Ian W

You have obviously not worked developing safety critical software.

The software in the ADIRU is not developed as if it were a video game or a university project: it is developed in line with RTCA DO-178 and ARINC 653. These are very strict standards with a lot of testing. However, despite all the testing some faults may/will be found and in most cases the system is designed that a fault in one module will be contained as part of a Failure Mode Effects Analysis. It would appear that a fault was successfully contained and then unmasked when another module was updated.

Now at that stage with safety critical software the FAA and Honeywell reverted back to the previous version - which had worked without a problem using an AD. Honeywell would then have had a 'MUST FIX' top emergency software fix to carry out. In many organizations that means NO new software version can be delivered unless that fault is fixed.

Your attitude that they would have left it on the old version as that was 'good enough' is just not the way the industry works.

I would expect that the fault was fixed within days and then after recertification testing with the FAA and Boeing, Honeywell would have delivered a new ADIRU software build with all known bugs including this one fixed. The longest part of that effort will have been testing, and the particular issue that caused the ADIRU to fail would be included in the new acceptance test suite. Almost certainly there would also have been some effort to defend against ADIRU faults in the FMC software as part of the FMEA work.

High availability safety critical software development demands getting things right, designing systems to be resilient to subsystem faults, and rapid resolution of any faults found.