Infact, the right question must be "Do we really need to hope anything?".
Because, even if we could write a perfect firmware that has zero bugs and failures that results in a perfect car, it ceases to be perfect until some other driver lost control of his vehicle and hits us. If so, the best answer, according to me, is to not hope perfection. The only thing we could do is to try writing better firmware that would result in better systems than that was previously.
It is possible to reduce errors to effectively zero, but it is very hard. Complex will always be less reliable than simple, unless that complexity is focused on reliability (for example, overlapped and crosschecked operation of independent systems). The system (hardware and software) has to be independently verified, since developers have blind spots around their own work. The real issue is that it can't be rushed. Making reliability trump schedule would avoid many problems of this type, but especially recently that is a hard case for engineers to make to management.
1. Complex software always has bugs, even latent ones that might rarely if ever show up.
2. No matter how imaginative the team is, they will never be able to think of all those bugs. Some bugs and their consequences will simply never occur to the team members.
3. Safety critical systems should follow standards, but even if they do, random events can still activate latent software bugs and take out the fail safe systems designed to protect against those latent bugs.
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by