[SystemSafety] Overflow triggering AC power cut-off in Boeing 787

From: David MENTRÉ < >
Date: Sun, 03 May 2015 18:44:04 +0200


Hello,

Le 2015-05-03 10:41, Mike Ellims a écrit :
> “History teaches us that people have never learned anything from history.”
>
> Hegel
>
> http://rgl.faa.gov/Regulatory_and_Guidance_Library/rgad.nsf/0/584c7ee3b270fa3086257e38004d0f3e/$FILE/2015-09-07.pdf

For those that don't want to read the FAA advisory, a signer integer overflow can trigger a cut-off of all AC power in Boeing 787 planes after 248 days (~8 months). It never occurred on real planes but in simulation.

Other source:
http://betterembsw.blogspot.fr/2015/05/counter-rollover-bites-boeing-787.html

This would not happen if absence of overflow was automatically checked (by using tools like Frama-C, Astrée or Polyspace). Or more probably this overflow was identified but judged as "could never happen". Would a reader of this list have some insight about what really happened?

Best regards,
david



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Sun May 03 2015 - 18:44:17 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 17:17:07 CEST