Slashdot Mirror
Computer Error Caused Qantas Jet Mishap
highways sends word that preliminary investigations into a Qantas Airbus A330 mishap where 51 passengers were injured has concluded that it was due to the Air Data Inertial Reference System feeding incorrect information into the flight control system — not interference from passenger electronics, as Qantas had initially claimed. Quoting from the ABC report: "Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive ... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."
They never did, the initial reports that they were looking at laptop was a mistake by the journalist. Qantas said they were looking at the onboard computers (ie. the computer that was flying the plane) and the journalist thought computers that were on board (ie. the laptops that passengers were using).
This isn't an isolated incident. Although I think the string of technical incidents suffered by Qantas isn't a coincidence either. "A global alert was issued in 2005 after a Malaysia Airlines Boeing 777 en-route to Kuala Lumpur from Perth experienced similar problems. Investigators found a software glitch in a unit made by the same US manufacturer as the one in the Qantas plane combined with a mechanical problem." http://www.australianit.news.com.au/story/0,24897,24499849-15306,00.html
Qantas HAD an excellent reputation for safety, but that is surely history now. What was it about 6-12 months ago they moved all of their international flights maintainance offshore. Qantas engineers went on strike etc. Lo and behold yet another outsourcing operation is falling flat on its face, unfortunately this time it could come at the expense of lives.
I'd be staying well away from Qantas international flights until they sort their shit out.
For those that are interested in coding/test methodologies, the FAA created a system called "DO178B" which defined as set of software assurance standards for aircraft. (Note, it's not coding standards, it's assurance standards)
Wiki link: http://en.wikipedia.org/wiki/DO-178B
It set different standards for different types of code. The movies would be Class E, a non-critical nav system maybe C or D, FCS probably A. But even then, the code can be made modular to decrease the assurance level required. For instance, an artificial horizon needs to work, right? But you normally have more than one in a cockpit. If one goes bad, you can use the other, not catastrophic. But the key is the pilot(s) need to recognize that it's busted. What if one froze in place in flight during landing? The pilot might follow it and go ka-boom.
So by itself, an electronic artificial horizon would require level A ($$$) software so that it 'never' fails. This is very very expensive (for level A the post-compiler machine code must be analyzed for possible compiler issues, and MC/DC http://en.wikipedia.org/wiki/Modified_Condition/Decision_Coverage coverage)
So instead, they write it to a lower level, and then create a small set of code that cross-checks everything and kills off any horizon that's malfunctioning by placing a big "X" (or whatever) on the screen instead. Lower risk and greatly reduced cost.
Yes and no. Yes, the air is not THAT thin, but first there is a big difference in the security requirements between 21th century airlines and WWII military aviation. Second, the A330 has a very different (and more fuel efficient) wing profile from the B-29, which stalls at only 91kts.
The A330 also has much more powerful engines but neither of those really matter. The reason the pilot controls didn't respond is a matter of fly-by-wire philosophy. Do you allow the pilot to put the plane is a situation that will stall the plane or worse break it, or do you prevent the pilot from flying outside the capabilities of the plane. Airbus's philosophy is the latter. The only problem is - what if the flight control computer is wrong.
You do *not* need an autopilot to fly at that altitude. And yes I am an autopilot engineer.
Nonsense. The air is thin but not THAT thin. B-29 Superfortresses routinely flew at that height, via human piloting. You don't "need" an autopilot.
Firstly, the B-29 had the wings of a glider and cruised at 220 knots. The Airbus by contrast has swept wings optimized for cruise at .82 mach. What makes you think your intuition about the B29 is worth anything given the differences between those aircraft?
Secondly, the B29 was flown by autopilot in cruise. Preview "Bringing the Thunder" on Google books, page 155, for the memoirs of a B-29 pilot.
That said, this is not even an autopilot issue. The true source of this problem is the flight control system of the Airbus, which features a "self protection" system that intends to prevent the aircraft from stalling at any expense, and in this case, actively threatens the safety of the aircraft itself.
The truly frightening thing about this is that the air data computer clearly resumed normal operation at some point during the dive, and the aircraft was recoverable. Had this been a permanent failure of the air data computer, an airbus pilot has no way to override the aircraft's intentions and recover from the dive. An airbus pilot can only watch, as the airplane says, "No, really, I'm stalling, I have to hold the nose down and pick up airspeed!". With a failed ADC computer constantly and erroneously telling flight controls that the aircraft is in stall, an Airbus would dive, trying to recover, until it impacts the ground.
By contrast, A pilot of a Boeing aircraft can tell his aircraft that it's worldview is wrong and fly it by hand in any circumstance.
This represents a fundamental difference in philosophy. Airbus trusts the computer and the system more than it trusts the pilot -- It says that the probability of a systems failure causing incorrect control commands and threatening the aircraft is less than the probability of a confused, tired, or impaired pilot losing control of the aircraft. Boeing, by contrast, trusts the pilot more than it trusts the system.
There have been aircraft accidents where an Airbus aircraft has crashed in situations where a Boeing aircraft would have been flyable by a human pilot.
There have also been aircraft accidents where a Boeing aircraft has crashed due to incorrect pilot procedures which could have been overridden by an Airbus aircraft's flight control system.
Each philosophy has its risks and rewards.