From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED.xTnbtFihLXaiJRB0F89LbQ.user.gioia.aioe.org!not-for-mail From: russ lyttle Newsgroups: comp.lang.ada Subject: Re: Boeing 737 and 737 MAX software Date: Sun, 28 Apr 2019 14:27:29 -0400 Organization: Aioe.org NNTP Server Message-ID: References: <8736mwi257.fsf@nightsong.com> <2590d3d8-5f91-4f59-897e-e0c9b7e1b5ca@googlegroups.com> <5f483f72-9213-4c63-b3f9-7150fc4e455f@googlegroups.com> <03d33940-85e9-4fc9-9f2b-2b43f2cfd6af@googlegroups.com> <47a71ba7-38cb-426b-8dad-564f08afbcb2@googlegroups.com> NNTP-Posting-Host: xTnbtFihLXaiJRB0F89LbQ.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 Content-Language: en-US X-Notice: Filtered by postfilter v. 0.9.2 Xref: reader01.eternal-september.org comp.lang.ada:56207 Date: 2019-04-28T14:27:29-04:00 List-Id: On 4/22/19 3:36 PM, Norman Worth wrote: > Dennis Lee Bieber wrote: >> On Thu, 18 Apr 2019 06:53:10 -0700 (PDT), tranngocduong@gmail.com >> declaimed >> the following: >> >>> >>> a) Ada was used but programmers have chosen a wrong (too relaxed) >>> subtype, or other language was used and programmers failed to code >>> whatever equivalent to raising and handling a CONSTRAINT_ERROR. >>> Simply: software bug. >>> >> >>     The common action on any exception is to log it (in flash memory) and >> /restart/ the FMS software. Restarting likely includes synchronizing with >> the second FMS -- but after such a synchronization, aircraft control >> would >> have been given to the primary FMS; which likely would have almost >> immediately produced an exception and.... repeat until the pilots >> manually >> switch control to the second FMS processor. >> >>> b) Contrary to general belief, the software was not programmed with >>> multiple redundant computation. Simply: process failure. >>> >>> I chose to believe a). >> >>     It is most likely a variant of B. MCAS was supposed to nudge the >> aircraft attitude when it sensed a potential stall condition from just >> AoA >> (airflow angle against the wings) with no concern for air speed; >> pre-existing air speed computations were not changed by the addition of >> MCAS (couldn't have been if MCAS can be manually disabled in flight). >> Without the (formerly optional) hardware, this becomes a single sensor >> matter -- and one which can not be detected as faulty (while each FMS may >> have had its own sensor, during a disagreement, the primary FMS likely >> pushes /its/ computed aircraft state to the secondary FMS which is >> supposed >> to start computations from those values; probably diverging again >> until the >> next sync interval -- get enough of these divergences and the secondary >> might be the one to shut down; the FMS displays might show "SINGLE FMS" >> mode]) >> >> > A good programming language will not compensate for a bad system design! Been trying to convince management of that for almost 50 years. No luck.