How can we design and build software that also affects life and death to be perfect?
ByLwp Kommunikáció
In modern times where many devices are controlled by computers, the safety of the machine itself is of course important, as well as the safety of the program that controls it. Among them, very high accuracy is required at the site of the control software of the space rocket which gathers the skill of technology and the passenger aircraft in which a lot of computer control is adopted, but the method and thought adopted there It is summarized.
How Is Critical 'Life or Death' Software Tested? | Motherboard
http://motherboard.vice.com/en_uk/read/how-is-critical-life-or-death-software-tested
Passenger aircraft flying in the sky with many passengers, now many of them "Fly-by-wireComputer controlled flight control system called FBW is adopted. In the aircraft before the FBW appeared, the operation of the control lever and throttle gripped by the pilot was physically transmitted to the wing and engine by a device called "linkage", but in the aircraft equipped with the FBW, the operation of the pilot Is input to the computer as an electric signal, and it is a mechanism that tells each part as an electric signal an instruction judged to be optimum according to the situation.
ByJan Ottenbourg
When you hear "Computer makes the best judgment", I feel something encouraging, but it is based on the premise that "the computer program is operating normally" to the last. Once an unexpected error has occurred and a normal judgment is not made and a situation arises that the pilot's operation will not be accepted at all, the situation has turned, the situation has to be said that there is nothing so horrible as this I will excuse you.
In order to alleviate such risks, modern passenger aircraft perform "redundancy" which has multiple control systems as backups without relying on one maneuvering system, and even if an error occurs in the main system instantly Switching to another systemFault tolerant systemHas been incorporated. As described above, even if a problem occurs in a part of the system, a designing method for ensuring safety by supplementing this problemFail-safeIt is an important way of thinking to prevent accidents.
ByEthelRedThePetrolHead
Nevertheless, it is needless to say that the most important thing is to build a system that basically does not cause errors. There is a procedure to "finalize" reliability by doing "debugging" work to check whether any program always runs according to specifications, not only for passenger aircraft, but there are various ideas and styles here It is.
Professor Jean Spafford of Purdue University, USA is a major aircraft maker based on a certain fictional subjectBoeingWhenAirbusThe following blog introduces the difference in thinking about program verification of
CERIAS - Center for Education and Research in Information Assurance and Security
In the late 1980s, just in the airline industry when Airbus was preparing to debut A340 aircraft, an episode was famous among software-related and safety-related engineers. The episode was about two big aircraft makers, Boeing and Airbus, about how the FBW test method was different.
According to it, at Airbus, in order to verify the system installed in the aircraft, we adopted the latest and very excellent method, model verification and formal proof of the program was carried out.
In one Boeing, we conducted a massive design review and testing, and finally all the programmers were on board the first flight of the aircraft.
Listening to this episode, it seems that many people seem to feel a lot of peace of mind on some Boeing passenger planes.
Although the above episode is strictly handed down in the city legend, it is unknown whether such a method was actually done, but it seems to be said that it represents a good difference between the two companies' thinking about computer systems . Once the airplane flying up in the sky can not perform repair work and so on, the way of entering the development of the aircraft that deposits his or her own life will also change naturally, but is it true that the method is correct Whether the method with less risk such as Airbus is superior in efficiency and safety, the answer may be said to be each one.
In 2011, the online Q & amp; A site "Stack Exchange"threadSo, discussions about such testing methods are being exchanged, and Google's SE programmerWoori DecelMr. Mr. pointed out, "The method like Boeing here is already outdated."
Testing - How is software used in critical life - or - death systems tested? - Programmers Stack Exchange
In the field of program, the flow from random functional testing to formal verification as seen in the example of Boeing is absolute. According to Mr. Decel, government agencies such as NASA and the defense industry are focused on the development of such technologies, which is certainly a painful problem for general programmers, It seems to be confirmed that it is efficient in verifying a serious system like a rocket.
Software library that provides home automation related software in open source "FluentDwelling"Scott Whitlock who manages" talks more concrete methods.
For "home automation" that automatically controls home keys and lighting, the important thing is the safety of the system. Although a fail-safe mechanism that works without problems even if a problem occurs is incorporated, for example, when constructing a system with dual redundancy, each system is made to a separate contractor He said that they will separately program designs while isolating both companies. The same instructions are given to each system at the same time at the same time, and if the same operation is not done, that system will be said to be "failure".
As space development, which will involve a lot of budget, which will also affect the pilot's lives, the required level rises at a stretch. According to Charles Fishman of Fast Company, NASA 's rocket system is said to be "absolutely not crashing" level.
They Write the Right Stuff | Fast Company | Business + Innovation
According to Mr. Fishman, the stability of the program is exactly a difference. "There is no need for rebooting due to errors, no bugs exist, it is the most complete system that human beings have ever built.In recent 3 version programs, errors found in 420,000 lines of programs are One place at a time.In the latest 11 version the number has increased to 17. On the other hand, with the same scale program developed for general use, 5000 errors will be present " , I will tell you how there is a clear level difference.
So why is NASA capable of developing such a system? Mr. Fishman explains this because it is necessary to do so. Because the budget of billions of dollars is wasted due to only one letter mistake in the 420,000-line program, which means that the lives of the crew and the ground staff are also put in danger, It seems that reason is that it is always required.
BySteve Jurvetson
Also, it is also because it is why it is not a programmer's responsibility to build a perfect program. "Creativity" was eliminated at the site of the program, all the staff members got out at 9 o'clock and left the office at 5 o'clock. There is no need for the existence of "superhuman programmer" which can do anything, and it is said that it is a big reason that a mechanism for raising the quality of the program by "process" rather than "manpower" is being built.
As mentioned above, programs created on such a mechanism are said to be free from error as much as possible. Even when an error is found, it seems that thought that it is not a failure of individuals, it is in a way that caused such failure, and the idea that it is improved will spread.
Preliminary preparation and preparation of the environment are important as it is said that "setup" is important for doing a good job. It is true that it is not always possible to say the same thing in all situations, but by doing things like NASA thoroughly, it may be possible to create a mechanism to build highly accurate deliverables.
Related Posts:
