PPRuNe Forums - View Single Post - MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures Mk II
Old 26th Dec 2019, 19:36
  #271 (permalink)  
HighWind
 
Join Date: May 2008
Location: denmark
Posts: 8
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by GlobalNav
With two FCC involved, (not exactly sure why), additional failure modes may be detected and again, the function disabled. .
This allow the system to detect if one of the two FCC's calculate a different value, due to a bit flip. This can then disable MCAS for the remainder of the flight, but it is not possible to detect the faulty FCC, and restart it. This is not a good design, since the two CPU's are loose coupled, there is limit on how much information they can check (bandwith), and there is a risk that they get out of sync. and fails safe (No MCAS, and maybe no autopilot?).
It would be better if each FCC had two CPU's (in the same enclosure) doing the same job (COM and MON), this make the FCC fail-silent i.e. the fault does not propagate to the other side.
It would also be good if in case of a faulted FCC, the remaining FCC has access to air-data sensors in the other side.
HighWind is offline