If we ask these same questions for commercial aircraft, we can pretty well answer these questions in the affirmative, at least from a software point of view. No life has ever been lost as far as we know on a commercial aircraft because of a software error. That’s an impressive safety record, so let’s see how we have achieved this. First, the software on board an aircraft is certainly complex; the Boeing 787 for instance has well over five million lines of critical code. For ordinary users of computers, and ordinary programmers using standard techniques, we don’t believe for a moment that software of this size or complexity can be reliable, and indeed we are used to our personal computers crashing frequently, not to mention our phones and other computer controlled devices. But the software on board planes is definitely not ordinary software created by ordinary programmers using standard techniques. On the contrary, the FAA requires extraordinarily rigorous procedures for creating this software (embodied in the DO-178B certification standard (See here), recently updated to DO-178C (See here). It’s painstaking work, and typically significantly increases the cost of producing software, but it’s remarkably effective in yielding software, that, if not perfect, is good enough in practice so that software is not the weak link in the chain.
Furthermore, we rely on an air traffic control system that is itself a highly complex set of reliable certified software components. And we also rely on simple principles of air traffic control, for example keeping aircraft well separated, operated by a small army of highly skilled air traffic controllers.
So can’t we just apply the same reliable procedures to drone software? I see two huge problems. First, there will be severe resistance to the extra costs and long time scales involved. Although we have been successful in enforcing good procedures for developing avionics software, we have failed in other areas. Voting machine software is still regarded as proprietary, and widely shown to be unreliable and insecure. Modern cars have huge amounts of software aboard (there are more lines of code on a Chevy Volt than aboard the Boeing 787), yet no significant certification of automotive software is required. Have people died as a result? We really don’t know. For example in the recent Toyota incidents of unintended acceleration, the final report was heavily redacted, and the government did not have full access to the software. Given the constraints on the study, the conclusion that the government team was unable to find a software cause for the problem was not really surprising. It should not be interpreted, as it sometimes was in the press, as saying that the software was not at fault, but rather that we simply don’t know. As an example from another safety-critical domain, medical instrumentation software is supposed to meet certain FDA certification standards, but a loophole allows modification of existing devices to be grandfathered in, and from the extent to which this loophole is used, you would think that no new advances had been made for a long time. In one ironic case a patent was invalidated on the grounds that the FDA application said that no new technology was involved. Have people died because of software failures in medical instrumentation? There we do know that the answer is yes (for example the Therac-25 accidents as summarized in http://www.ccnr.org/fatal_dose.html), and the recent uptick in incidents of software-related injuries and deaths from insulin pumps is causing the FDA to take another look at certification requirements for these devices.
The FAA is moving slowly on the issue of drone software certification because of concerns that we don’t know how to proceed safely, but as we see, the U.S. Congress (with police forces and national security agencies egging them on) has signaled that delays are not acceptable, and you have to worry that any attempt to require full certification of drone software will be met by heavy opposition from interests that want these things in the air yesterday.
To make things worse, the complexity of drone software is far higher in my view than standard avionics software. If we have hundreds or even thousands of these things buzzing around in our cities, we are not going to be able to have anything like a coordinated air traffic control system to make sure they don’t cause dangerous collisions, so we will have to depend on autonomous software of far greater intelligence than typical avionics software of today, or on the skills and diligence of the operators controlling them remotely. These people are essentially doing what teenagers do when they play video games. The big difference is that a mistake with a drone can kill real people, unlike a mistake in a video game, which resets and gives you another life.
Do I have a simple suggestion to fix this worrisome situation? Unfortunately no. I think it’s really a very difficult problem from a technical software point of view, from a regulatory point of view, and perhaps also from a political point of view in light of a popular current theory that we are over-regulated and that regulations kill jobs. I fear that Congress is steaming ahead here much too rapidly, without a sufficient appreciation of the risks involved. I understand that many may be worried about Fourth Amendment implications of drones, but surely we can all agree that the safety issue is paramount. We don’t want these things crashing into people and causing death and destruction even if they don’t have sidewinder missiles!
About the author:
Dr. Robert Dewar is co-founder, president and CEO of AdaCore and Emeritus Professor of Computer Science at New York University. With a focus on programming language design and implementation, Dr. Dewar has been a major contributor to Ada throughout its evolution and is a principal architect of AdaCore's GNAT Ada technology. He has co-authored compilers for SPITBOL (SNOBOL), Realia COBOL for the PC (now marketed by Computer Associates), and Alsys Ada, and has also written several real-time operating systems, for Honeywell Inc. Dr. Dewar has delivered papers and presentations on programming language issues and safety certification and, as an expert on computers and the law, he is frequently invited to conferences to speak on Open Source software, licensing issues, and related topics.
Part 1 of this three-part article reviews the basics of object-oriented programming and summarizes the challenges it presents for high-integrity programming. Part 2 will provide a primer on the Ada programming language, and Part 3 will detail the tools Ada offers to help developers meet the OOP challenges.
---------------------- If you found this article to be of interest, visit Military/Aerospace Designline
where you will find the latest and greatest design, technology,
product, and news articles with regard to all aspects of military,
defense and aerospace. And, to register to our weekly newsletter, click here.
The drones are probably no more dangerous than a typical commercial aircraft. Pilots nowadays are babysitters. Most of what they do is automated. Sometimes when this technology fails they crash because the pilot has not spent enough time actually flying the airplane. This happened a few years ago when an Airbus crashed off the coast of South America. Hopefully the lessons learned from that event will make the sky a safer place for manned and unmanned aircraft.
As I private pilot, no one can convince me that a "pilot" sitting in an office chair at an Air Force Base will have the same concern for conflicting traffic as the pilot risking his own butt in flight.
From a technical standpoint all of this is just bugs to be worked out... Our society and leaders must more importantly ask ourselves not "Could we?" but "Should we?" The U.S. has already placed itself on a very slippery slope in international relations by flying combat missions inside of other countries (yes even an unmanned but armed drone with intent to hunt/kill terrorists is involved in a combat mission) without prior permission. To allow such drones in-country may have severe ramifications for constitutional liberties and for ensuring proper processes are followed that at least maintain a semblance of justice. In many large metropolitan police departments "SWAT" teams are routinely used to "deliver subpoenas" by bashing down doors screaming in the confusion "Warrant!" and shooting anything that doesn't submit. Although the media has been relatively gentle with such news and innumerable "wrong doors" have been destroyed, and several "neighbors" have been shot dead in such erroneous actions, there remains a scary similarity with what the British were doing around 1800 to the American citizenry. What restrictions are placed upon these drones, and how those restrictions are enforced, will determine their place in history.
There are rules that cover the use of radio controlled hobby aircraft. These rules have delivered acceptable safety for all. These rules should be a good baseline for drones. Some RC aircraft can be several feet long and weigh many pounds.
If the drone technology is perfected would we see one day individual drones to be available for purchase? Wealthy individuals will be buying them for fun, tourist explorations, spying on neighbors etc. The sky will become as full as highways today! Kris
A good way to explore further would be to employ these drones for border surveillance, coast monitoring, wildlife park inspection etc before deploying them in urbane environment. Irrespective of when, a clear agreement on standards which govern the development of these drones needs realization soon. The very core of aviation- Air Traffic Management, also needs to be analyzed to see how they should evolve to cope up with a multitude of platforms in the sky many of which could be these unmanned drones.
In military, with UCAVs/other Unmanned flying platforms under development and an acceptance of the plausibility of them replacing manned platforms, the push for acceptance of drones is likely to pick up as technology gets proven in the battlefield subject to customization to urbane environment.
A recent TV show -- one of those fictional law dramas -- had an episode in which the main character shot down a police drone that was hovering over her backyard.
If drone use does become widespread over U.S. airspace, you can bet there are people who will try to use them for skeet practice!
After seeing this I have zero confidence in drones and even less in our governments concern for public safety, no that's an oxy moron huh, PUBLIC SAFETY.
The use of drones could be a hazard to the general publics safety.
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.