Ron Kean [ronkean@juno.com] wrote:
>The date-related embedded chip problem is greatly overblown. There is no
>reason why a date-sensitive maintenance monitoring system would be
>knowingly designed to catastrophically shut down the power supply system
>because of a date discrepancy.
Tell that to the Swedes; their software essentially said:
main ()
{
if (year == '99')
shut_down_reactor();
else
produce_power ();
}
Luckily that was in their main control system rather than the embedded systems, so they could just reset the date and keep running.
But the biggest problem with this argument is the idea that software is 'knowingly designed' to act in this way. Software wasn't 'knowingly designed' to fail in ten months from now, that's just an unexpected side-effect of other design choices; few people expected it to still be running today.
Most of the bugs I see are not 'knowingly designed' into the system, they're the consequence of plugging together software which has been designed to do one thing and also does others that no-one considered when they dropped it into their system; for example, I was reading an article a while ago decrying the increasing use of C++ as people drop more and more reusable objects into their Windows programs without understanding what the objects actually do, and add many new bugs due to unexpected interactions.
These controllers are knowingly designed to fail in certain ways when certain things happen. Whether anyone actually knows what those failure modes are or considered them when they built their system around those controllers is another question entirely.
Mark