Re: Boeing 787 integer overflow

[Maciej Sobczak <see.my.homepage@gmail.com>]

W dniu niedziela, 3 maja 2015 01:34:59 UTC+2 użytkownik Robert Love napisał:

> Ars Tecnica has this article:
> 
> http://arstechnica.com/information-technology/2015/05/01/boeing-787-dreamliners-contain-a-potentially-catastrophic-software-bug/ 
> 
> 
> Can anyone comment on what language Boeing used for this?

It does not matter. The ability to run continuously for 8 months was most likely not in the requirements (planes have to be switched off for maintenance more frequently than that anyway), so there was no need to implement a solution for this. You can safely argue that the capacity of the counter allows proper operation within the given bounds and you could even have that tested with 100% coverage of the *required* data/time domain and (why not?) formally verified as well.

> If Ada, would a modular integer be more appropriate?

Why? Are you aware of the requirement that the counter has to automatically reset after (let's say) half a year? I guess not and even if you attempt to make it up as a derived requirement, it might be superfluous or even contradictory to other requirements.

> Is there an 
> exception handler for this integer?

Why? Are there any requirements that explicitly state the plane has to work continuously for longer than 8 months?

Ada is not a solution to this problem, because this is really not a problem (unless shown at the level of requirements). The whole article is only an opportunity for journalists to write something exciting and then Boeing has to react somehow purely for PR reasons, even if, from the engineering perspective, they don't actually have to.

Of course, if it appears that this part of the system was indeed written in Ada, you can expect Ada skeptics to have a similar ride as with Ariane V.

-- 
Maciej Sobczak * http://www.inspirel.com