PPRuNe Forums - View Single Post - AF 447 Thread no. 4
Thread: AF 447 Thread no. 4
View Single Post
Old 24th Jun 2011, 19:41
  #354 (permalink)  
Svarin
 
Join Date: Jun 2009
Location: Earth
Posts: 79
Likes: 0
Received 0 Likes on 0 Posts
PJ2,

I would like to continue challenging your theory as a way of proving-disproving through "finding out".
Thank you for this discussion opportunity. Such is what I am looking for.

The failures that I am putting forward are very simple :
- the probes failure, triggering the monitoring process
- the "wiring" failure, which deprives PRIM2 of critical information (ADR1) at a critical moment (inside the monitoring process itself)

The "programming error" I posit would only be an oversight in a newer version software that fails to consider compatibility with a previous version of software on another type of computer (i.e. ADR x FCPC, different manufacturers) only in the very specific instance of the monitoring process that is triggered inside the PRIMs by the probes failure. This would entail misunderstanding between ADR1 and PRIM2 at this very moment. This explains the sheer coincidence.

edit : But whatever its cause, the wiring fault did happen and it is a loss of connectivity. The wiring fault is not a hypothesis but a fact. The timing of this fault compared to that of the probe fault begs for a sub-theory that explains the coincidence.

The design "backdoor" is the possibility for PRIMs to revoke Alternate 2 law and return into Normal after 10 seconds if ADR values appear more or less consistent. This "backdoor" was likely breached when PRIM2 lost ADR1, thus fooling its overview of the UAS condition.

This possibility overall could not be foreseen. There is no way a design would be prepared against this.

Sorting out :

I asked that question with regard to the priority logic among PRIMs.

PRIM1 is Master and Alt2. It does not go to Alt2 because it fails to compute Normal, it goes to Alt2 because it is the right thing to do in an UAS context which it correctly identified. It is rightfully Master PRIM because Alt2 is the correct law to use because of UAS.

PRIM2 is not Master, but in Normal. Its "wiring" failure fooled it into believing itself out of the UAS context. However, Normal is the preferred law, which would make PRIM2 entitled to challenge mastery of PRIM1 according to the priority logic. It views itself as the one which can compute Normal, while the others cannot.

The priority logic looks to me very much strained here. This is what I would like to see sorted out.

Unless this very curious mastery dilemma is clearly broken, flight controls look very much compromised to me.

High Speed Protection is only the simplest way of seeing how a rogue PRIM would interfere. I would think the real events were infinitely more complex, but as A33Zab wrote, this requires knowledge of PRIMs inner workings.
Last edited by Svarin; 24th Jun 2011 at 20:08. Reason: added italics text for wiring fault
Svarin is offline