From a talk given by Professor Nancy Leveson, Dept of Computer
Science and Engineering, University of Washington, on Software
Safety & Reliability (IEEE & ACM Sponsored 4/20/94):
* An F16 pilot was sitting on the runway doing the pre-flight
and wondered if the computer would let him raise the landing
gear while on the ground - it did...
* When initially developing the sidewinder missile pylon mounting there were a few problems. The software would release the latch and fire the missile - initially however the latch was closed shortly thereafter not allowing enough time for the missile to leave the wing. Imagine the pilots dismay when there was a bunch of extra thrust attached to one of the wings!
* The F16 has a sophisticated software system that performs load balancing to optimize flight performance. This includes dropping empty fuel tanks in such a way as to balance the plane. A minor prerequisite to dropping the tanks was overlooked in the software - it's usually a good idea to be upright when releasing the tanks. Imagine flying upside down and having empty fuel tanks come flying off...
* A manufacturer of torpedoes for the Navy wanted to make a 'safe' torpedo. Their initial solution was to cause the torpedo to self-destruct if it made a 180 degree change in course. On the test run for this new 'safe' torpedo the captain fired the torpedoe and nothing happened. So the captain ordered the sub back to base, executing a 180 degree turn...