Re: Boeing 787 integer overflow

[robin.vowels@gmail.com]

On Monday, May 4, 2015 at 10:38:45 AM UTC+10, Jeffrey R. Carter wrote:
> On 05/03/2015 04:34 PM, Dennis Lee Bieber wrote:
> > On Sun, 3 May 2015 12:03:51 -0400, Peter Chapin <P.nospam@vtc.vsc.edu>
> > declaimed the following:
> > 
> >> I guess it depends on if there is a *requirement* to reboot the system 
> >> periodically (less than 8 months) in the maintenance plan. The matter 
> >> should be handled somewhere and it seems like it wasn't. In other words it 
> >> was just "luck" that these systems have been getting restarted frequently 
> >> enough.
> 
> Apparently there isn't, since the AD is to restart the GCUs more frequently.
> 
> > 	Also depends upon just what "reboot" means in this environment... If
> > this is some sort of elapsed time counter, then it is something saved in
> > flash memory and will survive a normal power-cycle operation.
> > 
> > 	"Reboot" in this case may mean erasing and reloading the operational
> > flight program, databases, and other stuff in "permanent" memory.
> 
> Since the Ad is to restart the GCUs more frequently, it doesn't appear to be
> that complicated. It also says that the effect of the overflow is for the S/W to
> go into a special mode,

That's failsafe mode.

> so it's clear the S/W detects the overflow somehow.

Indeed, but the overflow handler was a general one for all overflows
in the software.
A specific one for that particular timer is clearly needed.

I can't imagine why they'd want to shut everything down
when there's clearly an error.  In a plane, you'd want to continue,
if possible, and obviously, this one is continuable.
In fact, it's essential that it continue.

Sounds like a repeat of the Ariadne failure, where they trapped
an interrupt and shut down (placing an error code on the data bus,
which data was then interpreted as a direction (attitude) change.