PPRuNe Forums - View Single Post - MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures
Old 5th Sep 2019, 19:58
  #2195 (permalink)  
ST Dog
Join Date: Aug 2019
Location: Rocket City
Posts: 6
Originally Posted by Water pilot View Post
Anything that reads external data has to be able to anticipate bad input and do something appropriate in response. Just pretending that bad input is impossible or that somebody else will respond to it for you is not good design.
Unless you get the input from a validated source (or was claimed to be such).

Seen a lot where there's an input app (partitioned code) that's supposed to do all the validation (range checking, not jabbering, etc) and pass that on to other apps in the partition or other partitions. In this case, the AoA value was available in the code, same one used for other apps, like speed trim. It was presumed good, checked, validated, etc.

Turns out that wasn't entirely true.

I've had just that discussion before. I said everything that uses a value should check that value. They said it was already checked earlier in the system, in a higher DAL partition. I lost that argument.
ST Dog is offline