From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00 autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,da26f7e99d6cfcf3 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-04-09 07:15:26 PST Path: supernews.google.com!sn-xit-02!supernews.com!news.gv.tsc.tdk.com!falcon.america.net!sunqbc.risq.qc.ca!news.maxwell.syr.edu!isdnet!psinet-france!psiuk-f4!psiuk-p4!uknet!psiuk-n!news.pace.co.uk!nh.pace.co.uk!not-for-mail From: "Marin David Condic" Newsgroups: comp.lang.ada Subject: Re: software failure question Date: Mon, 9 Apr 2001 09:54:48 -0400 Organization: Posted on a server owned by Pace Micro Technology plc Message-ID: <9asev9$pb8$1@nh.pace.co.uk> References: <9Pxz6.992$ix4.198187@news1.rdc1.sfba.home.com> <3ACF132F.95DD191A@home.com> NNTP-Posting-Host: 136.170.200.133 X-Trace: nh.pace.co.uk 986824489 25960 136.170.200.133 (9 Apr 2001 13:54:49 GMT) X-Complaints-To: newsmaster@pace.co.uk NNTP-Posting-Date: 9 Apr 2001 13:54:49 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Xref: supernews.google.com comp.lang.ada:6657 Date: 2001-04-09T13:54:49+00:00 List-Id: I recall hearing of a jet engine simulation that had a similar bug with respect to burner temperature. Apparently, the temperature could go negative and since the scale was WRT absolute zero, air started sucking in from the back of the engine. Naturally, this is physically impossible - but the math for the simulation worked out that way. Given that it was, in fact, a simulation, the error didn't hurt anything, but it is an example of how easy it is for a minor mistake to totally botch up a system. (Something that might have been detected more readily with strong type checking and proper use of types/ranges.) There are similar stories of numeric calculations which "rolled over" mathematically causing the software to attempt to instantly reverse mechanical actuators. This is what is known in the technical jargon as "A Bad Thing". (Like crossing the streams! :-) A lot of these errors can easily be caught with range checks, but before beating up on the poor Fortran programmers who did this, remember that a range check alone won't necessarily save the day. You have to consider the speed of the software to determine if it can withstand range checking and you have to consider what your FDA strategy is going to be. A bad FDA strategy (or none at all) can be just as bad - or worse - than flipping sign bits arbitrarily. MDC -- Marin David Condic Senior Software Engineer Pace Micro Technology Americas www.pacemicro.com Enabling the digital revolution e-Mail: marin.condic@pacemicro.com Web: http://www.mcondic.com/ "Mark Biggar" wrote in message news:3ACF132F.95DD191A@home.com... > It was the fly-by-wire software for the F-16. Fortunately, > this error was caught in simulation and no planes were actually > flipped. For more info, you might want to look in the risks-digest > report database "http://catless.ncl.ac.uk/Risks". The bug in question > can be found easly by searching on "equator".