[SystemSafety] Overflow triggering AC power cut-off in Boeing 787

David MENTRÉ dmentre at linux-france.org
Sun May 3 18:44:04 CEST 2015


Hello,

Le 2015-05-03 10:41, Mike Ellims a écrit :
> “History teaches us that people have never learned anything from history.”
>
> Hegel
>
> http://rgl.faa.gov/Regulatory_and_Guidance_Library/rgad.nsf/0/584c7ee3b270fa3086257e38004d0f3e/$FILE/2015-09-07.pdf

For those that don't want to read the FAA advisory, a signer integer 
overflow can trigger a cut-off of all AC power in Boeing 787 planes 
after 248 days (~8 months). It never occurred on real planes but in 
simulation.

Other source: 
http://betterembsw.blogspot.fr/2015/05/counter-rollover-bites-boeing-787.html

This would not happen if absence of overflow was automatically checked 
(by using tools like Frama-C, Astrée or Polyspace). Or more probably 
this overflow was identified but judged as "could never happen". Would a 
reader of this list have some insight about what really happened?

Best regards,
david



More information about the systemsafety mailing list