|
|
|
|
|
|
by bsder
3121 days ago
|
|
|
> A few years ago, AdaCore's Robert Dewar observed that nobody has ever been killed by a flaw in Avonics software. While that may be technically correct, I would consider the crash of Air France Flight 447 to be partially an avionics software failure. Responding to an inconsistent airspeed measurement by disconnecting the autopilot and then dropping into a weird, modal operating state (alternate law) and throwing control over to the very surprised humans counts as a software failure in my book. Having a stall warning that tells you to do the wrong thing is a software failure in my book (the stall warning turned off when inputs were invalid, but then turned back on when the pilots actually made the correct maneuvers because the inputs weren't invalid anymore). While ultimately the failure for that flight was human error, a smart reaction by the software at any point would have prevented that tragedy. The biggest "smart reaction" would have been to flag the invalid airspeed to humans but don't change anything. Whoever thought that dropping a suddenly dynamic system into the hands of surprised humans was a useful action should be shot. In reality, nobody thought it. Each individual subsystem had their own failure procedures, and nobody ever tested what happened when they interacted. |
|
|
You could write that software in rust to do exactly the same thing.