From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_05,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 1014db,1042f393323e22da X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,1042f393323e22da X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,1042f393323e22da X-Google-Attributes: gid109fba,public From: eachus@spectre.mitre.org (Robert I. Eachus) Subject: Re: Any research putting c above ada? Date: 1997/04/21 Message-ID: #1/1 X-Deja-AN: 236486630 References: <5ih6i9$oct$1@waldorf.csc.calpoly.edu> <2senchydgk.fsf@hpodid2.eurocontrol.fr> <5im3an$3dv@bcrkh13.bnr.ca> <33526CBF.41C6@cca.rockwell.com> <5j0e5i$qgi@bcrkh13.bnr.ca> <33552C53.41C6@cca.rockwell.com> Organization: The Mitre Corp., Bedford, MA. Newsgroups: comp.lang.c++,comp.lang.c,comp.lang.ada Date: 1997-04-21T00:00:00+00:00 List-Id: In article <33552C53.41C6@cca.rockwell.com> Roy Grimm writes: > Can you give me an example of when faulty software has crashed an > airplane? I can't think of one myself (though I won't presume to > deny that it has happened.) At least a dozen. The worst cases were the A320 Airbus crashes. At least one was due to a software specification bug, and there is some suspicion that all of them were due to that bug or some related bugs. (But the real, probably never to be duplicated, specification bug in the A320 is that the pilot can't override the flight control system in an emergency.) Other cases not so clear include the A340 prototype--there was a software failure during a test flight, but the command pilot didn't override soon enough, and the X-29 prototype. The X-29 crashed when a pitot tube iced up. The electrical heater for the pitot tube had been disconnected for a test, and apparently the aircrew were unaware of this fact. In any case, once the tube iced up, the software assumed an airspeed of zero and the plane crashed. Assuming an airspeed above stall could have avoided the crash. > The critical systems are not allowed to cause an airplane crash, > according to the standards. As a result, they are backed up by > redundancy and alternate systems. However, I do not deny that there > could have been a problem caused by faulty software which caused an > airplane crash. I just don't know if it has happened. I don't happen > to keep those statistics fresh in my mind. > Roy A. Grimm > Rockwell Collins Avionics > Cedar Rapids, Iowa > ragrimm@cca.rockwell.com Please get a subscription to AvLeak, and read the dry, technical reports of the probable cause hearings printed there. Anyone involved in avionics should do that. -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is...