Hadmut Danisch
Ansichten eines Informatikers

Boeing und die Integer

Hadmut
12.3.2024 18:21
Uncategorized

Haha, da habe ich richtig gelegen. 😀 [Update!]

Ars Technica 2015: Boeing 787 Dreamliners contain a potentially catastrophic software bug

The bug—which is either a classic integer overflow or one very much resembling it—resides in one of the electrical systems responsible for generating power, according to memo the FAA issued last week. The vulnerability, which Boeing reported to the FAA, is triggered when a generator has been running continuously for a little more than eight months. As a result, FAA officials have adopted a new airworthiness directive (AD) that airlines will be required to follow, at least until the underlying flaw is fixed.

“This AD was prompted by the determination that a Model 787 airplane that has been powered continuously for 248 days can lose all alternating current (AC) electrical power due to the generator control units (GCUs) simultaneously going into failsafe mode,” the memo stated. “This condition is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane.”

The memo went on to say that Dreamliners have four main GCUs associated with the engine mounted generators. If all of them were powered up at the same time, “after 248 days of continuous power, all four GCUs will go into failsafe mode at the same time, resulting in a loss of all AC electrical power regardless of flight phase.” Boeing is in the process of developing a GCU software upgrade that will remedy the unsafe condition. The new model plane previously experienced a battery problem that caused a fire while one aircraft was parked on a runway.

The memo doesn’t provide additional details about the underlying software bug. Informed speculation suggests it’s a signed 32-bit integer overflow that is triggered after 231 centiseconds (i.e. 248.55 days) of continuous operation.

Hihihi, genau das, was ich eben vermutet hatte, hatten sie 2015 schon, nur mit Faktor 10, weil Centi- und nicht Millisekunden.

Huahahahaaa!

Sowas ist ein Anfänger- oder Schlampigkeitsfehler.

So etwas kann mal passieren, wenn man Software schnell schreibt, auf die es nicht so ankommt. Das ist nicht so wichtig, wenn etwa mal ein Blog abstürzt oder neu gestartet werden muss, aber in einer so kritischen Software darf so etwas einfach nicht vorkommen.

Update: Der ist auch gut:

22 Tage

Hi!

In Ada ist ein Integer ersteinmal signed 16 bit breit.

2^15 Minuten sind 22.755555555… Tage.

Hähähähä.