Re: Hey software, get the fuck out of the way!
Yes, quite.
I mean, I haven't worked in safety critical systems design, just kernel software and real-time systems in general, but one of the first questions during say a design review for a safety critical system might be "what if the inputs are total rubbish".
I mean we go to such extreme lengths for web forms.
If a subsystem has the capability to override the pilot and cause death (i.e. nosedive the plane, which seems to be the primary purpose of the sytem, in effect) then surely it has to be n-modular redundant and voting and all that high brow aerospace/aviation gubbins?
No?
So reawakening some of my degree from a long lost part of my brain it seems like the IEC 61508 standard has an automotive flavour "ISO_26262" (which I am using here to prove that there is at least a pretty obvious step at which this should have been identified as an issue). Clearly the aviation standards will be more exacting (right?).
https://en.wikipedia.org/wiki/ISO_26262#Parts_3-7:_Safety_Life_Cycle
Bullet point number two (after "identify the item and its requirements"):
"A comprehensive set of hazardous events are identified for the item."
Is "bogus input from a single sensor with no validation" not a "hazardous event" given that the direct consequence is nosediving?
Hindisight etc. Icon for sarcasm.