General > General Technical Chat
Another deadly 737 Max control bug just found!
<< < (6/37) > >>
Gyro:

--- Quote from: Kleinstein on June 27, 2019, 04:03:32 pm ---Still odd that the problem was found in the more official tests and not with Boing internal ones.  Though it might even be a good idea to no have internal tests - so the programmers have to make sure the program works without actually testing it without the public noticing failures. However I don't think Boing is going this far, especially not if in a hurry.

--- End quote ---

Could be a case of Boing technical folks still in the mindset of business as usual with the FAA, while the FAA suddenly feel the need to look really good at their job.

Their next design is really going to be under the microscope, regardless.
David Hess:

--- Quote from: EEVblog on June 27, 2019, 11:38:21 am ---A (hardware) watchdog timer usually has to restart the whole system, and I'd imagine that's not a trivial thing in a plane (that likely takes a lot of time). So you likely have to rely on the RTOS to handle that sort of stuff.
IIRC the Apollo computer would effectively cold reset every few milliseconds due to those overload errors, and it still managed to land them on the moon.
--- End quote ---

I have written programs like that for real time systems.  What has to happen is retention of state between resets such that the system can continue executing tasks and bypass the task which caused the problem if necessary.
David Hess:

--- Quote from: Sal Ammoniac on June 27, 2019, 03:58:14 pm ---Watchdogs aren't always effective in resetting hung systems if not used correctly. I saw one product in which the watchdog was kicked in a timer interrupt. The rest of the firmware could hang up tight and as long as that timer interrupt still fired the watchdog would be happy and not reset the system.
--- End quote ---

I have seen that multiple times now.

Another one I remember was discovered by UL when testing a garage door opener.  The Zilog Z8 microcontroller had an unnoticed design flaw where the watchdog timer ran off of the crystal clock so if the crystal failed, the processor stopped but so did the watchdog timer which would otherwise have issued a reset which would have set the output ports to a known and safe state. (1)

The UL test included crushing the crystal with pliers while the door was closing.  My guess is that they had seen this safety issue before in designs which did not include a watchdog timer.

(1) There are other ways to handle this like AC coupling the output control signals so if the processor stops, the controls return to a safe state.
raptor1956:
Finding things in testing is why you test, but the fact it was not a Boeing pilot is a bit troubling. 

In a potentially related story three managers at the FAA that are responsible for monitoring Southwest Airways were reassigned as subordinates complained that they were punished for finding problems at Southwest. 

https://www.reuters.com/article/us-faa-southwest-safety/faa-reassigns-three-in-office-overseeing-southwest-airlines-source-idUSKCN1TR011

There is a mindset in certain political circles that regulation is bad and that regulations should be rolled back or eliminated to the greatest extent possible -- decades of this mindset and the consequent reduction or elimination of regulations are now rearing there head.  That Boeing was able to 'self certify' due to these weakened regulations is certainly a factor in the deaths of 346 people.  So, to Boeing and other companies looking to reduce or eliminate regulations I would like to say ... be careful what you ask for because you might get it and then live or die with the consequences. 


Brian
MrMobodies:

--- Quote ---"During the FAA’s review of the 737 Max software update and recent simulator sessions, the Federal Aviation Administration identified an additional requirement that it has asked the company to address through the software changes that the company has been developing for the past eight months.

Boeing agrees with the FAA's decision and request, and is working on the required software. Addressing this condition will reduce pilot workload by accounting for a potential source of uncommanded stabilizer motion.
--- End quote ---

In light of the problems and they want to reduce pilot workload.

I thought there were at least two pilots in there but is that that the issues with stabilizer motion was causing them a lot of problems.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod