Slashdot Mirror
In-Flight Reboot?
steelem writes "The Washington Post is running a story about how the F-22 Raptor's software requires in-flight reboots. Apparently the 2 million line software project is 93% done. Knowing most projects I've been on, it'll stay that way for another few years."
I've said it a hundred times and I will say it again. Software is getting way to complex for human management in developing bug-free code.
Life is not for the lazy.
Even 36 seconds per reboot is too much, and would be totally unacceptable if it were say, a navigation computer on a 737 with a hundred civilians on-board.
What makes you think that it takes 36 seconds to reboot their systems? That's an average time spent per flight -- we don't know how many times the systems are crashing per flight.
Also note that this covers all their computer systems, not just the actual flight control. Some systems are obviously more important than others; it probably doesn't matter if the target identification system fails for a few seconds.
Tarsnap: Online backups for the truly paranoid
The article doesn't say that it takes 36 seconds to reboot the computers. It says 36 seconds per flight are spent rebooting the avionics. It doesn't say how long the reboots take. The total reboot time per flight could have been reduced by quicker reboots or less reboots or both.
By reboot, I'm thinking they mean from "press button" until "I can use again."
That means running the program and getting all necessary information from the hardware so that pilots can make decisions from it.
The BIOS is insignificant in this case.
"Some systems are obviously more important than others; it probably doesn't matter if the target identification system fails for a few seconds." Unless you're on the wrong end of the target id system. We have enough 'friendly fire'(although who cares how 'friendly' it is when you're dead?) problems already. I don't care what OS it's using, it needs to be fixed.
for flight systems to reboot 'on the fly' but I consider that unacceptable for mission critical systems.
It's the mentality that feels that 'good enough' is good enough that brings us this type of warm and comfy software.
Good enough isn't. Stable code can be written. It merely takes talented engineers, design time to conceptualize and architech the product up front before coding it and giving QA what they need to test and committment to FIXING the issues that QA identifies. It's not the cheapest or fastest way to deliver a product, but if I want cheap and fast I'll go to Taco Bell, not a jet fighter.
Given how expensive these planes are, does it make sense to go cheap on the software and risk crashing not only the software but the multi million/billion dollar plane too?
Please consider having Slashdot do a quick search, esp in the last 2-3 weeks. Even if this is done at the submittor level, then they could avoid this. I have no doubt that most submittors would prefer to avoid this. /., but more indicative of the problem that stories keep getting retold on the same news. Sad really.
Likewise, when viewing for submission, check the same search, so that you can see what the use saw
BTW, this is not really a problem with just
I prefer the "u" in honour as it seems to be missing these days.
What's funny is I always thought the guys writing this sort of software were uber-coders, and never had this sort of problem. Throw those few extra hundred million dollars at the coding effort, and I just thought this sort of problem went away. It's worrying though - isn't code which ever needed to be rebooted fundamentally flawed? Can you ever really fix that sort of code, or are we just waiting for the day whenever another edge test case comes along mid-flight, and an F-22 falls out of the sky? Even one of this sort of error seems like impending doom to me.
Second, I have seen this coming for about 10 years now. In the 70s and 80s I worked with digital control systems. Not avionics, but similar. In those days the systems were expected to work right, every time, for years at a time. 2 years between system restarts was considered "acceptable". If a system did fail, the manufacturer was expected to get its collective butt out to the site, figure out why, and issue a (solid!) fix pronto.
In the last 5 years, I have repeatedly been on brand-new airplanes at the gate when the pilot comes on and says "we are having a little problem with the system - don't be alarmed if the lights go off" followed by what is clearly a "reboot" of the airplane! When the fsk did it become acceptable to fix problems in avionics by rebooting the airplane?
And if the system designers really think the Microsoft Rebooting Disease is an acceptable way to handle system faults, how long before one of those faults occurs in the air?
I guess I am just old and crusty, expecting life-critical systems to work to spec 100.0% of the time.
sPh
The article reads like something from The Onion, not The Washington Post!
Lines like "$200-million-per-copy stealth fighter", "the F/A-22 is the absolute most-awesome killing machine I have ever, ever flown", "any other free world fighter", "14 minutes per flight rebooting mission critical computer systems", "the 'let's go kill people' software", and "kill somebody and stay alive and execute your mission" were cracking me up.
Are you sure this article isn't really from The Onion? They have some pretty imaginative writers.
Reading Slashdot is ruining my spelling and grammar.
IMNSHO, it's basically common knowledge that these things CAN NOT be flown without computers regulating all the doohickeys. We're not talking about Cessnas (sorry if I spelled that wrong), we're talking about extremely complex jets flying at high speeds.
Granted, some things (ejector seats, cupholders, maybe even bomb-dropping aparatus) don't need computer control, but all those wing flaps and engines, etc. do, at least in a vehicle this complex.
Ron Paul 2012
That's a training issue. Pilots need to learn that "cannot identify target" means *wait*, not *shoot now*.
Tarsnap: Online backups for the truly paranoid
But has the pilot of that unidentified target, who might be foe, learned that he's not supposed to shoot the guy 'cause his system is rebooting?
There ain't no rules here; we're trying to accomplish something.
I've just re-re-read the article, and I can't find any mention that the software on board was Windows based.
Yes, you're all very droll, but the Microsoft bashing seems a little knee-jerk. It's insanely complicated to write software like this (as a few other posters have said, and I'm posting only because I have no mod points for them).
I doubt these errors are OS-based at all. Real-time systems like this are built on top of extremely well-tested embedded OSes. They reboot because they're writing pretty close to the bare metal, and mistakes are punished hard. Best practices are applied (interminable code reviews, fascist levels of regression testing, ungodly coding style standards), but not always followed, and even best practices don't always work.
I'd like to see a gradual shift to languages which enforce best practices (i.e. not C and assembly). Meantime, these pilots are pretty damn brave. But it's probably not Microsoft's fault, this time.
Go build me a pyramid. Without any modern machines. In the middle of the desert.
With ten thousand workers to help, a government that doesn't give a crap about death tolls or reasonable working conditions, and enough funding to bankrupt an empire, I'm sure I could manage.
The pyramids were gigantic, backbreaking undertakings, but I maintain my stance that software is the most complicated endeavor undertaken by mankind.
ZFS: because love is never having to say fsck
There is a world of diffeence between a civilian plane which only has to fly from point A to B and the F/A-22. The F/A-22 is the most advance fighter jet in the world and can literally do things that no other plane can do. There is no way they can develope three separate software suits for a system this complex. But trust me, there is plenty of redundancy built in. Besides, the F/A-22 hasn't finished testing yet, it is not a finished product and so of course still contains bugs.
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
not only that, but his error message is an example of Windows working correctly- it detects a piece of userland software doing something bad, so it shuts it down so it doesnt take down the whole system. I don't know why he thought that was a big Microsoft slam.
outmaneuver any other fighter that it will face as a threat, and any other free world fighter that will be built for years to come
Translation: It is not the most maneuverable fighter on our side, and the enemy may build something more maneuverable soon, if they haven't already.
A mechanical device that can manage and acquire targets? Run the Nav system? Run Communications? I'd like to see that.
Support the First Amendment. Read at -1
Oh, sure. If you're wandering around outside of an armored vehicle, it's easier to get shot than if you were in one. On the other hand, what would you find more imposing: an anonymous chunk of steel driving around, or a bunch of mean-looking guys who are really tall, really big, and wave around rifles like they wouldn't even think twice about blowing your head off if you got in their way?
Not to mention sitting inside that armored vehicle makes you a big, obvious target, while infantry can be much more flexible, dispersed, and generally aware of their surroundings. Maybe it'd help if the army had miniature radar trucks or something that drove around with each convoy.
Anyway, most of the soldiers killed so far have been riding around in armored vehicles, so the facts on the ground contradict what would seem to be "common sense" to you.
The vast majority of downed pilots, 80+% ?, never saw the attack coming. They were taken by surprise. The most successful aces avoided dogfights, they would try to surprise someone, if not they would disengage and look for someone else. Your account sounds like some romanticised story or an aberration that occurred in the earliest days of the war. WW1 pilots looked at battle the same way pilots do today. Give the other guy a chance and you may die, your wife a widow, your children fatherless.
Rather than the monolithic system which we all secretly love (which allegedly produces Blue Screens of Death when things go squiffy, although my own XP Home system has been thundering on with nary a problem for quite a while now), you build systems which can tolerate components restarting themselves. I don't care if you're RMS writing the purest code with GNU/Ada for the EFF Air Force, you're not going to write something that will never fail. Better to design and build an overall system which can tolerate minor interruptions, especially if you are going to be flying into a war zone.
In any case (I worked on some of the stuff on the fringes of the F22 program a long long time ago), there are a bunch of computers in the air vehicle; it's an airborne network. Saying "oh my god, I can't believe the plane is rebooting" is dissingenuous.(aside from the many Windows jokes). It's akin to "I had to power-cycle the printer twice today -- I can't believe the network stayed up for the 35 seconds it took the Lexmark to come back to life!".
Rebooting a subsystem computer works quite well in robotics too, which further leads into the concept of many small robots rather than one large beast screaming "Danger Will Robinson".
Cthulhu Barata Nikto
Yeah, 36 seconds a flight. Considering that most of the programming and everything is probably kept in solid state memory, a reboot maybe takes a second or two at most.
The language used for all of this is ADA, which is one devious language to program in. Everything requires exception handling, and every exception needs to be handled. The 2 million lines of code is surprising, not because it seems like a lot, but because it seems like so little.
I'm quite sure that every computerized portion of the aircraft has at least one redundant system too. The aircraft has already been through it's "X" stage. It's been officially given a fighter designation, and they do have a flight of them somewhere. The military isn't going to stick pilots in a rickety plane. If the craft didn't have redundant systems, and the flight suit went out for a couple seconds during a 9 G turn, the pilot would be out. Soon after, the plane would be gone.
The fact that they are still working on the stability is a cool thing. If I were piloting, I'd want my main system to be rock solid and never crash, but I'd also want all of my redundant systems to be rock solid and never class.
You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.
I don't think the military has less stringent requirements, although I honestly don't know. The article did mention this is an experimental plane still in development. Once the bugs are worked out the US may buy hundreds of them at $200,000,000 each.
Hopefully they will cut back on a few of those airplanes and put some money into our school systems. 5 planes = 1 Billion dollars! And one of the current stealth fighters lost it's tail after air show.
I guess it's tought to keep to a budget when you can print more money.
It's called concurrent engineering. Obviously, the flight control systems are working within a level of tolerance to test the mechanical systems. Targeting and sensor systems are useless if there isn't a functioning platform. If they sat around waiting for the complete software package to be completed before testing the F-22's basic flight capability, they would be way behind their current state. Keep in mind that this is still in test, not production.
There are two types of people: those prepared for the zombie apocalypse and those who will be eaten.
Osprey? Harrier? And how many others?
-cp- (My .sig is rebooting)
The article stated that the reboots were for subsystems, not the fly-by-wire systems or the navigational system. The main problems have been in the sensor-weapon integration. This is one reason why the plane is not yet in full-scale production.
Cole's Axiom: The sum of the intelligence on the planet is a constant. The population is growing.
This is similar to the legend about gunfighters in the old west (usa) giving each other an even break.
At all times and places in history winners attack with duplicity deception underhandedness guile lies speed and overwhelming force.
Only losers buy into the lie about fair play in war. The winners always break any rule that suits them, bewails enemy tricks, and tells everyone how upright they are about the rules they do follow because it suits them.
Then the winners write the history books which read over and over how good guys beat bad guys. If the other side had won the history books would still be all about the good guys winning (jews.. indians..indians..jews..When genocide is complete enough there are too few to complain to make a difference).
And one more thing. Look in the mirror. Every living human is the result of successful parents, cultures, and societies that used the above tactics. No one has an ancestory free of this stuff; no nation ever became a nation without denying land to somebody else (even tiny mid Pacific islands have their old population versus new arrivals (e.g. immigrants from India) racial problems).
Furthermore.. oh god its 3am what the hell am i doing.. gotta go