Submission + - Reboot Your Dreamliner Every 248 Days To Avoid Integer Overflow (i-programmer.info)
mikejuk writes: You may be used to rebooting a server every so often to ensure that it doesn't crash because of some resource problem, but what about a modern jet airliner like the Boeing 787?
A recent directive (https://www.federalregister.gov/articles/2015/05/01/2015-10066/airworthiness-directives-the-boeing-company-airplanes) from the US Federal Aviation Administration reminds us that software in planes is about as trustworth as on the desktop.
To quote:
"This condition is caused by a software counter internal to the GCUs (Generator Control Units) that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane."
A simple guess suggests the the problem is a signed 32-bit overflow as 2^31 is the number of seconds in 248 days multiplied by 100, i.e. a 32 bit signed counter in hundredths of of a second.
Until there is a patch for the problem all Dreamliners have to be rebooted before the 248 day period is up. Apparently if the worse does happen and the GCUs overflow and switch off the power then the plane should have enough backup power from a lithium-ion battery for about 6 seconds while a ram air turbine deploys for emergency power generation. So, with luck, this isn't a bug that could cause planes to fall out of the sky.
It is estimated that the Airbus A380, comparable in complexity to the Dreamliner, has more than 100 million lines of code.
A recent directive (https://www.federalregister.gov/articles/2015/05/01/2015-10066/airworthiness-directives-the-boeing-company-airplanes) from the US Federal Aviation Administration reminds us that software in planes is about as trustworth as on the desktop.
To quote:
"This condition is caused by a software counter internal to the GCUs (Generator Control Units) that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane."
A simple guess suggests the the problem is a signed 32-bit overflow as 2^31 is the number of seconds in 248 days multiplied by 100, i.e. a 32 bit signed counter in hundredths of of a second.
Until there is a patch for the problem all Dreamliners have to be rebooted before the 248 day period is up. Apparently if the worse does happen and the GCUs overflow and switch off the power then the plane should have enough backup power from a lithium-ion battery for about 6 seconds while a ram air turbine deploys for emergency power generation. So, with luck, this isn't a bug that could cause planes to fall out of the sky.
It is estimated that the Airbus A380, comparable in complexity to the Dreamliner, has more than 100 million lines of code.