Originally Posted by
kilomikedelta
Yellow Pen; I'm not in the aviation software business so I'm not familiar with the details of any particular aircraft system. I have some experience in software writing and crisis management. I'm just asking why the software would accept the THS being at its limit for so long.
KMD - I suggest you read through the previous thread on the subject, where a lot of people with experience of how real-time software works patiently explained what the software does and does not do.
The software is designed to give the pilot exactly what he or she asks for, except in certain circumstances where a dangerous situation is developing (extreme nose-up command without attendant power increase, or an incipient spiral dive). It does this by monitoring several parameters at once, and requires that those parameters be valid and the protections enabled in order to do so.
At no point will the computer override a pilot's command completely, it will simply mitigate the response of the flight surfaces to carry out what the pilot is asking of it as safely as possible. In the case of an incipient stall due to full stick-back, it will increase thrust to maximum power. In the case of an incipient spiral dive it will limit the angle of bank to an absolute maximum of 67 degrees.
The initial situation we have here is the flight protections falling back to Alternate Law in response to the loss of speed data. This removes some protections and at this point it becomes easier for a pilot to inadvertently put the aircraft into a dangeous attitude. The PF is appearing to command vigorous nose-up by pulling back on the stick in response to these indications, but because of the degraded control laws and lack of speed data, the computer is unable to determine whether such a command is in fact endangering the aircraft. The design pattern suggests that at this point the computer is not best-placed to determine whether the demand is unreasonable or not, and the control logic simply follows the pilot's commands without intervening.
Based on the information we have so far (which is admitedly sparse), it appears that the system behaved exactly as it was designed, and the crew was faced with an unenviable situation - unreliable instrument readings at cruise altitude in unfavourable weather in the middle of the night. Even with everything working I'm pretty sure that many pilots have many places they'd rather be.