Originally Posted by
fergusd
No competent implementor of high safety software (or hardware) does not use hardware AND software protection against memory corruption (where hardware protection is available - sometimes it is not depending on your hardware limitations), unless the hardware and software on this aircraft are being audited against grandfathered safety standards from the 1960's then the failure you describe must be a failure which would be deemed unacceptable . . .
Bit level corruption in any part of memory would be detected and the corrupt data not acted upon, the action taken when the corruption is detected being defined by the system requirements and the safety rating (largely), e.g. is the system fail safe, fail functional for example. There are many well understood mechanisms which are used to perform this function to varying levels of integrity (because not all safety cases require the most computationally and physically expensive solution).
---snip------
Lastly, the means by which complex software fails are often very, very subtle and complex, and with the greatest respect way, way, way beyond anything the masses on here are even vaguely capable of even conceptualising from what I can see.
70% of the people here seem to be engineers watching in bemusement, at how the FAA pretends to check designs which are pretend-safe, and journalists who have seen it all and expect worse to come, knowing as you say that money is more important than people.
For me, who have been both, the interesting part in this has been realising that the pilots have been conditioned to ignore the faults of their systems, which as you state they mostly don't comprehend intuitively, just as most engineers cannot fly a plane.
The interesting part of AF447 was watching the industry realize that perfectly ordinary first world pilots cannot competently hand-fly a plane, and then as an industry do ... nothing. I expect that after the MCAS fix, the US airframe industry aka. Boeing will similarly revert to business as usual.
Edmund