Forgot your password?
typodupeerror
Programming IT Technology

In-Flight Reboot? 594

Posted by michael
from the no-problems-until-you-have-to-fsck dept.
steelem writes "The Washington Post is running a story about how the F-22 Raptor's software requires in-flight reboots. Apparently the 2 million line software project is 93% done. Knowing most projects I've been on, it'll stay that way for another few years."
This discussion has been archived. No new comments can be posted.

In-Flight Reboot?

Comments Filter:
  • by JonyEpsilon (662675) on Friday August 01, 2003 @07:42PM (#6592862) Homepage
    This is the 'let's go kill people' software.
    Is it just me, or does this kind of talk disturb anyone ?
  • Beyond grasp (Score:5, Insightful)

    by DigiShaman (671371) on Friday August 01, 2003 @07:42PM (#6592865) Homepage
    I've said it a hundred times and I will say it again. Software is getting way to complex for human management in developing bug-free code.
  • by cperciva (102828) on Friday August 01, 2003 @07:43PM (#6592873) Homepage
    Even 36 seconds per reboot is too much, and would be totally unacceptable if it were say, a navigation computer on a 737 with a hundred civilians on-board.

    What makes you think that it takes 36 seconds to reboot their systems? That's an average time spent per flight -- we don't know how many times the systems are crashing per flight.

    Also note that this covers all their computer systems, not just the actual flight control. Some systems are obviously more important than others; it probably doesn't matter if the target identification system fails for a few seconds.
  • by marauder404 (553310) <marauder404&yahoo,com> on Friday August 01, 2003 @07:44PM (#6592877)
    The article doesn't say that it takes 36 seconds to reboot the computers. It says 36 seconds per flight are spent rebooting the avionics. It doesn't say how long the reboots take. The total reboot time per flight could have been reduced by quicker reboots or less reboots or both.
  • by Eneff (96967) on Friday August 01, 2003 @07:46PM (#6592890)
    By reboot, I'm thinking they mean from "press button" until "I can use again."

    That means running the program and getting all necessary information from the hardware so that pilots can make decisions from it.

    The BIOS is insignificant in this case.
  • by Anonymous Coward on Friday August 01, 2003 @07:48PM (#6592904)

    So, what kind of talk do you expect? The kind of talk that says "let's go sing happy Barney songs around the campfire with people who have been born and bred to hate us with every fibre in their being"? Get real. In my army, I want my solders to go out and kill the fucking enemy. And don't come home until he's dead.


  • by pfleming (683342) on Friday August 01, 2003 @07:49PM (#6592905) Homepage Journal
    "Some systems are obviously more important than others; it probably doesn't matter if the target identification system fails for a few seconds." Unless you're on the wrong end of the target id system. We have enough 'friendly fire'(although who cares how 'friendly' it is when you're dead?) problems already. I don't care what OS it's using, it needs to be fixed.
  • by curtlewis (662976) on Friday August 01, 2003 @07:51PM (#6592916)
    for flight systems to reboot 'on the fly' but I consider that unacceptable for mission critical systems.

    It's the mentality that feels that 'good enough' is good enough that brings us this type of warm and comfy software.

    Good enough isn't. Stable code can be written. It merely takes talented engineers, design time to conceptualize and architech the product up front before coding it and giving QA what they need to test and committment to FIXING the issues that QA identifies. It's not the cheapest or fastest way to deliver a product, but if I want cheap and fast I'll go to Taco Bell, not a jet fighter.

    Given how expensive these planes are, does it make sense to go cheap on the software and risk crashing not only the software but the multi million/billion dollar plane too?
  • by WindBourne (631190) on Friday August 01, 2003 @07:52PM (#6592919) Journal
    Please consider having Slashdot do a quick search, esp in the last 2-3 weeks. Even if this is done at the submittor level, then they could avoid this. I have no doubt that most submittors would prefer to avoid this.
    Likewise, when viewing for submission, check the same search, so that you can see what the use saw
    BTW, this is not really a problem with just /., but more indicative of the problem that stories keep getting retold on the same news. Sad really.
  • F-22 BSOD (Score:2, Insightful)

    by zoloto (586738) on Friday August 01, 2003 @07:57PM (#6592956)
    ...Blue Skies of Death
  • by phyrestang (638793) on Friday August 01, 2003 @07:58PM (#6592960) Homepage
    Hey... At least it is the truth. For some reason you strike me as one of the people who has no problem eating beef, but gets uneasy talking about the slaughter house. Killing is what these machines were made for, why beat around the bush?
  • by Sean80 (567340) on Friday August 01, 2003 @07:58PM (#6592961)
    I suppose I don't even know what 'reboot' means in this context. Do planes like this have operating systems? Or does the hardware directly run the code? Does the reboot simply reset the system state from somewhere it shouldn't have been? How fast is a reboot? The only context I have is the few minutes it takes my Linux box or my Windows box at work to reboot.

    What's funny is I always thought the guys writing this sort of software were uber-coders, and never had this sort of problem. Throw those few extra hundred million dollars at the coding effort, and I just thought this sort of problem went away. It's worrying though - isn't code which ever needed to be rebooted fundamentally flawed? Can you ever really fix that sort of code, or are we just waiting for the day whenever another edge test case comes along mid-flight, and an F-22 falls out of the sky? Even one of this sort of error seems like impending doom to me.

  • by p2sam (139950) on Friday August 01, 2003 @08:01PM (#6592979)
    Frank and to the point, no sugar coating.

    Or do you prefer languages like the Department of Homeland Security, which concerns with domestic spying, or the Department of Defense, which concerns with waging war?
  • by egomaniac (105476) on Friday August 01, 2003 @08:01PM (#6592980) Homepage
    Good enough isn't. Stable code can be written. It merely takes talented engineers, design time to conceptualize and architech the product up front before coding it and giving QA what they need to test and committment to FIXING the issues that QA identifies.

    I'm curious -- do you do development? Have you ever worked on a 2 million line program? No offense, but anyone who uses the word "merely" in a paragraph like that strikes me as someone with a tenuous grip on reality.

    I am a senior engineer at a very big company. Applications I have written are in use by literally millions of people. And I'm scared stiff by the idea of writing the kind of software that powers the F-22. Software of this scale is the single most complicated project humanity has ever undertaken, and to belittle the efforts of the engineers involved by suggesting that they don't know what they're doing or aren't following responsible development guidelines shows a serious lack of understanding. I promise you, the software on the F-22 has been subjected to more rigorous QA than anything you or I have ever touched, but that still doesn't make it easy.

    Humans aren't perfect, and as long as that continues to be the case, writing a multi-million line chunk of software will always be a ridiculously expensive and difficult proposition with no guarantee of success.
  • by AKnightCowboy (608632) on Friday August 01, 2003 @08:02PM (#6592983)
    Is it just me, or does this kind of talk disturb anyone ?

    Why does it disturb you? What else do you think a $200 million stealth fighter is for? Fighters are for killing people and/or destroying their stuff. Hopefully this stuff will be ready when we go to liberate North Korea and China. :-)

  • by sphealey (2855) on Friday August 01, 2003 @08:07PM (#6593011)
    First, this issue has been covered extensively by Aviation Week & Space Technology, if you have a library that keeps the back issues (web subscription very expensive).

    Second, I have seen this coming for about 10 years now. In the 70s and 80s I worked with digital control systems. Not avionics, but similar. In those days the systems were expected to work right, every time, for years at a time. 2 years between system restarts was considered "acceptable". If a system did fail, the manufacturer was expected to get its collective butt out to the site, figure out why, and issue a (solid!) fix pronto.

    In the last 5 years, I have repeatedly been on brand-new airplanes at the gate when the pilot comes on and says "we are having a little problem with the system - don't be alarmed if the lights go off" followed by what is clearly a "reboot" of the airplane! When the fsk did it become acceptable to fix problems in avionics by rebooting the airplane?

    And if the system designers really think the Microsoft Rebooting Disease is an acceptable way to handle system faults, how long before one of those faults occurs in the air?

    I guess I am just old and crusty, expecting life-critical systems to work to spec 100.0% of the time.

    sPh

  • The Onion (Score:2, Insightful)

    by chmilar (211243) on Friday August 01, 2003 @08:10PM (#6593027)
    The article reads like something from The Onion, not The Washington Post!

    Lines like "$200-million-per-copy stealth fighter", "the F/A-22 is the absolute most-awesome killing machine I have ever, ever flown", "any other free world fighter", "14 minutes per flight rebooting mission critical computer systems", "the 'let's go kill people' software", and "kill somebody and stay alive and execute your mission" were cracking me up.

    Are you sure this article isn't really from The Onion? They have some pretty imaginative writers.
  • by JDWTopGuy (209256) on Friday August 01, 2003 @08:10PM (#6593028) Homepage Journal
    IMNSHO, it's basically common knowledge that these things CAN NOT be flown without computers regulating all the doohickeys. We're not talking about Cessnas (sorry if I spelled that wrong), we're talking about extremely complex jets flying at high speeds.

    Granted, some things (ejector seats, cupholders, maybe even bomb-dropping aparatus) don't need computer control, but all those wing flaps and engines, etc. do, at least in a vehicle this complex.
  • by bmajik (96670) <matt@mattevans.org> on Friday August 01, 2003 @08:13PM (#6593043) Homepage Journal
    it apparently disturbs you.

    thats too bad, because it somewhat indicates you are uncomfortable with reality.

    I pay a lot of tax money every year to guarantee that the united states has a highly effective group of people who only exist for the purpose of killing.

    I fully support killing.

    I am glad that I pay my government to refine the process of killing, to make it more efficient, and to have major universities dedicated to the art and science of efficient killing.

    Without killing, some disagreements just cant be settled. Im glad someone is willing to do the killing for me, so every disagreement doesn't ruin my life. I'm glad that i have the option to let someone else stick up for my interests in these disagreements that can only be settled with killing. I'm glad that the killers i dont like don't get to roll over me according to their whims.

    I support killing.

  • by cperciva (102828) on Friday August 01, 2003 @08:19PM (#6593083) Homepage
    That's a training issue. Pilots need to learn that "cannot identify target" means *wait*, not *shoot now*.
  • by curtlewis (662976) on Friday August 01, 2003 @08:25PM (#6593121)
    I'm a Senior QA Engineer by trade, having worked at a couple major names in the valley, several startups and a few dot coms.

    You're just used to not being given enough time to do your job really well. Everything in the industry is rush, rush, rush these days. And the end products show that. I don't blame you or fellow engineers, I blame senior management for all the rush jobs.

    To do zero defect development requires alot more design time, alot more coding time and massively longer test cycles. It's usually cost prohibitive for most companies, but for a $220 million fighter and the life of the pilot I think the extra time and costs are justified. But then, I'm not a bean counter making the decisions.
  • by jimbolaya (526861) on Friday August 01, 2003 @08:32PM (#6593155) Homepage
    But has the pilot of that unidentified target, who might be foe, learned that he's not supposed to shoot the guy 'cause his system is rebooting?
  • by SlashdotLemming (640272) on Friday August 01, 2003 @08:34PM (#6593165)
    I'm curious -- do you do development? Have you ever worked on a 2 million line program? No offense, but anyone who uses the word "merely" in a paragraph like that strikes me as someone with a tenuous grip on reality.

    I think where people get thrown is that they see houses and cars and bridges and think, "If we can build those, why can't we build software? Programmers must be lazy"
    Well, is every 2x4 in a house the exact same length? Are all the boards perfectly flush? A crooked door in a house will usually cause no problems, but the equivalent in a piece of software can cause a crash. Even computer hardware is never perfect. Does every 2.0 GHz processor run at EXACTLY 2.0 GHz? Not even close, but they are good enough. The problem with software is that it needs to be perfect to be perfect, and people aren't perfect.
    The beauty of the F-22 system is that the developers realize this, and they designed the system knowing there would be flaws and that the software would crash. When some of the software crashes, the jet keeps right on going, which is the sign of ultimate stability.
  • Microsoft bashing (Score:5, Insightful)

    by jfengel (409917) on Friday August 01, 2003 @08:47PM (#6593222) Homepage Journal
    I've just re-re-read the article, and I can't find any mention that the software on board was Windows based.

    Yes, you're all very droll, but the Microsoft bashing seems a little knee-jerk. It's insanely complicated to write software like this (as a few other posters have said, and I'm posting only because I have no mod points for them).

    I doubt these errors are OS-based at all. Real-time systems like this are built on top of extremely well-tested embedded OSes. They reboot because they're writing pretty close to the bare metal, and mistakes are punished hard. Best practices are applied (interminable code reviews, fascist levels of regression testing, ungodly coding style standards), but not always followed, and even best practices don't always work.

    I'd like to see a gradual shift to languages which enforce best practices (i.e. not C and assembly). Meantime, these pilots are pretty damn brave. But it's probably not Microsoft's fault, this time.
  • Re:WHAT?!?!?! (Score:4, Insightful)

    by egomaniac (105476) on Friday August 01, 2003 @08:56PM (#6593256) Homepage
    Go build me a pyramid. Without any modern machines. In the middle of the desert.

    With ten thousand workers to help, a government that doesn't give a crap about death tolls or reasonable working conditions, and enough funding to bankrupt an empire, I'm sure I could manage.

    The pyramids were gigantic, backbreaking undertakings, but I maintain my stance that software is the most complicated endeavor undertaken by mankind.
  • by Laur (673497) on Friday August 01, 2003 @09:01PM (#6593283)
    It makes me wonder why the military has less stringent requirements.

    There is a world of diffeence between a civilian plane which only has to fly from point A to B and the F/A-22. The F/A-22 is the most advance fighter jet in the world and can literally do things that no other plane can do. There is no way they can develope three separate software suits for a system this complex. But trust me, there is plenty of redundancy built in. Besides, the F/A-22 hasn't finished testing yet, it is not a finished product and so of course still contains bugs.

  • by Anonymous Coward on Friday August 01, 2003 @09:19PM (#6593377)
    not only that, but his error message is an example of Windows working correctly- it detects a piece of userland software doing something bad, so it shuts it down so it doesnt take down the whole system. I don't know why he thought that was a big Microsoft slam.
  • Marketingspeak (Score:1, Insightful)

    by Anonymous Coward on Friday August 01, 2003 @09:45PM (#6593469)
    outmaneuver any other fighter that it will face as a threat, and any other free world fighter that will be built for years to come

    Translation: It is not the most maneuverable fighter on our side, and the enemy may build something more maneuverable soon, if they haven't already.
  • by Chess_the_cat (653159) on Friday August 01, 2003 @10:00PM (#6593522) Homepage
    A mechanical device that can manage and acquire targets? Run the Nav system? Run Communications? I'd like to see that.
  • by Anonymous Coward on Friday August 01, 2003 @10:10PM (#6593547)
    Oh, sure. If you're wandering around outside of an armored vehicle, it's easier to get shot than if you were in one. On the other hand, what would you find more imposing: an anonymous chunk of steel driving around, or a bunch of mean-looking guys who are really tall, really big, and wave around rifles like they wouldn't even think twice about blowing your head off if you got in their way?

    Not to mention sitting inside that armored vehicle makes you a big, obvious target, while infantry can be much more flexible, dispersed, and generally aware of their surroundings. Maybe it'd help if the army had miniature radar trucks or something that drove around with each convoy.

    Anyway, most of the soldiers killed so far have been riding around in armored vehicles, so the facts on the ground contradict what would seem to be "common sense" to you.
  • by AHumbleOpinion (546848) on Friday August 01, 2003 @10:21PM (#6593593) Homepage
    The vast majority of downed pilots, 80+% ?, never saw the attack coming. They were taken by surprise. The most successful aces avoided dogfights, they would try to surprise someone, if not they would disengage and look for someone else. Your account sounds like some romanticised story or an aberration that occurred in the earliest days of the war. WW1 pilots looked at battle the same way pilots do today. Give the other guy a chance and you may die, your wife a widow, your children fatherless.
  • by nigelc (528573) on Friday August 01, 2003 @11:04PM (#6593752) Homepage
    I was reading somewhere (possibly Scientific American) about the building of systems (computer software or robots) which can tolerate a restart or failureof one or more of them and keep working.

    Rather than the monolithic system which we all secretly love (which allegedly produces Blue Screens of Death when things go squiffy, although my own XP Home system has been thundering on with nary a problem for quite a while now), you build systems which can tolerate components restarting themselves. I don't care if you're RMS writing the purest code with GNU/Ada for the EFF Air Force, you're not going to write something that will never fail. Better to design and build an overall system which can tolerate minor interruptions, especially if you are going to be flying into a war zone.

    In any case (I worked on some of the stuff on the fringes of the F22 program a long long time ago), there are a bunch of computers in the air vehicle; it's an airborne network. Saying "oh my god, I can't believe the plane is rebooting" is dissingenuous.(aside from the many Windows jokes). It's akin to "I had to power-cycle the printer twice today -- I can't believe the network stayed up for the 35 seconds it took the Lexmark to come back to life!".

    Rebooting a subsystem computer works quite well in robotics too, which further leads into the concept of many small robots rather than one large beast screaming "Danger Will Robinson".

  • by Slime-dogg (120473) on Friday August 01, 2003 @11:11PM (#6593775) Journal

    Yeah, 36 seconds a flight. Considering that most of the programming and everything is probably kept in solid state memory, a reboot maybe takes a second or two at most.

    The language used for all of this is ADA, which is one devious language to program in. Everything requires exception handling, and every exception needs to be handled. The 2 million lines of code is surprising, not because it seems like a lot, but because it seems like so little.

    I'm quite sure that every computerized portion of the aircraft has at least one redundant system too. The aircraft has already been through it's "X" stage. It's been officially given a fighter designation, and they do have a flight of them somewhere. The military isn't going to stick pilots in a rickety plane. If the craft didn't have redundant systems, and the flight suit went out for a couple seconds during a 9 G turn, the pilot would be out. Soon after, the plane would be gone.

    The fact that they are still working on the stability is a cool thing. If I were piloting, I'd want my main system to be rock solid and never crash, but I'd also want all of my redundant systems to be rock solid and never class.

  • by PetoskeyGuy (648788) on Friday August 01, 2003 @11:41PM (#6593876)
    I don't think the military has less stringent requirements, although I honestly don't know. The article did mention this is an experimental plane still in development. Once the bugs are worked out the US may buy hundreds of them at $200,000,000 each.

    Hopefully they will cut back on a few of those airplanes and put some money into our school systems. 5 planes = 1 Billion dollars! And one of the current stealth fighters lost it's tail after air show.

    I guess it's tought to keep to a budget when you can print more money.
  • by the_ed_dawg (596318) on Saturday August 02, 2003 @12:17AM (#6593999) Journal
    It's called concurrent engineering. Obviously, the flight control systems are working within a level of tolerance to test the mechanical systems. Targeting and sensor systems are useless if there isn't a functioning platform. If they sat around waiting for the complete software package to be completed before testing the F-22's basic flight capability, they would be way behind their current state. Keep in mind that this is still in test, not production.
  • Rickety Planes (Score:3, Insightful)

    by core plexus (599119) on Saturday August 02, 2003 @12:41AM (#6594073) Homepage
    "The military isn't going to stick pilots in a rickety plane.

    Osprey? Harrier? And how many others?

    -cp- (My .sig is rebooting)

  • Re:Hah (Score:5, Insightful)

    by clbyjack81 (597903) on Saturday August 02, 2003 @12:42AM (#6594079) Homepage
    The article stated that the reboots were for subsystems, not the fly-by-wire systems or the navigational system. The main problems have been in the sensor-weapon integration. This is one reason why the plane is not yet in full-scale production.
  • by fucksl4shd0t (630000) on Saturday August 02, 2003 @03:20AM (#6594536) Homepage Journal

    And by "our civilization" I don't mean the "kill 'em all" hicks that have suddenly made a comeback in the US. I'm talking about human civilization as a whole --- the thing that seperates us from mere animals.

    I've got an ant farm you just have got to see. :)

    Seriously, though, I'm all for respecting life, and I don't buy into this basic fact that sometimes you have to kill somebody. I think there's a better way. Besides that, I think the best way to depose Saddam Hussein would have been assassination. Why is assassination considered so dishonorable? Compared to thousands of innocents dying--the same innocents we were "liberating" I might add.

    But showing respect for life and being direct about the function of a given subsystem on a plane aren't necessarily mutually exclusive. You don't like it, but how do you know the guy who said it doesn't have respect for human life? In my experience (not small), most soldiers have a respect for life in general. They just put American lives above others, for whatever reason (most common reason: Americans are their family, who they love and want to protect).

  • by Anonymous Coward on Saturday August 02, 2003 @03:30AM (#6594560)
    This is similar to the legend about gunfighters in the old west (usa) giving each other an even break.

    At all times and places in history winners attack with duplicity deception underhandedness guile lies speed and overwhelming force.

    Only losers buy into the lie about fair play in war. The winners always break any rule that suits them, bewails enemy tricks, and tells everyone how upright they are about the rules they do follow because it suits them.

    Then the winners write the history books which read over and over how good guys beat bad guys. If the other side had won the history books would still be all about the good guys winning (jews.. indians..indians..jews..When genocide is complete enough there are too few to complain to make a difference).

    And one more thing. Look in the mirror. Every living human is the result of successful parents, cultures, and societies that used the above tactics. No one has an ancestory free of this stuff; no nation ever became a nation without denying land to somebody else (even tiny mid Pacific islands have their old population versus new arrivals (e.g. immigrants from India) racial problems).

    Furthermore.. oh god its 3am what the hell am i doing.. gotta go
  • by be-fan (61476) on Saturday August 02, 2003 @09:06AM (#6595081)
    You're just restating the problem, without fundementally changing the situation. Why are your kids any more important than any other kids? Most importantly, why is it more important for you to have a toy (and you do buy toys, I'm sure) than for these children to have food? No matter how you approach it, you're justification comes out to "I'm a pussy-footed self-serving jackass" because, in reality, that's all our civilization lets us be.

Pause for storage relocation.

Working...