Computers in Aircraft
safety-critical systems
Just to expand on Mark1234 and others ...
I'm not sure of the computer / software fit in aircraft but I imagine it may somewhat similar to military requirements for safety-critical systems i.e. they aim to use processor chips with known capabilities / problems; and software with known capabilities / problems. This was one of the reasons Intel 386 chips (first delivered in 1986) were still being used extensively in the aerospace industry until the end of 2007 (Intel 80386 - Wikipedia, the free encyclopedia). Probably moved on to 486's by now !!
A chip might have 100 or more commands in it's instruction set, but only a “proven” (and well tested) sub-set are used in safety-critical systems. This substantially reduces the chance of errors being induced by the chip. There are still the “human” induced errors from software design and programming that need to be addressed.
With the (I'm guessing here) many thousands of permutations of control surface positions, combined with varying altitudes, speeds, headings, winds-aloft, navigation instrument inputs etc, etc , etc, it would be very difficult (and costly) to design and test a system that could handle every single permutation. So some serious risk versus cost calculations will be applied to hopefully cover the more important combinations.
And defining “more important” will always be an interesting discussion …
“Affordable safety” is a term that comes to mind here – if it is considered the travelling public might not be prepared to pay the (probably) high cost of being perfectly safe.
layman
(edited to correct human error)
I'm not sure of the computer / software fit in aircraft but I imagine it may somewhat similar to military requirements for safety-critical systems i.e. they aim to use processor chips with known capabilities / problems; and software with known capabilities / problems. This was one of the reasons Intel 386 chips (first delivered in 1986) were still being used extensively in the aerospace industry until the end of 2007 (Intel 80386 - Wikipedia, the free encyclopedia). Probably moved on to 486's by now !!
A chip might have 100 or more commands in it's instruction set, but only a “proven” (and well tested) sub-set are used in safety-critical systems. This substantially reduces the chance of errors being induced by the chip. There are still the “human” induced errors from software design and programming that need to be addressed.
With the (I'm guessing here) many thousands of permutations of control surface positions, combined with varying altitudes, speeds, headings, winds-aloft, navigation instrument inputs etc, etc , etc, it would be very difficult (and costly) to design and test a system that could handle every single permutation. So some serious risk versus cost calculations will be applied to hopefully cover the more important combinations.
And defining “more important” will always be an interesting discussion …
“Affordable safety” is a term that comes to mind here – if it is considered the travelling public might not be prepared to pay the (probably) high cost of being perfectly safe.
layman
(edited to correct human error)
Join Date: May 2007
Location: nt
Age: 43
Posts: 44
Likes: 0
Received 0 Likes
on
0 Posts
When it was time to prepare the Aircraft for departure, we fired up the APU and dozens and dozens of fault messages came up, most of which we had never even seen before. 
We completely depowered the Aircraft, waited a few minutes, then powered it all up again (as you would do with a computer) and NO problems.
Seems to happen more than once a fortnight some times. Last one took about 3 hours to get booted back up
We completely depowered the Aircraft, waited a few minutes, then powered it all up again (as you would do with a computer) and NO problems.
Seems to happen more than once a fortnight some times. Last one took about 3 hours to get booted back up
Guess what happened the first time an F18 tried to fire a Sidewinder at Woomera many, many years ago?
Yep, no one had ever tried that in the Southern Hemisphere had they?
- division by zero.
Same thing happened when the first Raptor Squadron were flying to Japan and crossed the International dateline.
Yep, no one had ever tried that in the Southern Hemisphere had they?
- division by zero.
Same thing happened when the first Raptor Squadron were flying to Japan and crossed the International dateline.
Thread Starter
Join Date: Feb 2002
Location: middleofthehighway
Posts: 426
Likes: 0
Received 0 Likes
on
0 Posts
Ok, ...
Remove the ability to fail from the silicon brain, remove the posibility of human error into this.
Are we all still comfortable with a computer making the decisions for the safety of the aircraft?
Another example:
Airbus goes quiet, needs to go down and ditch, say you want to stall it in the flare to reduce foward movement. You pull back on the stick and the "computer says no" and pushed nose down to avoid the stall and spears nose first into the water. (computer logically was thinking it wanted to avoid the aircraft in an unsafe attitude at low altitude)
I fear computers and software are programmed to protect themselves and the aircraft first, without the benefit of true spatial awareness.
Dog
Remove the ability to fail from the silicon brain, remove the posibility of human error into this.
Are we all still comfortable with a computer making the decisions for the safety of the aircraft?
Another example:
Airbus goes quiet, needs to go down and ditch, say you want to stall it in the flare to reduce foward movement. You pull back on the stick and the "computer says no" and pushed nose down to avoid the stall and spears nose first into the water. (computer logically was thinking it wanted to avoid the aircraft in an unsafe attitude at low altitude)
I fear computers and software are programmed to protect themselves and the aircraft first, without the benefit of true spatial awareness.
Dog
Dogimed
You obviously have no idea of the Airbus flight control laws because this is not how they will work under the low speed protection laws.
Airbus goes quiet, needs to go down and ditch, say you want to stall it in the flare to reduce foward movement. You pull back on the stick and the "computer says no" and pushed nose down to avoid the stall and spears nose first into the water. (computer logically was thinking it wanted to avoid the aircraft in an unsafe attitude at low altitude)
Thread Starter
Join Date: Feb 2002
Location: middleofthehighway
Posts: 426
Likes: 0
Received 0 Likes
on
0 Posts
404 Titan
Dammit you got me...
I have absolutely no idea how it works.(Edit: but after reading further )
(but does the pilot or computer made the choice to go to Alternate Law?)
Actually, its not the point. (neither is Airbus the main issue either)
Dog
Dammit you got me...
I have absolutely no idea how it works.(Edit: but after reading further )
A low speed stability function replaces the normal angle-of-attack protection
System introduces a progressive nose down command which attempts to prevent the speed from decaying further.
This command CAN be overridden by sidestick input.
The airplane CAN be stalled in Alternate Law.
An audio stall warning consisting of "crickets" and a "STALL" aural message is activated.
The Alpha Floor function is inoperative.
System introduces a progressive nose down command which attempts to prevent the speed from decaying further.
This command CAN be overridden by sidestick input.
The airplane CAN be stalled in Alternate Law.
An audio stall warning consisting of "crickets" and a "STALL" aural message is activated.
The Alpha Floor function is inoperative.
(but does the pilot or computer made the choice to go to Alternate Law?)
Actually, its not the point. (neither is Airbus the main issue either)
Dog
Join Date: May 2006
Location: Londonish
Posts: 779
Likes: 0
Received 0 Likes
on
0 Posts
Remove the ability to fail from the silicon brain, remove the posibility of human error into this.
Are we all still comfortable with a computer making the decisions for the safety of the aircraft?
Are we all still comfortable with a computer making the decisions for the safety of the aircraft?
Biggest thing I've flown is a warrior, but according to the net, and *all in normal law* the airbus:
operates normally up to some value of AOA where it triggers alpha protection - from there the sidestick commands AOA directly, bank is limited, and spoilers are retracted (cancelled once the AOA reduces). At some higher AOA (alpha floor), the autothrottles go to TO/GA power.
Additionally, the system is linked to the rad alt, which causes it to enter flare mode below a given (100ft?) rad alt; That inhibits alpha floor. It's also in flare mode that the progressive nose down is introduced "to force the pilot to flare" (not sure I get that)
At no point does it pitch the nose down at the floor..
Allegedly the toulouse crash was caused by the show pilot attempting to demo alpha floor, but being so low it went into flare mode and inhibited. By the time they intervened the energy was too low and in it went.
Now consider all those boeings and other non fly-by-wire aircraft that are fitted with a stick pusher.. which is a very dumb, non-computerised device that boots the stick forward ahead of the stall......
The A320 that went into the trees did not crash at Toulouse. The pilot was not demonstrating Alpha Floor but thought that it would look after him during the flypast, not realising that it was not active below 100' rad alt. If he had selected TO/GA at any point up to the impact he would have climbed away.
The reason stick pushers are installed is that the stall indications of a jet are not as obvious or benign as your Warrior. There is such a thing as a deep stall which T tails are more prone to and thats why the stick pusher is there. Far from being dumb, its a requirement to get the thing certified.
The reason stick pushers are installed is that the stall indications of a jet are not as obvious or benign as your Warrior. There is such a thing as a deep stall which T tails are more prone to and thats why the stick pusher is there. Far from being dumb, its a requirement to get the thing certified.
Join Date: May 2006
Location: Londonish
Posts: 779
Likes: 0
Received 0 Likes
on
0 Posts
Lookleft, you misunderstand me; I mean dumb as in 'not situationally aware', not as in that it is dumb they are fitted(!)
I'm also aware of swept wing stall characteristics - like tip stalling and adverse (up) pitch at the stall.. (I'm working on my ATPL theory) - I fully understand *why* you would require a stick pusher, was merely attempting to illustrate to Dogimed that his objection to FBW 'airframe' protection isn't entirely logical
I'll take the correction on 'airbus in trees'.. I did say allegedly!
I'm also aware of swept wing stall characteristics - like tip stalling and adverse (up) pitch at the stall.. (I'm working on my ATPL theory) - I fully understand *why* you would require a stick pusher, was merely attempting to illustrate to Dogimed that his objection to FBW 'airframe' protection isn't entirely logical
I'll take the correction on 'airbus in trees'.. I did say allegedly!
Join Date: May 2007
Location: Sydney
Posts: 394
Likes: 0
Received 0 Likes
on
0 Posts
I found this the other day:
What is chiefly needed is skill rather than machinery.
— Wilbur Wright, 1902.
And:
Man is not as good as a black box for certain specific things. however he is more flexible and reliable. He is easily maintained and can be manufactured by relatively unskilled labour.
— Wing Commander H. P. Ruffell Smith, RAF, 1949
What is chiefly needed is skill rather than machinery.
— Wilbur Wright, 1902.
And:
Man is not as good as a black box for certain specific things. however he is more flexible and reliable. He is easily maintained and can be manufactured by relatively unskilled labour.
— Wing Commander H. P. Ruffell Smith, RAF, 1949
Join Date: Aug 2003
Location: Perth
Posts: 430
Likes: 0
Received 0 Likes
on
0 Posts
Dogimed
Unfortunately, it falls into the category of the quote,
"For every complex problem, there is often a simple solution and unfortunately it's almost always wrong'
No, like it or not, computers WILL rule our lives (some say they largely do already)
What a wonderfully simple and accurate approach to aviating.
"For every complex problem, there is often a simple solution and unfortunately it's almost always wrong'
No, like it or not, computers WILL rule our lives (some say they largely do already)
Join Date: Jul 2008
Location: Remote
Posts: 298
Likes: 0
Received 0 Likes
on
0 Posts
Pilotette
Yes I have and it is a case of the pilot not understanding the aircraft he was flying. The aircraft performed exactly as it was designed. The pilot f*cked up.
And the video quote is misleading too. The A320 isn’t fully automated and at the time of this accident the pilot was hand flying the aircraft, not the auto pilot.
Yes I have and it is a case of the pilot not understanding the aircraft he was flying. The aircraft performed exactly as it was designed. The pilot f*cked up.
And the video quote is misleading too. The A320 isn’t fully automated and at the time of this accident the pilot was hand flying the aircraft, not the auto pilot.
Thread Starter
Join Date: Feb 2002
Location: middleofthehighway
Posts: 426
Likes: 0
Received 0 Likes
on
0 Posts
The aircraft p
erformed exactly as it was designed.
erformed exactly as it was designed.
I doubt the aircraft was designed to fly into trees.
My point is that the computer that we trust with our lives cannot equal the ability of man (or woman) to adjust to the situation if required.
A computer cannot be programmed to understand the pilot hit the wrong button. The same laws designed to protect in this case caused fatalities.
Dogimed
No aircraft is designed to crash. The point here is that the aircraft crashed because the pilot didn’t understand how it worked. It’s just a shame that the investigation was clouded by misinformation and alleged corruption regarding the flight data recorder and cockpit voice recorder. The reality is that he was below 100 ft AGL and below the tree line, at a very low speed with idle power and at a very high AoA. If he was relying on α Floor to kick in at α Prot then he didn’t understand the system.
No aircraft is designed to crash. The point here is that the aircraft crashed because the pilot didn’t understand how it worked. It’s just a shame that the investigation was clouded by misinformation and alleged corruption regarding the flight data recorder and cockpit voice recorder. The reality is that he was below 100 ft AGL and below the tree line, at a very low speed with idle power and at a very high AoA. If he was relying on α Floor to kick in at α Prot then he didn’t understand the system.
Join Date: Aug 2003
Location: Perth
Posts: 430
Likes: 0
Received 0 Likes
on
0 Posts
Dogimed
No aircraft is designed to crash. The point here is that the aircraft crashed because the pilot didn’t understand how it worked. It’s just a shame that the investigation was clouded by misinformation and alleged corruption regarding the flight data recorder and cockpit voice recorder. The reality is that he was below 100 ft AGL and below the tree line, at a very low speed with idle power and at a very high AoA. If he was relying on α Floor to kick in at α Prot then he didn’t understand the system.
No aircraft is designed to crash. The point here is that the aircraft crashed because the pilot didn’t understand how it worked. It’s just a shame that the investigation was clouded by misinformation and alleged corruption regarding the flight data recorder and cockpit voice recorder. The reality is that he was below 100 ft AGL and below the tree line, at a very low speed with idle power and at a very high AoA. If he was relying on α Floor to kick in at α Prot then he didn’t understand the system.
The aircraft was "allowed" to descend below the safe height by innatention and poor oversight of the conditions and locality.
If a C150 got into those conditions it too would probably have come unstuck let alone a hundred and sixty tonne airliner with turbines that need spooling up.
Actually, it's a tribute to the aircraft that the casualty list was so low....but then most of the pax were journos and probably expendable
