Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures

Old 22nd Jul 2019, 08:49
  #1461 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 10,466
Originally Posted by Icarus2001 View Post
What are you smoking?
A charitable explanation would be that there are two people posting under that user name, one of whom usually makes a certain amount of sense ...
DaveReidUK is offline  
Old 22nd Jul 2019, 10:46
  #1462 (permalink)  
 
Join Date: Mar 2015
Location: antipodies
Posts: 53
Originally Posted by Icarus2001 View Post
What are you smoking?
i believe the 737 is running 286's
phylosocopter is offline  
Old 22nd Jul 2019, 12:30
  #1463 (permalink)  
 
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,272
Originally Posted by phylosocopter View Post
i believe the 737 is running 286's
Thank the mathematicians that demand a formal proof of the FMC chip and operating systems 'for safety'. Creating formal proofs for multicore multiprocessing systems is not feasible, in consequence most people's smart phones have significantly more processing power than modern FMCs. The same mathematical proof approach was suggested for air traffic systems, but they were already beyond the capability threshold of such mathematical games before the suggestion was made. (The original NAS host, designed in the late 1960's was effectively a multicore system with a team of 6 - IBM 360's for flight data processing and another team of 6 IBM 360's for 'radar data processing' )
Ian W is offline  
Old 22nd Jul 2019, 13:52
  #1464 (permalink)  
 
Join Date: May 2008
Location: Paris
Age: 55
Posts: 94
Originally Posted by OldnGrounded View Post
Yup. Just the ones we've heard about or heard hints about are sufficient to suggest that having had to go back to, effectively, main() (or Ada equivalent, or whatever) and the nonlocal inclusions has turned up a bunch of stuff that no one has really examined carefully for too long.



Everyone working on the problem must be terrified, every hour of every day.



I'm sure you know, but for the sake of those who may not, the Intel 80486 was introduced in 1989.
There is sometimes something to be said for legacy systems. They have probably gone through very extensive development/test/release cycles, with extensive use refining the code even further. So long as the operating system layer, along with associated substems, layered products and hardware are supported I see no problem. It happen s more than you know.

I know, to take one example, of an automated train line which runs using VMS. Not OpenVMS. VMS. Proper old school.
​​
Nialler is offline  
Old 22nd Jul 2019, 16:20
  #1465 (permalink)  
 
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,272
Originally Posted by Nialler View Post
There is sometimes something to be said for legacy systems. They have probably gone through very extensive development/test/release cycles, with extensive use refining the code even further. So long as the operating system layer, along with associated substems, layered products and hardware are supported I see no problem. It happen s more than you know.

I know, to take one example, of an automated train line which runs using VMS. Not OpenVMS. VMS. Proper old school.
​​
This is true, But that doesn't excuse avoiding regression testing. The new use might just have some operational assumptions such as parameters that the designer of the legacy system believed 'would never be exceeded' - and all the people who knew of those parameters and the operational assumptions that drove them are long retired.
Ian W is offline  
Old 22nd Jul 2019, 16:35
  #1466 (permalink)  
 
Join Date: Oct 2002
Location: London UK
Posts: 6,190
Safety begins at the top, and the top at both Boeing and the F.A.A. has let us down. Boeing’s board must find out who has enabled and encouraged this corporate culture, and hold those leaders accountable, beginning with the chief executive, Dennis Muilenburg.
Muilenburg is a real disappointment in all this. He seriously appears to think that the only thing that matters is the share price, for he seems to have all the time for extensive meetings and presentations with Wall Street analysts, but not to have any for general public information, apart from the PR team being told to write waffly platitudes. All the stuff that gets out about when the aircraft may resume service (which then turns out to be wrong) comes from the airlines, not from Boeing, the actual owner of the suspended type certificate. Can Boeing really not have the engineering staff who have already put together a comprehensive plan for how to address and fix this which is fully compliant with the key worldwide agencies.
WHBM is offline  
Old 22nd Jul 2019, 16:48
  #1467 (permalink)  
 
Join Date: Jul 2002
Location: Ireland
Posts: 485
Originally Posted by WHBM View Post
Muilenburg is a real disappointment in all this. He seriously appears to think that the only thing that matters is the share price,
To be fair, that is what he is being paid for.
Speed of Sound is offline  
Old 22nd Jul 2019, 17:17
  #1468 (permalink)  
Thread Starter
 
Join Date: Apr 2015
Location: Under the radar, over the rainbow
Posts: 123
Originally Posted by Ian W View Post
This is true, But that doesn't excuse avoiding regression testing. The new use might just have some operational assumptions such as parameters that the designer of the legacy system believed 'would never be exceeded' - and all the people who knew of those parameters and the operational assumptions that drove them are long retired.
Yes. That's a perfect example of a circumstance in which software (or hardware) that may have been more than adequate for long periods of time and in various use cases must be reexamined and retested when a new use case arises. Or else.

OldnGrounded is offline  
Old 22nd Jul 2019, 17:19
  #1469 (permalink)  
 
Join Date: Apr 2007
Location: moraira,spain
Age: 77
Posts: 303
286, where would you purchase those nowadays ?
esa-aardvark is offline  
Old 22nd Jul 2019, 17:22
  #1470 (permalink)  
 
Join Date: Jul 2013
Location: Norway
Age: 52
Posts: 112
Originally Posted by OldnGrounded View Post
Yes. That's a perfect example of a circumstance in which software (or hardware) that may have been more than adequate for long periods of time and in various use cases must be reexamined and retested when a new use case arises. Or else.
The first Ariane 5 launch failure in the 90's would be a prime example for just such a software error.
SteinarN is offline  
Old 22nd Jul 2019, 17:44
  #1471 (permalink)  
 
Join Date: May 2010
Location: Boston
Age: 68
Posts: 401
Originally Posted by SteinarN View Post
The first Ariane 5 launch failure in the 90's would be a prime example for just such a software error.
The report is very interesting reading, ARIANE 5 Failure - Full Report the 3.1 findings summarizes a series of assumptions that led to the failure.
One lesson is undcocummneted ( or at least not formally captured/controlled) decisions are very likely to be buried over time and are impossible to verify against new requirements.

One other takeaway is that 'best effort' fail soft would have saved the mission, rather than setting a diagnostic code on output had the irs units set a "suspect" flag instead and continued to provide data the main guidance system would have been fine. (The overflow error was in an alignment routine that did not affect the main functions.)
Parallel to 737 MAX would be to display an error band on airspeed on disagree if raw data was consistent, indicating a failure in the corrections not the pitots.

Last edited by MurphyWasRight; 22nd Jul 2019 at 17:49. Reason: isr > irs (inertial reference systems)
MurphyWasRight is offline  
Old 22nd Jul 2019, 17:46
  #1472 (permalink)  
 
Join Date: Jan 2007
Location: Outside the 12 mile limit
Posts: 55
Originally Posted by esa-aardvark View Post
286, where would you purchase those nowadays ?
https://www.ebay.co.uk/itm/A80286-6-INTEL-CPU-16-BIT-MICROPROCESSOR-NEW-68-GOLD-PIN-6-MHZ/311936644130?epid=2175682231&hash=item48a0df7422:g0cAAOSwv 2FZjXEf
radiosutch is offline  
Old 22nd Jul 2019, 17:59
  #1473 (permalink)  
 
Join Date: May 2010
Location: Boston
Age: 68
Posts: 401
Originally Posted by esa-aardvark
286, where would you purchase those nowadays ?
Now you've done it, the price will jump due to Prune interest and Boeing will take a further earnings hit

There are vendors that specialize in supporting old ICs, they sometimes even buy the mask sets from the original vendor.
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
MurphyWasRight is offline  
Old 22nd Jul 2019, 18:14
  #1474 (permalink)  
 
Join Date: May 2008
Location: denmark
Posts: 41
Originally Posted by esa-aardvark View Post
286, where would you purchase those nowadays ?
https://www.rocelec.com/part/INTINTN80286-12
It is still possible to get some of the old CPU’s if they have been used in high numbers in embedded systems. (Some companies specializes in production of old semiconductor designs )
It is very painful to maintain old embedded software.
I have 10 years back made an update on a 80186 embedded system.
Programmed in Modula2, with a DOS based compiler from 1988.
Not everything is working inside a Virtual Machine, even RS232 timing is broken.

Last edited by HighWind; 22nd Jul 2019 at 18:17. Reason: Inccorect year
HighWind is offline  
Old 22nd Jul 2019, 21:16
  #1475 (permalink)  
 
Join Date: Jun 2008
Location: Cambridge UK
Posts: 114
Originally Posted by MurphyWasRight View Post
Parallel to 737 MAX would be to display an error band on airspeed on disagree if raw data was consistent, indicating a failure in the corrections not the pitots.
An excellent start to addressing this "we will polish the raw data to improve your piloting experience" ... "oh dear we cannot fully polish, panic mode, warnings on, autopilot off, over to you" snafu.

As SLF can I ask how important these data corrections are, and why?
I can see it's a real problem if they are handling/safety issues; lose any probe from an increasing list and you're compromised.
But if it's "just" a commercial matter such as incremental fuel efficiency, losing it for the rest of the flight (after a rare probe failure) should be a non-event, especially for the pilots.
Peter H is offline  
Old 22nd Jul 2019, 22:48
  #1476 (permalink)  
 
Join Date: Aug 2015
Location: UK
Posts: 15
I don't think commercial grade '286s would have been considered for use in avionics back in the '80s, they would probably have been the full Mil Spec (MIL-STD-883C compliant) versions subjected to burn in and extended inspection and testing compared with commercial parts. No idea what would be used in current production, but the industry has generally been forced to become much more reliant on COTS (commercial off the shelf) parts.
david340r is offline  
Old 22nd Jul 2019, 23:09
  #1477 (permalink)  
 
Join Date: Jul 2013
Location: Everett, WA
Age: 64
Posts: 2,318
Originally Posted by MurphyWasRight View Post
There are vendors that specialize in supporting old ICs, they sometimes even buy the mask sets from the original vendor.
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
This is more common than you may think - there are a lot of aircraft out there that were certified in the 1980s and early 1990s - some still in production - e.g. the 767 and 777 - and they need spares. Further, the PW4000/94" (EEC131) and CF6-80C2 (FADEC 1 on the 767) are still in production and they need parts. It's very, very expensive to certify new, from the ground up hardware for flight critical systems. So there is a lot of effort expended to keep those systems running with the various parts obsolescence issues. While certifying new 'simple' parts such as resistors is usually straight forward, any changes to logic devices - processors, FPGAs, etc. - for flight critical systems is a big deal. I certified a number of parts obsolescence changes to various FADEC boxes over the years. As Murphy notes, while the OEMs usually are not interested, other 'boutique' vendors have picked up the task of keeping those older model CPUs available - usually using modern manufacturing techniques. But things can easily go wrong - something simple like a die shrink can affect the timing margins (faster is not always better). I wasn't involved, but I recall a FPGA change to the Trent 800 FADEC maybe 20 years ago - they made it much faster, which had unexpected effects and caused the FADEC to sometimes hang up or crash. I think they were able to find enough of the old parts that they didn't effect delivers before they got it straightened out, but it was close.

No direct knowledge, but I think part of what they are struggling with on the MAX is that the system where MCAS is resident was never designed to be flight critical - I'm guessing it was Design Assurance Level (DAL C) - now since it's understood MCAS is flight critical, they're having to re-certify it as DAL A. That's a big, time consuming deal, and they are finding some unexpected items that have been there all along (without causing problems) but need to be corrected to make it DAL A.
tdracer is online now  
Old 23rd Jul 2019, 00:02
  #1478 (permalink)  
 
Join Date: Feb 2019
Location: shiny side up
Posts: 382
ummm, same place they get the 486 processors for the FMS...

the 737-700's that we upgraded for SW are 486 processor based,
Smythe is offline  
Old 23rd Jul 2019, 00:20
  #1479 (permalink)  
Psychophysiological entity
 
Join Date: Jun 2001
Location: Tweet Rob_Benham Famous author. Well, slightly famous.
Age: 79
Posts: 4,666
Just noticed this:-

Just imagine showing Ada a few pictures of the future - on your mobile phone.


https://www.quora.com/What-computer-...CAS-written-in

Loose rivets is offline  
Old 23rd Jul 2019, 06:25
  #1480 (permalink)  
 
Join Date: Dec 2006
Location: Whanganui, NZ
Posts: 102
Originally Posted by WHBM View Post
Can Boeing really not have the engineering staff who have already put together a comprehensive plan for how to address and fix this which is fully compliant with the key worldwide agencies.
Back in February, say, Boeing probably did have engineering staff who had already put together a comprehensive plan with milestones and target dates - all the usual project management Good Stuff.
And then the wheels fell off.
They suddenly had a bunch of fairly major brand new known unknowns, and as somebody said above, are probably all terrified about the unknown unknowns they suspect are lurking in the system, just waiting to leap out and bite them fair in the arse.
Unhappy days at Renton
kiwi grey is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.