The Quantas A330 uncommanded dive from FL37 which propelled dozens of unrestrained passengers into the overhead three years ago has been blamed on a computer glitch and the various press releases are stressing the overall reliability of the sensors and the fly by wire computer system. Yes, its a rare event but the computer code that allowed action based on inputs from one of three sensors without doing any data validation first was an unacceptable programming error. The malfunctioning sensor's data should be compared with immediately prior values and with values from other sensors before being acted upon. And a prior warning to the cockpit of sensor disagreement should be sent. Its truly rare, but it happens and a computer that automatically accepts and acts upon such errors is not safe. All those millions of miles flown and thousands of hours of operation without incident were lucky, but not safe.
The algorithm compared two angle-of-attack indicators. If the readings were close, it averaged the two values and declared that the value to be passed on to further flight control systems. If the two values differed greatly the algorithm did not enter into any evaluation mode to determine reliability or data quality it simply discarded each angle of attack indicator's data and defaulted to the angle of attack determination that had been made 1.2 seconds previously. Unfortunately one of the two angle of attack indicators starting releasing spurious values every 1.2 seconds and the algorithm defaulted to erroneous values that made the flight control computer think the plane was at a very high angle of attack and that a stall would take place if the nose were not lowered immediately.
The pilots were not able to counteract the error since the fly by wire system over rides any pilot input that is unsafe.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment