I know very little about aviation. Can someone explain if there is a tool tracking system, or what measures mechanics use to track tools used in something like that? This sounds like an edge case, but also seems very preventable if all tools are tracked. Like they try to do with humans in surgery.
For code running in a commercial jet engine, so usually DAL A or DAL B? You should be caught by the first level of verification —- can’t even get past code review, because you don’t have a requirement to tag to trace the useless code back to. If that process failed (and any can), you have the whole climb up the right side of the V. And in the end, if the code is not /so/ useless as to be removed by the compiler, the final check that all generated bytes have traceability should catch it.
I know very little about aviation. Can someone explain if there is a tool tracking system, or what measures mechanics use to track tools used in something like that? This sounds like an edge case, but also seems very preventable if all tools are tracked. Like they try to do with humans in surgery.
As the article says: yes.
This is the type of edge case that will always eventually arise after enough hours. We have had nukes nearly go off after 10 fail safes were tripped.
A medical issue followed by lack of sufficient follow up should not happen, but they statistically will eventually.
First thought: if I left bad or useless code in a commit, how many levels of verification would it need to pass to make it to production?
For code running in a commercial jet engine, so usually DAL A or DAL B? You should be caught by the first level of verification —- can’t even get past code review, because you don’t have a requirement to tag to trace the useless code back to. If that process failed (and any can), you have the whole climb up the right side of the V. And in the end, if the code is not /so/ useless as to be removed by the compiler, the final check that all generated bytes have traceability should catch it.
my thought was that if you get an alert that a key system is flapping in production, your first thought shouldn't be to squelch the alert.