Originally Posted by
em3ry
The topic is about running a simulation on the fly in order to see what is about to happen.
Unfortunately, that is not how simulations work.
All simulations can do is simulate the possibilities that the simulation script writer thinks may happen. Types of simulation vary so some are relatively deterministic, some are stochastic but the possibilities of what may happen have already been thought of by the simulation designer. This is the same as the basic FMC issue, the software analyst/designer has to think of all possible cases then decide which to give to the crew and any unexpected cases (the otherwise cases) are automatically given to the crew.
A simulation can only play the probability game with things that are already expected so by definition it cannot simulate the unexpected. That is why the pilots are still in the cockpit.
At system design time all the variables that are possible all the boundary cases and all the time related issues are all simulated as a means of verifying and validating the system. The results of those tests using simulation run inputs are then used to correct any shortcomings in the systems being tested. But it is not possible to think of every potential eventuality and every possible mix of unrelated circumstances there are simply far too many variables. That is at _testing_ phase before the system is even in final development.
There is no way that the airborne systems can run simulations varying every possible input and initialization state in real time. Not only that but by definition this is being done to deal with the unexpected unknown - if it is unexpected and unknown it is not going to be part of the simulation. The other problem is that the FMCs because of a rather old fashioned view of computer safety are required to be mathematically proven as correct. So chips, microcode, firmware, software all has to be mathematically modeled and proven correct using maths. This is a somewhat 1980's concept but still limits the hardware that can be used by FMCs to the extent that current generation multi-core chips with predictive fetch and preemption cannot be used as there is no mathematical proof that can cope with infinite levels of preemption in the chip operation. In consequence there is more power in some watches than there is in advanced FMCs. In my view this is not the correct way to go in the same way that the OSI/ISO communications model is no longer seen as the way to go for reliable and safe communications. Nevertheless, the current FMCs are beasts of very little brain and very constrained in what they are allowed to do.
So in summary. Simulation can only simulate what is expected, if it is expected it is not a problem. FMCs do not have the grunt or the safety clearance do do anything other than a very constrained set of processing due to certification rules and limitations that are around 40 years old. (I am sure someone here will correct me
)
Google and others have a real advantage with driverless cars as they do not (yet) have the dead weight of bureaucratic certification rules rooted in the past. Even there, they are unlikely to be running simulations of what might happen.