• No results found

Failures In Real Time Systems

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Failures In Real Time Systems"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Failures In Real Time Systems

Cameron Mortus

EEL 4923 - Real Time Systems

Due: 4/20/19

(2)

This paper is going to focus on a few significant major failures in applied real time operating systems both old and new. To start with let us take a look at how the software in the Mars Pathfinder failed in its objective, and then look at how the Boeing 737MAX failed and then a transition to how these issues were solved or could have been prevented.

To begin, a look at the events surrounding the Mars Pathfinder. As described by Jones in his paper What Really Happened On Mars Rover Pathfinder “The

meteorological data gathering task ran as an infrequent, low priority thread, and used the information bus to publish its data. When publishing its data, it would acquire a mutex, do writes to the bus, and release the mutex. If an interrupt caused the information bus thread to be scheduled while this mutex was held, and if the information bus thread then attempted to acquire this same mutex in order to retrieve published data, this would cause it to block on the mutex, waiting until the meteorological thread released the mutex before it could continue. The spacecraft also contained a communications task that ran with medium priority.” This system as a whole is largely considered a success in the scientific community, but, the truth is that it did not start out as such a success. Upon landing, a particular instance in the scheduling occured where a priority inversion happened, with a lower priority task holding a resource required by the higher priority which forced a reset when it could not complete this loop repeated what seemed to be

(3)

indefinitely. These events would go on to cost the project many hours and long nights before the engineers could solve the issue.

Next, a look at the Boeing 737MAX Crashes of October 29th, 2018, and March 10th, 2019, although much of the data from the crash and the circumstances surrounding it is private information held by Boeing and its partners, what has been given publicly as answers from Boeing can be used to understand some of the potential problems. By applying our knowledge of systems and real time scheduling we can form a theory about the issues. To begin, a recap of the basics from both incidents. On April 4th, Boeing released in a press conference a statement saying “The full details of what happened in the two accidents will be issued by the government authorities in the final reports, but, with the release of the preliminary report of the Ethiopian Airlines Flight 302 accident investigation, it’s apparent that in both flights the Maneuvering Characteristics

Augmentation System, known as MCAS, activated in response to erroneous angle of attack information”. This statement is discussing an issue which has been described as the jet automatically nosing down because its data interpretation is that it was climbing and losing speed which would result in a death spin. Under normal operation this would be considered a good safety mechanism, but the mechanism appears to be getting bad or incorrect data values. When the system gets these values it interprets them to mean that the plane is losing too much speed on ascent and acts on this data by nosing down to accelerate and without the altitude the planes are crashing. So in synopsis in both of the crashes the anti-stalling mechanism and program have caused the crash. As far as real time system failure the system is definitely a real time system taking in all the sensor and

(4)

logic data as well as making split second decisions with immediate deadlines. This systems major failure, unlike the with the Mars Pathfinder and its priority inversion, this appears to be a data interpretation issue. This data interpretation error can most likely be attributed to one of three causes. First, a lack of time to verify data before action. Second, poor hardware and sensors. Finally, an improper action taken on the code side based on the data.

In the case of the Mars Pathfinder the solution to its problem was already applied during the mission. This is the main reason why it is widely considered a success, during the mission the problem was diagnosed and solved remotely from Earth on Mars! Mike Jones discusses this in his paper What Really Happened On Mars Rover Pathfinder talking about diagnosing the Mars Pathfinder “VxWorks can be run in a mode where it records a total trace of all interesting system events, including context switches, uses of synchronization objects, and interrupts. After the failure, JPL engineers spent hours and hours running the system on the exact spacecraft replica in their lab with tracing turned on, attempting to replicate the precise conditions under which they believed that the reset occurred. Early in the morning, after all but one engineer had gone home, the engineer finally reproduced a system reset on the replica. Analysis of the trace revealed the

priority inversion”. Essentially, they duplicated the circumstances of the Mars unit on an identical unit on Earth. And were able to get the trace of all the actions taken by the Pathfinder when the issue occured. Then they pushed a code to change the priority within the operating system of the Mars Pathfinder. Mike Jones discusses this in his paper What

(5)

the spacecraft, which when interpreted, changed the values of these variables from FALSE to TRUE. No more system resets occurred”. The basics of this is that because they knew the costs that could be incurred because of the nature of space and working within it, leaving themselves the ability to fix any issues which can come up during the Pathfinders mission from Earth with minimal down time would be crucial.

In the case of the Boeing 737MAX crashes, without all the information available it is difficult to give a direct solution to the problem. In the case where it really is just

erroneous data being acted upon the solution seems simple, find a way to observe the data and eliminate any bad inputs or just find out what the bad data looks like and prevent the system from acting on that kind of data. In the case that it is a scheduling issue or poor hardware, a hardware upgrade may be necessary to allow the processors and sensors more time to act before taking negative actions. And, in the case of wrongly interpreting and acting on data, Boeing may need to look into a redesign or a backdating of the software.

In conclusion, both systems are most certainly Real Time Systems, and both are great failures, though the Pathfinder was only a monetary and time based loss verses the loss of life in the Boeing case. Both of these scenarios go to show how small mistakes in a system so crucial and deadline driven can be catastrophic. These failures should not be taken lightly nor are they the end of a path. Instead, they should be taken and learned from throughout the whole community of computer scientists and engineers, to be applied to all future projects.

(6)

References

Jones, Mike. “What Really Happened on Mars Rover Pathfinder.” Files

Provided by Professor, 2019, webcourses.ucf.edu/courses/1327092/files.

Muilenburg, Dennis. “Boeing CEO Dennis Muilenburg Addresses the Ethiopian Airlines Flight 302 Preliminary Report.” Boeing, 4 Apr. 2019,

www.boeing.com/commercial/737max/737-max-update.page?gclid=Cj0KCQjw4-

References

Download now ( PDF - 6 Page - 122.54 KB )

Related documents

ARCHON to ASpace: Adventures in Archives Migration

Adam Smith, Archives Technician Heidi Southworth, Digital Initiatives Librarian Tom Tran, Systems Librarian Daniel Vang, Information Technology Specialist Library Technology

National Strategy of Climate Change in Mexico Adaptation and Mitigation Actions in Agriculture

3.- Assessment of the efficiency of biogas production in small anaerobic digesters and treatment of digestates using an anaerobic thermophilic process of short duration in

Strategy in contemporary jazz improvisation : theory and practice.

The chapter also draws focus to Aaron Berkowitz’s research into improvisational treatise and his staged methodology for pedagogical assimilation (transposition,

It’s Automatic: Library Automation as a Catalyst For Transformation

These included the iMLS and LSTA grant program; Ross Fuqua at the Oregon State Library; Esther Moberg and the staff the Seaside Public Library; our ILS vendor, The Library

Baseline Trends in Key Performance Indicators Among Colleges Participating in a Technology-Mediated Advising Reform Initiative

Of those who were required to take gateway courses, only about 25 percent of two-year students attempted a course in English or math during their first year, compared with about

Diversity control for improving the analysis of consensus clustering

The results that we obtained using six well- known data sets demonstrate that this method is effective for controlling the ensemble diversity, where the consensus function behaves in

Do social capital building strategies influence the financing behavior of Chinese private small and medium-sized enterprises?

mechanisms based on social capital to private SMEs in China, and assist us in explaining their capital structure decisions, we augment the traditional theories of

The cytotoxic and genotoxic effects of bisphenol A on neuronal cells in vitro

However, more research is required to assess its cytotoxic and genotoxic effects on neurodevelopment, by using further cytotoxic and genotoxic assay to validate the results