Formula 1 Fanatics
Would you like to react to this message? Create an account in a few clicks or log in to continue.


F1 Chat and other stuff for nice people
 
HomeHome  Latest imagesLatest images  RegisterRegister  Log in  Ctrl Alt Delete the Dreamliner or it goes into failsafe Empty  

Formula 1 Fanatics :: Aviation general
 

 Ctrl Alt Delete the Dreamliner or it goes into failsafe

Go down 
AuthorMessage
johnston

johnston


Age : 45
Location : Norn Ireland

Ctrl Alt Delete the Dreamliner or it goes into failsafe Empty
PostSubject: Ctrl Alt Delete the Dreamliner or it goes into failsafe   Ctrl Alt Delete the Dreamliner or it goes into failsafe Icon_minitimeWed Sep 05, 2018 4:26 am
https://www.i-programmer.info/news/149-security/8548-reboot-your-dreamliner-every-248-days-to-avoid-integer-overflow.html

Reboot Your Dreamliner Every 248 Days To Avoid Integer Overflow
Written by Mike James
Saturday, 02 May 2015
You may be used to rebooting a server every so often to ensure that it doesn't crash because of some resource problem, but what about a modern jet airliner like the Boeing 787?






The inevitable creep of software into engineering brings with it the problem of bugs. Embedded computer system engineers have a long history of trying to find ways of making software provably correct. Languages used for process control tend to be single-tasking as do their operating systems, and there are usually lots of hardware checks to make sure that nothing serious could go wrong.

This makes a recent directive from the US Federal Aviation Administration all the more shocking.

Basically it says that all Boeing 787 Dreamliners have to be switched off every 248 days. If they are not reset then the generator control units GCUs will go into failsafe mode and the plane will lose all electrical power.

Why exactly?

To quote the FAA directive:

This condition is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane.

A simple guess suggests the the problem is a signed 32-bit overflow as 231 is the number of seconds in 248 days multiplied by 100, i.e. a counter in hundredths of of a second.

odometer

So, the problem is a simple classical overflow. You would think that this is something that could have been spotted by formal methods, but think for a moment how are you going to implement this sort of counter?

Your options are to increase the number of bits used, which puts off the overflow, or you could work with infinite precision arithmetic, which would slowly use up the available memory and finally bring the system down.

Perhaps the new overflow detection system from MIT, see MIT Finds Overflow Bugs, would have pointed it out and then the programmers could have implemented a test and a safe clock reset routine which is the best that could be hoped for.

Until there is a patch for the problem all Dreamliners have to be rebooted before the 248 day period is up. Apparently if the worse does happen and the GCUs overflow and switch off the power then the plane should have enough backup power from a lithium-ion battery for about 6 seconds while a ram air turbine deploys for emergency power generation. So, with luck, this isn't a bug that could cause planes to fall out of the sky.

One interesting fact is that the FAA claim that it will take about one hour to reboot the GCUs - so there clearly isn't a reset button.






It is estimated that the Airbus A380, comparable in complexity to the Dreamliner, has more than 100 million lines of code.

Back to top Go down
 
Ctrl Alt Delete the Dreamliner or it goes into failsafe
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Formula 1 Fanatics :: Aviation general-
Jump to: