MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,350
Likes: 0
Received 0 Likes
on
0 Posts
Thank the mathematicians that demand a formal proof of the FMC chip and operating systems 'for safety'. Creating formal proofs for multicore multiprocessing systems is not feasible, in consequence most people's smart phones have significantly more processing power than modern FMCs. The same mathematical proof approach was suggested for air traffic systems, but they were already beyond the capability threshold of such mathematical games before the suggestion was made. (The original NAS host, designed in the late 1960's was effectively a multicore system with a team of 6 - IBM 360's for flight data processing and another team of 6 IBM 360's for 'radar data processing' )
Join Date: May 2008
Location: Paris
Age: 60
Posts: 101
Likes: 0
Received 0 Likes
on
0 Posts
Yup. Just the ones we've heard about or heard hints about are sufficient to suggest that having had to go back to, effectively, main() (or Ada equivalent, or whatever) and the nonlocal inclusions has turned up a bunch of stuff that no one has really examined carefully for too long.
Everyone working on the problem must be terrified, every hour of every day.
I'm sure you know, but for the sake of those who may not, the Intel 80486 was introduced in 1989.
Everyone working on the problem must be terrified, every hour of every day.
I'm sure you know, but for the sake of those who may not, the Intel 80486 was introduced in 1989.
I know, to take one example, of an automated train line which runs using VMS. Not OpenVMS. VMS. Proper old school.
Join Date: Dec 2006
Location: Florida and wherever my laptop is
Posts: 1,350
Likes: 0
Received 0 Likes
on
0 Posts
There is sometimes something to be said for legacy systems. They have probably gone through very extensive development/test/release cycles, with extensive use refining the code even further. So long as the operating system layer, along with associated substems, layered products and hardware are supported I see no problem. It happen s more than you know.
I know, to take one example, of an automated train line which runs using VMS. Not OpenVMS. VMS. Proper old school.
I know, to take one example, of an automated train line which runs using VMS. Not OpenVMS. VMS. Proper old school.
Safety begins at the top, and the top at both Boeing and the F.A.A. has let us down. Boeing’s board must find out who has enabled and encouraged this corporate culture, and hold those leaders accountable, beginning with the chief executive, Dennis Muilenburg.
Join Date: Jul 2002
Location: Ireland
Posts: 596
Likes: 0
Received 0 Likes
on
0 Posts
Thread Starter
Join Date: Apr 2015
Location: Under the radar, over the rainbow
Posts: 788
Likes: 0
Received 0 Likes
on
0 Posts
This is true, But that doesn't excuse avoiding regression testing. The new use might just have some operational assumptions such as parameters that the designer of the legacy system believed 'would never be exceeded' - and all the people who knew of those parameters and the operational assumptions that drove them are long retired.
Join Date: Jul 2013
Location: Norway
Age: 57
Posts: 140
Likes: 0
Received 0 Likes
on
0 Posts
The first Ariane 5 launch failure in the 90's would be a prime example for just such a software error.
Join Date: May 2010
Location: Boston
Age: 73
Posts: 443
Likes: 0
Received 0 Likes
on
0 Posts
One lesson is undcocummneted ( or at least not formally captured/controlled) decisions are very likely to be buried over time and are impossible to verify against new requirements.
One other takeaway is that 'best effort' fail soft would have saved the mission, rather than setting a diagnostic code on output had the irs units set a "suspect" flag instead and continued to provide data the main guidance system would have been fine. (The overflow error was in an alignment routine that did not affect the main functions.)
Parallel to 737 MAX would be to display an error band on airspeed on disagree if raw data was consistent, indicating a failure in the corrections not the pitots.
Last edited by MurphyWasRight; 22nd Jul 2019 at 17:49. Reason: isr > irs (inertial reference systems)
Join Date: Jan 2007
Location: Outside the 12 mile limit
Posts: 76
Likes: 0
Received 0 Likes
on
0 Posts
Join Date: May 2010
Location: Boston
Age: 73
Posts: 443
Likes: 0
Received 0 Likes
on
0 Posts
Now you've done it, the price will jump due to Prune interest and Boeing will take a further earnings hit
There are vendors that specialize in supporting old ICs, they sometimes even buy the mask sets from the original vendor.
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
There are vendors that specialize in supporting old ICs, they sometimes even buy the mask sets from the original vendor.
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
Join Date: May 2008
Location: denmark
Posts: 9
Likes: 0
Received 0 Likes
on
0 Posts
https://www.rocelec.com/part/INTINTN80286-12
It is still possible to get some of the old CPU’s if they have been used in high numbers in embedded systems. (Some companies specializes in production of old semiconductor designs )
It is very painful to maintain old embedded software.
I have 10 years back made an update on a 80186 embedded system.
Programmed in Modula2, with a DOS based compiler from 1988.
Not everything is working inside a Virtual Machine, even RS232 timing is broken.
It is still possible to get some of the old CPU’s if they have been used in high numbers in embedded systems. (Some companies specializes in production of old semiconductor designs )
It is very painful to maintain old embedded software.
I have 10 years back made an update on a 80186 embedded system.
Programmed in Modula2, with a DOS based compiler from 1988.
Not everything is working inside a Virtual Machine, even RS232 timing is broken.
Last edited by HighWind; 22nd Jul 2019 at 18:17. Reason: Inccorect year
Join Date: Jun 2008
Location: Cambridge UK
Posts: 192
Likes: 0
Received 0 Likes
on
0 Posts
As SLF can I ask how important these data corrections are, and why?
I can see it's a real problem if they are handling/safety issues; lose any probe from an increasing list and you're compromised.
But if it's "just" a commercial matter such as incremental fuel efficiency, losing it for the rest of the flight (after a rare probe failure) should be a non-event, especially for the pilots.
Join Date: Aug 2015
Location: UK
Posts: 0
Likes: 0
Received 0 Likes
on
0 Posts
I don't think commercial grade '286s would have been considered for use in avionics back in the '80s, they would probably have been the full Mil Spec (MIL-STD-883C compliant) versions subjected to burn in and extended inspection and testing compared with commercial parts. No idea what would be used in current production, but the industry has generally been forced to become much more reliant on COTS (commercial off the shelf) parts.
There are vendors that specialize in supporting old ICs, they sometimes even buy the mask sets from the original vendor.
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
Needles to say the price is a 'bit' higher than the original but worth it compared to a full redesign.
Of course a 286 would also easily fit on a lot of FPGAs these day but cant imagine that would be any easier to certify than a clean sheet design,
No direct knowledge, but I think part of what they are struggling with on the MAX is that the system where MCAS is resident was never designed to be flight critical - I'm guessing it was Design Assurance Level (DAL C) - now since it's understood MCAS is flight critical, they're having to re-certify it as DAL A. That's a big, time consuming deal, and they are finding some unexpected items that have been there all along (without causing problems) but need to be corrected to make it DAL A.
Psychophysiological entity
Just noticed this:-
Just imagine showing Ada a few pictures of the future - on your mobile phone.
https://www.quora.com/What-computer-...CAS-written-in
Just imagine showing Ada a few pictures of the future - on your mobile phone.
https://www.quora.com/What-computer-...CAS-written-in
And then the wheels fell off.
They suddenly had a bunch of fairly major brand new known unknowns, and as somebody said above, are probably all terrified about the unknown unknowns they suspect are lurking in the system, just waiting to leap out and bite them fair in the arse.
Unhappy days at Renton
Form what I can see, this awful debacle more closely resembles the expression: "desperately trying to polish a turd"!