Originally Posted by
b1lanc
Many years ago while working on a fire-control system, we were evaluating test methodologies between the F-16's Westinghouse, General Dynamics Phalanx fire-control, and Airbus fly-by-wire. The Airbus strategy (as I recall which was about 4 decades back) was to deliver the code to 3 companies in three different countries, none of whom knew of the others existence. AB expected each would find some unique code exceptions by doing so. Not so. Well over 90% were identifed by multiple vendors including all deemed critical bugs save maybe one. The rest were not considered major flight control errors.
Maybe Gums could chime in here, but we had heard rumors (maybe urban legend) that some of the early F-16 deployments in Germany with look-down did on occasion lock on to low flying Mercedes on the Autobahn. As a designer, how many would consider that possibility?
There will ever be a perfect balance between automation and human interaction. Automation is programmed by humans - mistakes will happen on both ends.
As an ex analyst and software developer this situation frightens me.
Even assuming that the designer can clearly articulate and document what he wants the software to do in my experience, very rare), the coder then needs to understand what the designer wants. The coder then has his job spoiled by software tools claiming to produce rigourous code.He then needs to agree a test suite with the designer assuming it was not part of the specification.
The chances of this chain working are nil in practice. Even for simple things like software drivers for printers there are bugs.
The other core problem is that unless the broad design architecture is right from the beginning there is a limit to retrofitting new features before it becomes impossible to understand the interactions.
As a simple daily example, all cars have been fitted with the an OBD (on board diagnostics) system for decades and this allows diagnostics of all bits of the car including things like the heater as well as lights and brakes and all parts of the engine. This has been around for fifty years and I have three different diagnostic tools for three different cars. Each has bugs since the car systems have bugs and by all accounts ALL cars have bugs and this system is not only simple but its base architectural design is clean and the result of all manufacturers working together to set a standard architecture.It needs to be accepted that ALL planes have software bugs and the solution is simple - a LARGE red button that switches off ALL aids instantly and puts the control in the hands of the pilot instantly.
Might need some new training though