FlightGlobal.com
Home
Premium
Archive
Video
Images
Forum
Atlas
Blogs
Jobs
Shop
RSS
Email Newsletters
You are in:
Home
Aviation History
1989
1989 - 0301.PDF
'::-;; SAFE SOFTWARE Surprisingly, not every computer expert is convinced of the safety of the Airbus A320 fly-by-wire airliner, despite its seven flight-control computers. Martyn Thomas, of software specialist Praxis Systems, doubts whether any amount of test ing can prove that those computers do not contain a catastrophic fault. Thomas, how ever, is a proponent of a new kind of micro processor specifically designed for use in flight-critical systems. The problem with the A320, Thomas argues, is fundamental to all fly-by-wire and flight-critical systems: the software may incorporate hidden "bugs" that tests have failed to reveal. Furthermore, the hardware suppliers cannot guarantee that their microcomputers will always perform to specification. Airbus points out that, even if all seven computers fail, the pilot can still control the aircraft via the mechanical rudder and pitch trim controls. The likelihood of failure is further reduced by the level of dissimi larity of the system. The computers use different software and different hardware. Increasing numbers of aircraft, both civilian and military, rely on computers for their vital func tions, but can such systems ever be proven to be safe? Lee Paddon looks at the problems and outlines possible solutions. This multiple-redundant, different-origin approach, Airbus claims, gives no common mode of failure. There is, therefore, no. condition which will cause all of the com puters to send wrong instructions to a control surface and thereby produce a potentially dangerous position. Complex certification Certification of the aircraft proved a long and complex process. The CAA claims that, at every stage of the software's writing and veri fication, the teams followed the appropriate methods for writing high-integrity software. Britain's fly-by-wire fighter demonstrator It also points out that, to date, no computer on an A320 has shut down in the air as a result of a software fault. Even the CAA admits, however, that it does not believe the flight control software is bug-free. Software bugs usually occur when the inputs the program gets, either from the aircraft's sensors, flight controls, or from other parts of the program, are outside the range that the program was expecting. This can be the result of sloppy thinking by the programming team or of imprecise specifica tion by the customer. Either way, the effects of such a bug can be unpredictable. The demand for safety-critical systems, however, seems to be relentless. In the civil field, it is claimed that the fly-by-wire system aboard the A320 makes the aircraft safer than it otherwise would be. This is because the system stops the pilot from operating the aircraft outside the safe flying envelope. Fly-by-wire is even more in vogue in military aviation. The multiple-redundant nature of fly-by-wire produces survivability benefits, and considerable weight is saved compared with mechanically signalled flight FLIGHT INTERNATIONAL, 4 February 1989 35
Sign up to
Flight Digital Magazine
Flight Print Magazine
Airline Business Magazine
E-newsletters
RSS
Events
