22 Sep
Date: Thu, 22 Sep 94 12:30:09 PDT
 From a talk given by Professor Nancy Leveson, Dept of Computer Science 
 and Engineering, University of Washington, on Software Safety & 
 Reliability (IEEE & ACM Sponsored 4/20/94) :

* An F16 pilot was sitting on the runway doing the pre-flight and 
wondered if the computer would let him raise the landing gear while on 
the ground - it did...

* When initially developing the sidewinder missile pylon mounting there 
were a few problems.  The software would release the latch and fire the 
missile - initially however the latch was closed shortly thereafter not 
allowing enough time for the missile to leave the wing.  Imagine the 
pilots dismay when there was a bunch of extra thrust attached to one of 
the wings!

* The F16 has a sophisticated software system that performs load 
balancing to optimize flight performance.  This includes dropping empty 
fuel tanks in such a way as to balance the plane.  A minor prerequisite 
to dropping the tanks was overlooked in the software - it's usually a 
good idea to be upright when releasing the tanks.  Imagine flying 
upside down and having empty fuel tanks come flying off...

* A manufacturer of torpedoes for the Navy wanted to make a 'safe' 
torpedo.  Their initial solution was to cause the torpedo to 
self-destruct if it made a 180 degree change in course.  On the test 
run for this new 'safe' torpedo the captain fired the torpedoe and 
nothing happened.  So the captain ordered the sub back to base, 
executing a 180 degree turn...

