Sunday, December 1, 2013
Big, Embedded Software
I just found this interesting article in Aviation Week on the software for the 787. The problem they describe seems to center on requirements: the avionics software sends too many alerts. Because this plane is much more heavily instrumented, it has a lot of data at its disposal. I suspect that the designers didn't think to write requirements specifically about the sensitivity of the alert system: how many alerts per hour, etc. The traditional focus in the design of such systems is on ensuring that a particular alert is generated. But as we move to more heavily instrumented systems across the board, we need to think more systematically about what we do with all that sensor data. We are instrumenting not just airplanes, but buildings, factories, and roadways. The analysis tools for all these systems must balance two tasks: making sure that important alerts are delivered quickly to the appropriate authority; and ensuring that events are accurately tagged with the appropriate level of alert. A well-known phenomena of alert-based systems is that too many false alarms cause human operators to disregard all alerts. We won't get people completely out of the loop for quite some time. Even if we do manage to build totally autonomous systems, they will face the same problem of properly discriminating between important and unimportant events.