PPRuNe Forums - View Single Post - Chinook - Still Hitting Back 3 (Merged)
Thread: Chinook - Still Hitting Back 3 (Merged)
View Single Post
Old 8th Jun 2011, 09:48
  #7778 (permalink)  
Thor Nogson
 
Join Date: Aug 2005
Location: Sussex, UK
Age: 58
Posts: 270
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Airborne Aircrew
ZH875:

I'm sorry but that is a crock, (though I'm guessing that it's not your fault that you don't know that).
I disagree, I think it is a fair summary, except that it was proved to be unsafe. To be honest, I'm not sure what the point you are trying to make is?

Originally Posted by Airborne Aircrew
I have read several times in this thread that the FADEC code is "un-auditable". There are just two reasons why the code could be in such a state:-
Fair enough, but there are a million miles between auditing something and proving it is safe. I think what ZH875 was trying to say is that the code was in such a poor state, it was impossible to reconcile it with the specifications. This seems to be Boscombe Down's position.

Without going into the technicalities, depending on how the system is implemented, it may be impossible to prove that it is safe. It is possible however, to prove that it is unsafe - If the code doesn't match the specification for example.

However, Tuc implies that the MOD/Boscombe Down did not have access to the source code. Is/was that the case? If so then they wouldn't have been able to fully audit it. But I'm unclear how they could have reached their conclusions below in that case...

It's been posted before on this thread, but I couldn't find it so I have posted it again. I'm not sure how much of an audit they did, but Boscombe Down did enough to find it wanting...

The report, written by a senior engineering officer at the MoD Aircraft Testing Centre at Boscombe Down, says: "The hazard analysis of Chinook Mk 2 … identifies the software in the engine FADEC as safety critical and states that 'any malfunctions or design errors could have catastrophic effects'.

"21 category one and 153 category two anomalies have been revealed. One of these …is considered to be positively dangerous.

"The density of deficiencies is so high that the software is unintelligible… Pilots' control of the engine(s) through FADEC cannot be assured."

The report said the in-service use of the Mk2 Chinook "cannot be recommended", and called for the software to be rewritten.
TN
Last edited by Thor Nogson; 8th Jun 2011 at 11:52. Reason: Typo
Thor Nogson is offline