ZH875:
The FADEC software had not been proved to be safe.
The FADEC software has not been proved to be unsafe.
The code was in a position where the relevant checks could not be done, because it just wasn't written very well.
I'm sorry but that is a crock, (though I'm guessing that it's not your fault that you don't know that).
Code is tested, retested ad infinitum and released. After release, it is tested in the real world. That's where the things programmers can't see, test for, think of come to light. Then amendments, (updates), are made to the original code and disseminated. Until that process has occurred through numerous cycles it cannot be considered "safe". The code they work on is called the "source code". Until the code as been through hundreds of cycles it cannot be considered "mature". Windows 2000 is mature... Windows XP is probably mature now. They've been used by millions of people and had hundreds if not thousands of updates... One wonders how many times the FADEC software was reassessed let alone updated.
I wrote my first code in 1981, (actually, in school in 1974 - but we won't count that). I subsequently taught myself Assembly Language in 1982 which is, to all intents and purposes, talking the computer's natural tongue. After leaving the RAF in 1988 I have worked continuously in the field and have learned and programmed in several languages ever since and for the last 15 years have supervised a number of programmers. I last wrote code just this morning so I can claim some "expertise" in the field.
I have read several times in this thread that the FADEC code is "un-auditable". There are just two reasons why the code could be in such a state:-
- The company/contractor who wrote the initial code doesn't have/will not release the source code.
- Someone else won't let the original company/contractor release the source code.
- Someone doesn't want the source code decompiled so they are telling everyone it can't be done.
The sharper amongst us will note that I said there are two reasons yet gave three. The first one is, as a professional in the field, preposterous. You can't write code of this magnitude and complexity without keeping the source code. If you finish the job, compile the code and throw the source away you can't make improvements easily... That doesn't make economic sense for the coder(s) so it didn't happen. Even if it did happen we are talking about governments, they can demand and they will receive.
For those that think that code can be compiled, loaded to a chip and the source thrown away so the compiled code can't be decompiled... I can assure you that you are wrong. It can and will be "dragged" off the chip. Once off the chip, it's mine...
Options two and three are the more likely scenarios. Take your pick... Either way, someone in the MoD knows this, accepts this and will probably retire more comfortably for not having "blown the whistle".*
* Far be it from me to suggest that they might have been promoted for such an omission - but that's just me speculating away....
The code is there for everyone to see
if there is the will to see it. The people saying it is unauditable are stupid or liars. If they don't like that statement then they can PM me for my name and address and they can go ahead and sue me. I look forward to their arguments in court.