planes have to be switched off for maintenance more frequently than that anyway), so there was no need to implement a solution for this. You can safely argue that the capacity of the counter allows proper operation within the given bounds and you could even have that tested with 100% coverage of the *required* data/time domain and (why not?) formally verified as well.
> 
> > If Ada, would a modular integer be more appropriate?
> 
> Why? Are you aware of the requirement that the counter has to automatically reset after (let's say) half a year? I guess not and even if you attempt to make it up as a derived requirement, it might be superfluous or even contradictory to other requirements.
> 
> > Is there an 
> > exception handler for this integer?
> 
> Why? Are there any requirements that explicitly state the plane has to work continuously for longer than 8 months?

It won't be in the air for 6 months, but the software may be running
for that time, or the counter is running continuously.