Re: software failure question

["Marin David Condic" <marin.condic.auntie.spam@pacemicro.com>]

I recall hearing of a jet engine simulation that had a similar bug with
respect to burner temperature. Apparently, the temperature could go negative
and since the scale was WRT absolute zero, air started sucking in from the
back of the engine. Naturally, this is physically impossible - but the math
for the simulation worked out that way. Given that it was, in fact, a
simulation, the error didn't hurt anything, but it is an example of how easy
it is for a minor mistake to totally botch up a system. (Something that
might have been detected more readily with strong type checking and proper
use of types/ranges.)

There are similar stories of numeric calculations which "rolled over"
mathematically causing the software to attempt to instantly reverse
mechanical actuators. This is what is known in the technical jargon as "A
Bad Thing". (Like crossing the streams! :-) A lot of these errors can easily
be caught with range checks, but before beating up on the poor Fortran
programmers who did this, remember that a range check alone won't
necessarily save the day. You have to consider the speed of the software to
determine if it can withstand range checking and you have to consider what
your FDA strategy is going to be. A bad FDA strategy (or none at all) can be
just as bad - or worse - than flipping sign bits arbitrarily.

MDC
--
Marin David Condic
Senior Software Engineer
Pace Micro Technology Americas    www.pacemicro.com
Enabling the digital revolution
e-Mail:    marin.condic@pacemicro.com
Web:      http://www.mcondic.com/


"Mark Biggar" <mark.a.biggar@home.com> wrote in message
news:3ACF132F.95DD191A@home.com...

> It was the fly-by-wire software for the F-16. Fortunately,
> this error was caught in simulation and no planes were actually
> flipped.  For more info, you might want to look in the risks-digest
> report database "http://catless.ncl.ac.uk/Risks".  The bug in question
> can be found easly by searching on "equator".