Slashdot Mirror
In-Flight Reboot?
steelem writes "The Washington Post is running a story about how the F-22 Raptor's software requires in-flight reboots. Apparently the 2 million line software project is 93% done. Knowing most projects I've been on, it'll stay that way for another few years."
This is an ideal application for LinuxBIOS. The article says an average of 14 minutes per flight were spent rebooting computers. Even 36 seconds per reboot is too much, and would be totally unacceptable if it were say, a navigation computer on a 737 with a hundred civilians on-board.
Nasa has an interesting project called FlightLinux specifically geared for this sort of application. Unfortunately, they have yet to release code (export restrictions), but they supposedly use LinuxBIOS for their system.
Of course, having software that never crashes (no pun intended) would be best, but it never hurts to have a system that can boot up in just a couple seconds anyway.
when the contracting agency can't acocunt for $1 trillion? That's more than the rest of the world spent on their military last year. With that kind of accountability, I'm amazed any project gets over 80% done.
I'm much funnier now that I'm a subscriber.
Jeez, one would think that there would be built in redundancy so that if one system went down, it could be rebooted while the other system automatically takes over. Perhaps this is the way things are working, but the thought of rebooting during ACM makes me really nervous.
Visit Jonesblog and say hello.
Software like this should be able to reboot midflight without a hitch.
Flight control software has been rebootable on the fly since the earliest days of the space program.
If you're the test pilot you really got to hope they finished the code on the ejection seat at least, at 1,200 mph even a few seconds of reboot time is enough to turn you into part of the scenery at the test range.
Am I the only programmer here that has a problem with writing software that powers "the most awesome killing machine"? I apologise to all the yeehaw types but I personally find that distasteful, to say the least.
Question to physicists/biologists/chemists: Would you have a problem creating and refining nuclear/biological/chemical weapons?
(Posted anon. to avoid the right wing moderators killing my account.)
It disturbs me in that it's the sharp end of the system. A military aircraft would be pointedly useless if during its whole developmental process everyone skirted around the objectives of the thing; that is, to blow stuff up over there, while you're sitting here, and come back. that does involve killing people quite often.
What disturbs me too is slashdot reporting. The article wasn't "about" the system needing reboots in flight, that was just one thing mentioned. The article was "about" a piece of military hardware nearing completion. The slashdot front page description and the real article may as well have been about two entirely different subjects for all they share.
The software required to run the Raptor is insanely complicated. The plane itself was ambitious, but the contorl systems are the real innovation. Give these guys a break. The fact that the thing flies at all is amazing. The fact that it does everything it was designed to do is unbelievable. So there are a few bugs to work out. That's how it goes. We're not talking about "normal" programming problems here- this is Real Life stuff.
> Please consider having Slashdot do a quick search, esp in the last 2-3 weeks. Even if this is done at the submittor level, then they could avoid this. I have no doubt that most submittors would prefer to avoid this.
Au contraire, I would guess that every time a story hits Slashdot about 9000 clowns immediately submit it again in hopes of duping the editors into a dupe.
Sheesh, evil *and* a jerk. -- Jade
Haven't read the article (typically of slashdot), but I do remember that the Apollo 11 computer nearly caused the first lunar landing to fail because it kept rebooting in-flight. Due to a configuration error that occurred shortly before flight, the computer repeatedly ran out of memory, but the software was designed so that the computer could reboot without catastrophe.
You can read more here.
Toronto-area transit rider? Rate your ride.
F-22 software is written in ADA, by people with experience in designing these types of systems. It is a different breed of software engineering. There are a ton of issues coordinating all the software and hardware subsystems.
I work on fly-by-wire military aircraft (rotary wing, not fixed wing, but I presume the computer architectures are similar).
There are typically 2 (sets of) computers on board these aircraft.
The "flight control computers" actually fly the airplane. They are very reliable and are triply or quad redundant. They constantly monitor themselves for problems (such as bits changing in the onboard ROM chips). They reboot themselves if needed (which seldom happens). The "operating system" is just another piece of custom code. They are often compartmentalized so that a problem in one area of the computer (hardware or software) will not affect (or will have limited impact) on other more critical components.
The "mission computers" are not designed to the same standard and may have none of the aforementioned features. They try to do complex things like target identification etc. When they fail, they can take out other connected systems, like the radios or displays - but you can still fly the airplane. In one of the machines I worked on, they had to install a button in the cockpit so the test pilots could reboot the mission computer!
I don't know why we as an industry tolerate this situation (OK, I do - to save money). Test pilots are (understandably) very unhappy with the lack of reliability in these systems. As I'm sure most people reading this will realize, its a lot harder to fix a complex bit of code than it is to design in reliability in the first place.
And BTW, it was mentioned above but not everyone read it: it doesn't take 36 seconds to reboot the computer. The article meant that over the course of a 1 - 2 hour flight, 36 seconds were spent rebooting the computer
I'm an advocate for a strong defense, and always have been. And advanced weapons programs always have major bugs. I'm a veteran, and I follow defense issure pretty closely. With that said, now I say kill the F-22 program.
Why? It's a problem program. It's been plagued with an abundance of serious unforseen engineering problems from the very beginning. This is just the latest one made public. Past problems have included repeated instances of various parts of the fuesalage (especially some wing and tailparts) cracking. Cost overruns have become endemic. When the ATF program (Advanced Tactical Fighter) was first launched in the mid-80's to find a successor to the legendary F-15 Eagle, the Air Force set a goal of a flyaway cost of no more than 35 million per copy. The cost is now up 200 million a copy, and before it goes into production, the F-22 might cost a quarter of a billion dollars FOR A SINGLE FIGHTER. No matter how rich a nation is, no Air Force in the world can afford to buy such fighters in effective quantities. Not even other Stealth projects have spiraled this far out of control. The F-117 NightHawk stealth fighter (really more of a small bomber), with a small inefficient production run of 64 aircraft, topped out at 61 million per copy.
Granted, not all of the cost overrun problems are the fault of the Air Force or of Lockheed Martin. Congress keeps screwing around with the production schedule, and reducing the total buy, which drives up the cost per aircraft. But Congress has done so in large part for three main reasons:
1- They ask "Do we really need this, or can upgraded F-15's do the job?" This is a valid question as no other nation, friend or foe, has an aircraft that equals the Eagle, save for Russia's SU-27 series of fighters. These have been produced in such small quantities that Congress still debates the need for an Eagle replacement.
2- The number and seriousness of technical problems has made Congress reluctant to commit to the project fully. This crosses party lines, as in the past few years, several powerful Republicans have tried to kill the program on the grounds that the Raptor is a lemon. Democrats seeking money for non-defense programs have joined them.
3- There are serious doubts emerging that the Raptor's massive complexity can ever truly be managed in an efficient manner. There are concerns that, even if the aircraft becomes operational and initial bugs are worked out, the aircraft will be unreliable, becoming what the Air Force calls a "Hangar Queen"; it looks pretty on the floor, but if it can't go up in the air regularly, how good is it? The Air Force has had aircraft before that they REALLY wanted, but turned out to be so expensive and maintenance intensive that they had to be retired early. And excellent example is the B-58 Hustler supersonic bomber, which had impressive performance...when it wasn't broken down. It was retired after only 10 years of frontline service.
Life is hard, and the world is cruel
While yes, ideally, we'd like software that you don't have to reboot, it's more important for software overall to be reliable than for it to be perfect (which is an impossible goal to achieve anyway, in the past, personal recollections to the contrary, and even more so now).
One of the interesting ideas I've heard has focused on making recovery from errors an integral part of the software design at every level. To an extent, safety-critical systems already use a number of techniques to recover from errors, rather on relying on perfection on the part of the human programmers (which is a pretty silly bet to make).
Just think about how you go through your own life. The human "operating system" isn't 100% perfectly reliable, but it's very robust at recovering from errors. Instead of striving for an impossible goal like perfection, systems are being designed to be less brittle. This approach is both more pragmatic and more robust, oddly enough.
By the time this thing ever gets into the air the only probable foes that it will ever face will be either SU-27 derivates or Mig-29 derivates, both of which cost far less than the F-22.
In pure features the Su-27 is an amazing plane. Anyone who has ever seen the Su-27 do the cobra manouver or the thrust vectored Su-30MKI or Su-35 do the 360 degree Kulbit manouver can attest to what these planes can do in close air combat. These are extreme manouvers that western planes cannot do for the simple reason that the engines in western planes receive no air at such high angles of attack and therefore often flame-out or stall. Not only this but the newer radars on the Su-30s and missiles are longer ranging than just about anything the west has with the exception of the F-14's AIM-54 Phoenix. As for stealth, newer Su-30's are coated with radar absorbant paint which reduce the advantages that a dedicated stealth fighter such as the F-22 would have in BVR combat.
In the hands of a good pilot I very much doubt that the Su-30 would automatically lose in combat. That however is the crux of the matter: Pilot training.
This has always been something that has been much better in the west with advanced simulators, top gun style combat training and long hours of aircraft experience. It is and has been a fallacy to believe that more modern high tech will always win the battle. It is almost always the quality of the pilots that decided the battle.
There is a good example of an air combat situation atht happened in the first gulf war. The only western plane to be shot down in air combat was an F-18 on an attack mission that was intercepted by an obviously experienced Iraqi Mig-25 pilot. The Mig-25 was already obsolete then in terms of technology but the sheer speed of the plane (Mach 2.8+) is unmatched by any other fighter. The Mig-25 went on after shooting down the F-18 to buzz an EF-111 raven that was providing ECM for the mission causing the raven to have to manouver to avoid the incoming missiles and drop back from the attack mission which was then unprotected by ECM and subsequently another F-18 was shot down by a SAM. No less than two F-15's and two F-16's all attempted to intercept the Mig-25, two of them firing missiles, but the Mig-25 used it's tremendous speed advantage to easily avoid the interceptors and reach its base.
This shows what a good plane , not necesserally the utterly most modern, can do in the hands of a good pilot. IMO the F-22 is an overexpensive white elephant.
This was 1980.
It got fixed.
-dB
"It if was easy to do, we'd find someone cheaper than you to do it."
I used to work on avionics software and one of the biggest beefs of our main liason to the regulatory agencies was that there is currently no approved standard for generating system requirements. As a result there is no agreed-upon method for dealing with this single point of failure. In contrast, there is a well-defined and approved standard for software development: DO-178B.
This individual claimed that most of the mishaps she was aware of that were attributed to software were in fact due to faulty system requirements, and I have no reason to doubt her. Unfortunately I don't remember any specific cases that she cited.
>Besides, I'd love to see three sets of hardware (all totally different) run the *same* software. Without any modification.
If you insist...
Slackware for iBook
Slackware for Sparc
Slackware for PC