Re: Boeing 737 and 737 MAX software

[Norman Worth <nworth@comcastNOSPAM.net>]

Dennis Lee Bieber wrote:
> On Thu, 18 Apr 2019 06:53:10 -0700 (PDT), tranngocduong@gmail.com declaimed
> the following:
> 
>>
>> a) Ada was used but programmers have chosen a wrong (too relaxed) subtype, or other language was used and programmers failed to code whatever equivalent to raising and handling a CONSTRAINT_ERROR. Simply: software bug.
>>
> 
> 	The common action on any exception is to log it (in flash memory) and
> /restart/ the FMS software. Restarting likely includes synchronizing with
> the second FMS -- but after such a synchronization, aircraft control would
> have been given to the primary FMS; which likely would have almost
> immediately produced an exception and.... repeat until the pilots manually
> switch control to the second FMS processor.
> 
>> b) Contrary to general belief, the software was not programmed with multiple redundant computation. Simply: process failure.
>>
>> I chose to believe a).
> 
> 	It is most likely a variant of B. MCAS was supposed to nudge the
> aircraft attitude when it sensed a potential stall condition from just AoA
> (airflow angle against the wings) with no concern for air speed;
> pre-existing air speed computations were not changed by the addition of
> MCAS (couldn't have been if MCAS can be manually disabled in flight).
> Without the (formerly optional) hardware, this becomes a single sensor
> matter -- and one which can not be detected as faulty (while each FMS may
> have had its own sensor, during a disagreement, the primary FMS likely
> pushes /its/ computed aircraft state to the secondary FMS which is supposed
> to start computations from those values; probably diverging again until the
> next sync interval -- get enough of these divergences and the secondary
> might be the one to shut down; the FMS displays might show "SINGLE FMS"
> mode])
> 
> 
A good programming language will not compensate for a bad system design!