Tuesday, May 22, 2018

What happens when the autopilot goes haywire?

It happened on Quantas flight 72:
Circling Learmonth, the pilots run through a checklist. The plane's two engines are functioning. But they do not know if the landing gear can be lowered or wing flaps extended for landing. And if they can extend the flaps, they have no idea how the plane will react. As much as they can, the pilots try to assert control over the A330 while the computer system operates. It cannot be fully disengaged. Turning off the three flight control computers could trigger unintended consequences. They may fail or fault.

Pulling paper charts out for Learmonth, the pilots make more inputs into the system, to no avail. It means they will have to conduct a visual approach. The precariousness of their situation is laid bare in a lengthy summary of faults on their screens. They include the loss of automatic braking and spoilers to prevent lift once the plane is on the runway. The pilots do not know whether they can use the nose-wheel to steer the plane until it is on the ground.
Over 100 people were injured, a dozen seriously when the plane pitched down and the cabin experienced negative 0.8g.

This is what the nose dives did to the cabin
Airbus has a long history of "issues" with the computerized control in their aircraft.  Post incident investigations typically blame the pilots (usually unconvincingly, at least for me) but this incident from 2008 shows that when everything is controlled by (or through) a computer, the computer can kill you.  The report said that one of the flight computers corrupted the avionics data, and the computer wasn't smart enough to realize that the data were whacky.

The way that I would rephrase that is that the software designers don't really understand how the software works, at least not all the time.  They can't say for certain whether the software will kill everyone onboard.

And this is the most sophisticated autopilot software ever built.  What's gone into self-driving cars is primitive by comparison.  There are millions of man-hours of development in the Airbus software, and what it is trying to do is arguably easier than what cars have to deal with - for example, there is no need for the sort of obstacle detection and avoidance that a self-driving car experiences.

RTWT.  I'm nowhere near comfortable entrusting my life to one of these experimental cars.

9 comments:

SiGraybeard said...

I've been banging on this drum as long as I can remember.

Software development for autopilots is strictly regulated by an industry specification called RTCA DO-178. All mission-critical or life-critical software is as thoroughly documented, tested and verified as any software anywhere. The job of the software is quite a bit simpler than autonomous car software. The easy example is nobody stands around on a cloud and steps out in front of the aircraft.

It is so difficult to meet software requirements that one of the first questions that comes up when there's a problem in a fielded system is if it's easier and cheaper to fix the problem in hardware than software.

Aircraft fly pre-planned routes, live in a managed airspace with matched airspeeds to keep them from overtaking each other. The job is much simpler than self-driving cars. And it still screws up.

Comrade Misfit said...
This comment has been removed by the author.
Comrade Misfit said...

I wonder if the old saying of "If It's Not Boeing, I Ain't Going" holds up with the 737-800 and the 787.

Beans said...

After lots of 'minor' incidents involving Airbus' plastic planes and damage caused by overstressing (always blamed on the pilots, though in-industry the word was the computers were rapidly over-correcting and causing stresses way over the design tolerances, thus resulting in a spate of broken pieces-parts) I then found out that Airbus had decided to go completely computer-full.

Okay, I understand the savings in maintenance over the old hydraulic systems, and such, and the need for computer control in a dynamically unstable aircraft (like the F-117 and such) but to have no ability to off the system and go full-monkey controlled is just insane.

Autopilot is nice for normal, ordinary, safe flying situations. But not if you can't turn the damned thing off.

How many deaths are linked directly to Airbus' computer controlled systems?

Only fly Boeing. Advice from a retired airline pilot I knew who was rated for both Boeing and Airbus products.

selsey.steve said...

I know the Cathay Pacific Captain (now retired) who was in charge of the Cathay Airbus acquisition program. He flew a number of Airbus planes out of Toulouse in France and was very qualified on the particular model Cathay eventually purchased.
The aircraft involved in this incident had been in service with Cathay for some months when my friend attempted a landing in Typhoon Signal 3 conditions. The cross-winds at the old Kai Tak airport were gusting up to 30 knots. When my friend attempted to land, the plane refused to accept his inputs and insisted on flying, not landing. After two go-rounds he tried to take the computers out of the control loop. The computers refused to be removed, even after he'd hit what he called "The Red Button" which was supposed to revert the plane to manual control. It didn't.
He had to fly the plane onto the runway, approaching very fast and hoping that he could stop the plane from plunging into the sea at the end of the runway. He later said that it was the scariest event he's ever had in all his years of flying, which included a number of years in the RAF V-Bomber Command.
His opinion after the Airbus incident? Never, ever get on an Airbus plane. They are not safe in unpredictable situations.

EricN said...

The downside of having cheap computers is the tendency to jam them into things that have no good reason to have a computer.

Will said...

The design philosophy of Airbus is that the pilots are there to assist the computers.
Boeing thinks the computers are there to backup/assist the pilots.

Having seen Airbus computers and idiotic designs kill passengers, screw them.

Jerry said...

There are a number of apocryphal stories from the early days of fly-by-wire. Some are even funny now that things have cooled down a bit but any system with software involved always has that possibility of an unexpected response to unanticipated inputs. As the software matures, the likelihood decreases but will never hit zero chance of unanticipated results.

Jonathan H said...

From everything I've heard about Airbus and how European Safety Agencies protect it from competition, it appears that the point of Airbus is to make Europe look good, not to produce good aircraft, and especially not to compete on a level playing field with Boeing...