PPRuNe Forums - View Single Post - AF 447 Search to resume
Thread: AF 447 Search to resume
View Single Post
Old 9th Jul 2010, 15:25
  #1722 (permalink)  
Diversification
 
Join Date: Mar 2010
Location: Sweden
Age: 87
Posts: 67
Likes: 0
Received 0 Likes on 0 Posts
Software bugs
kilomikedelta, mountainwest, mosteo and Peter-1959

Even the best designed, coded, and verified program can contain undiscovered bugs only showing up on very special occations - usually unforseen combinations of events and their timing. I am retired, but have 50 yr+ experience with real-time op:s and programs.
One bug(s) in an ADIRU code is documented:

Cited from ATSB final report on the 9M-MRG upset.
The ADIRU OPS versions up to and including version -07 contained a latent software error in the algorithm to manage the sensor set used for computing flight control outputs which, after the unit went through a power cycle, did not recognise
that accelerometer number-5 was unserviceable. The status of the failed unit was recorded in the on-board maintenance computer memory, but that memory was not checked by the ADIRU software during the start-up initialisation sequence. The software error had not been detected during the original certification of the ADIRU and was present in all versions of the software. The effect of the error was suppressed by other software functions in OPS version -03. When the OPS version - 04 was released in December 1998, the software functions that suppressed the error were further revised to improve shop repair capability, re-exposing the undiscovered latent problem.
The variations to OPS version -04 and subsequent versions included changes to the Fault Detection and Isolation (FDI) software which monitored the serviceability of various ADIRU components. The changes allowed the FDI software to detect any
transient unserviceability of hardware and reinstate it if no further unserviceability was detected. The FDI software allowed the erroneous output values from accelerometer number-5 that had failed in 2001, to be used by the primary flight computer and other aircraft systems when accelerometer number-6 failed, just prior to the in-flight upset.
The effect of the software error was partially offset by the inclusion of mid-value select (MVS) within the primary flight computer. The MVS function was included in the primary flight computer to moderate the effect of anomalous outputs from the
ADIRU. Analysis and testing during initial development indicated that these theorized outputs could not occur, and the MVS function was deemed no longer necessary. However, a decision was made by the aircraft manufacturer to retain the MVS function in the PFC.
Diversification is offline