Software Bug Halts F-22 Flight

mgh02114 writes "The new US stealth fighter, the F-22 Raptor, was deployed for the first time to Asia earlier this month. On Feb. 11, twelve Raptors flying from Hawaii to Japan were forced to turn back when a software glitch crashed all of the F-22s' on-board computers as they crossed the international date line. The delay in arrival in Japan was previously reported, with rumors of problems with the software. CNN television, however, this morning reported that every fighter completely lost all navigation and communications when they crossed the international date line. They reportedly had to turn around and follow their tankers by visual contact back to Hawaii. According to the CNN story, if they had not been with their tankers, or the weather had been bad, this would have been serious. CNN has not put up anything on their website yet." The Peoples Daily of China reported on Feb. 17 that two Raptors had landed on Okinawa.

Real redundancy

As far as I remember the Space Shuttle not only has redundant computer systems, but also redundant software, i.e. the software has been developed twice to ensure that software bugs don't cause a catastrophe. I'd prefer to know that systems capable of carrying weapons which can kill hundreds of thousands of people were designed with the same safety in mind.

Re:Real redundancy

The F-22 can carry the standard USAF air delivered nuclear weapon as maintained within the US military arsenal today, either one internal or two external. The radiation from the weapons has no effect on the stealth, either before or after detonation (the stealth capability involved is an advanced form of that used on the B-2 and B-1B bombers, both of which were at their inception designed to be purely nuclear armed bombers).

Re:Real redundancy

The F22 does not normally have external mounts, but there are hardpoints where they can be added. Of course that would defeat the stealth, but if you're about to drop two nukes, at that point you're probably beyond being sneaky.

Re:Real redundancy

There is a grain of truth in this one.

During the Serbian wars NATO was scared shitless off all weather radars and shot at them without any second thoughts even if they were in neighbouring non-combatant countries. Both incidents when missiles hit buildings near Sofia (70km+ outside the Yugoslavian border) were actually firings at the Sofia Airport Gematronic radar system (the same kind some NATO country use).

In addition to that Stealth works effectively only if your receiver is colocated with the transmitter. It is easily defeated by decoupling them. There is a host of technical problems in doing this, but nothing that cannot be solved with enough software analysis of the reflected signal. It is only a matter of time until all "rogue" countries possess the relevant signal processing tech to do that.

So as far as AAA is concerned Stealth is a technology which is dead on arrival.

Re:Real redundancy

You're saying that because I can see the moon, people who've walked on the moon should have been killed?

Yes. I hate those guys.

Re:Real redundancy

Actually, the space shuttle is not a good example.

NASA do not fly the space shuttle during 31 Dec -> 1 Jan [newscientist.com] as
they are not confident of what would happen. Better just
to avoid the problem.

That was one of the pressures to getting the Dec 2k6 flight off the ground.

Re:Real redundancy

"NASA do not fly the space shuttle during 31 Dec -> 1 Jan"

But they fly over the international date-line every 90 minutes or so with no problems :).

they are very confident

You missed a point in that story.
NASA is extremely careful with its software.
They don't fly from Dec 31 to Jan 1 because they know exactly what would happen.

Re:Real redundancy

The Shuttle does indeed have two sets of flight software, Primary Avionics Systems Software (PASS) [nasa.gov], and Backup Flight System (BFS) [nasa.gov]. During critical phases of flight, PASS is loaded on four of the GPCs and BFS is loaded on the fifth. BFS doesn't have all the capabilities of PASS - it is intended to take over in case of an emergency.

crash narrowly averted

CNN television, however, this morning reported that every fighter completely lost all navigation and communications when they crossed the international date line.

I've heard of a software glitch causing a crash before, but this is ridiculous.

Re:I would not want to be him.

Someone is going to get fired for this.

Welcome to defense contracting, you must be new here.

Don't worry

We will happily sell y'all Eurofighters. Half the price, twice the bombs... and who the hell do you need stealth to fight anyway? Expecting the France to try and invasion any day now or something?

Re:Don't worry

Actually the whole story is a lot more exciting that 5 on 1...

The 27th Fighter Squadron (8 F-22s) at Langley AFB, Virginia fought against 33 F-15Cs and didn't suffer a single loss. The F-15's again didn't even detect the F-22's until they were all locked and targeted.

Then some months later during Exercise Northern Edge F-22's reached a 144-to-zero kill-to-loss ratio against F-15s, F-16s and F/A-18s. Only 12 of the F-22's accounted for nearly 50% of all kills for the Exercise.

Winning Tactic

The F-15's should have headed towards the international date line....

Re:Don't worry

As shown in Vietnam and the current Iraq situation, America has great difficulty in fighting a loosely-organized resistance.

      It's because we care about killing innocent civilians, and they are indistinguishable from innocent civilians.

      If we can't identify the enemy, it's a good sign we shouldn't be there.

  rd

Re:Don't worry

Not to mention that the only decent fighters Europe have ever created were all WWII era...

      I dunno, the Americans seemed to quite like the idea of the AV-8A Harrier [wikipedia.org], a British creation.

Source code...

That's the real reason why they don't want to give source code to foreign armies... They don't want to be covered in shame :)

UTC

The answer to all these problems is very simple. For any mission critical application, use UTC and only UTC. No time zones, no date line, no converting. If the software isn't even aware of the concept of date/time localization, then it's not going to run into problems.

Oh, and while they're at it, standardize on metric too. Maybe we can save our interstellar probes at the same time we are saving our warplanes.

Re:UTC

They probably already do... When I was spending time in uniform, all our (non-workstation) computers did all their work in GMT, anyway. And considering it was the navigation systems that crashed, I think the "international date line" thing is spurious - the problem was more likely going from W to E, not today to yesterday.

Reminds me of the Bismarck

The Bismarck battleship had a bug also: when the main turrets would fire, the aiming radars would be disabled. That's no joke when you're in the midst of a battle and everyone of those large caliber shells counts. As I understand, the radars would be disabled by the vibrations of the turret cannons firing. Not a software bug, but bug nonetheless, and you do wonder how did this battleship pass testing.

Gotta know your limitations...

When I worked at a high end civilian GPS equipment manufacturer, we had a test department where, among other things, a complete list of "special" dates and locations were kept on file. Any new position solution software release was regression tested against all previously known and guessed potential date/time rollovers, as well as making sure that motion across geographic coordinate boundaries didn't cause erratic behavior. Obviously whoever supplied the inertial navigation solution for the F22 hasn't quite gotten there yet... Testing in the lab is cheap. Burning a couple of tons of Jet-A and putting a bunch of people at risk is not.

Some exaggeration in the story, I suspect

The F-22 has a fly-by-wire control system. If there really were a crash of ALL on-board computer systems, communication and navigation would not have been the most immediate concerns!

I think not

Modern fighter jets are aerodynamically unstable by design. A human can not fly them alone, the computer has to correct the flight path hundreds of times a second.

The flight control software thus most certainly *does* have to keep the plane "stable".

Design? Lack of foresight?

Assuming it WAS a time issue upon crossing the International Dateline...

Design problem? Why should navigation software require "local time"? They knew they were crossing the international dateline, so they must be linked to GPS timing systems... why not just use GPS' universal time? (Sure, you want local time eventually for your displays but that's a "view" calculation, not one intrinsic to the navigation software)

Bug tracking problem? Did the testers not think of testing about a time zone change? Did they assume the above that everything would be on a universal time and therefore didn't see the need for crossing time zones?

Why wasn't this a stock reusable code module in Lockheed Martin's labs?!?

(And for a media look at this issue, check out the anime Geneshaft or the movie The Pentagon Wars)

Were they running Windows?

I just want to know if this is in any way connected to the nuclear subs that lost navigation after they switched to Microsoft Windows based software. Generally, when this kind of thing happens, some external vendor is to blame.

Ironically

A few days ago reading up on good C++ coding techniques I came across Stroustrup's (creator of C++) page citing the coding rules used [att.com] when working on the Joint Strike Fighter [wikipedia.org]. Reading through the various rules used, this one caught my attention:

AV Rule 25 (MISRA Rule 127)
The time handling functions of library <time.h> shall not be used.

I got to thinking if we had any decent alternatives (at least in C++). And yes there are alternatives and all of them looked equally bad to me. Looks like the F22 guys might have had the same problem finding and using a robust fault tolerant time library.

Re:Ironically

A few days ago reading up on good C++ coding techniques I came across Stroustrup's (creator of C++) page citing the coding rules used when working on the Joint Strike Fighter. Reading through the various rules used, this one caught my attention:

        AV Rule 25 (MISRA Rule 127)
        The time handling functions of library shall not be used.

I got to thinking if we had any decent alternatives (at least in C++). And yes there are alternatives and all of them looked equally bad to me. Looks like the F22 guys might have had the same problem finding and using a robust fault tolerant time library.

Why would you need to use a library? The only format you're likely to need in such software is milliseconds offset from some suitable epoch. As long as your hardware can produce such a time value, you're fine.

Er what?

Are you telling me that the F-22 has no analog backup flight system? For gosh sakes even the F-16 has a similar system. A cursory google search that the F-22 is equipped with an "LN-100G Inertial Navigation System with Embedded GPS". It sounds incredible that the summary implies that the only way they would've made it home was via formation flying with a tanker? Can anyone with more detailed information on the F-22 clarify?

Re:Er what?

Before you go ballistic, bear in mind that unless you've got data sources beyond those cited in the Slashdot blurb, the most technical details come from CNN, which is about one step from priding itself on its ignorance of military matters, and has a less-than-distinguished history on the technical details front as well. Put the two together and the odds are low that you've got anything like an accurate view, let alone a complete one.

You can trust the what and the when; I wouldn't trust their how or why any further than I could spit.

(This isn't anti-CNN; this is anti-almost-everything news media. Journalists aren't required to learn squat about science or technology for their degree and it tends to show up in every last article they write with even a passing connection to science or technology. Any even cursory overview of stories on any technical subject you know about will reveal this. Remember that "multi-gear rocket" atrocity from a day or two ago?)

Most modern fighters are intrinsically unstable

You can't fly planes like that manually, becuase they are inherently unstable. Even non-stealth aircraft have this property, in order to make them more sensitive in roll. A civilian plane will self-centre from small roll inputs, and you have to overcome that effect to actually roll. The stealth aircraft are such weird shapes, for which aerodynamics come second to radar cross-section, that the designers don't even have the choice.

ian

So...

So, when is Service Pack 1 coming out?

Actual dialog message...

You are flying to Japan, Cancel or Allow?

F16 Software had similar problems

When F16s crossed the equator, the computer would roll the aircraft 180 degrees and fly inverted:

http://catless.ncl.ac.uk/Risks/3.44.html [ncl.ac.uk]

Microsoft?

every fighter completely lost all navigation and communications when they crossed the international date line.

Where do you want to go today?

READ: Get Ready For More

I tried posting this on several sites but on March 11th [wikipedia.org], when the new daylight savings [wikipedia.org]regime kicks in for the first time there will probably be a lot of Java applications that will start having data issues because the latest Java version IS NOT BACKWARDS COMPATIBLE for several three character time codes that have bee removed. Several codes have been deprecated in a way that is not backwards compatible. I could be wrong about the severity, but for he last two weeks my software team has been dealing with this issue and the interaction between Oracle and Java.

I told them...

...not to run Windows on those machines. They HAD to upgrade to Vista because of all the cool 'features' the pilots would like to see. First we had to put more ram in and an extra video card, now this... I'm telling ya, next time Microsoft gives them a better deal because they're switching to Linux, they shouldn't accept.

not the only problem I read...

All complex systems have bugs that need to be ironed out....

http://www.atimes.com/atimes/Middle_East/IB10Ak05. html [atimes.com]
"Keys notes, however, that the electronic spectrum around Baghdad is polluted by the myriad jamming devices that coalition forces primarily employed to thwart remote detonations of the improvised explosive devices that have inflicted 70% of all US fatalities in that war." ...
"The potential problem was discovered when the first F-22s were operating near US Navy ships off the Atlantic coast. Navy radars overwhelmed the F-22's automated sensors. Even now, larger, multi-station, purpose-built electronic-intelligence-gathering airplanes encounter difficulties around the Iraqi capital because of the extreme density of jamming devices."

Carry backup.

My advice to F-22 pilots: 1) Superglue a handheld GPS into your cockpit. 2) Carry a backup radio. Superglue this to your cockpit. 3) Remove your cockpit, and superglue it onto an A-10. 4) Fly safe. Carry superglue.