Posted on 01/19/2008 8:39:33 AM PST by GovernmentShrinker
THE pilot of the British Airways aircraft that crash-landed at Heathrow said he feared the flight would end in “catastrophe” as he struggled to cope with a double engine failure just two miles from touchdown. First Officer John Coward, 41, said both engines lost power simultaneously, leaving him with just seconds to bring the aircraft down.
-- snip --
Investigators examining the wreckage of flight BA038 are now focusing on the theory that the crash was caused by a failure in the avionics and electronics systems that control the plane’s engines. . . . A senior industry source said: “. . . The AAIB has identified that the problem seems to be connected with the avionics and and electrics which link the flight deck to the engines.
-- snip --
A former 777 pilot said that it was extremely unlikely that both engines would have suffered failure at the same time. “For two engines to fail at that stage of the flight - it’s not lack of fuel or contamination,” he said. “It’s got to have been commanded \[by the automatic control systems\]. We are all aghast.”
(Excerpt) Read more at timesonline.co.uk ...
Sooooooooo, would you buy one of those new cars with Sync, powered by Microsoft?
The probably apparently started just after they lowered the gear. If they couldn’t get the engines to respond at that point, I doubt they could have gotten the landing gear to come back up either. And those things take a little while to move in or out. This plane was, per the co-pilot who was at the controls, 40 seconds from planned touchdown when the first sign of trouble became apparent. If he’d wasted time trying to get the gear up, he wouldn’t have had time to do the few things he did to keep the plane in the air a few seconds longer.
There’s probably an ADA progammer muttering to himself “Was that integer or floating point?”
Real-time operating systems (RTOS) are the foundation software for computing systems. They manage the computers' other software programs and orchestrate these programs' requests for services. And they must be robust enough to deal with unexpected events without causing an aircraft to lose a flight critical function.In the past, many aerospace companies developed their own, proprietary operating systems and software tools, which were optimized for specific functions. Honeywell, for example, created the digital "engine" operating system (DEOS)...
Collins and LynuxWorks now are partnering to achieve acceptance of the LynxOS-178 kernel and POSIX application programming interface (API) as a reusable software component (RSC) under the guidelines described in advisory circular 20-148, issued by FAA in December 2004. Among other things, the new approach will allow FAA to accept third-party utility software, even though the software is only a part of a larger application, such as a flight management system (FMS) or a flight control system. The third-party RSC developer has to partner with an avionics system developer as part of a technical standard order (TSO), type certificate (TC) or supplemental type certificate (STC) project, but the RSC developer controls the distribution of the RSC approval letter.
Wind River Systems describes a technology approach to RTOS reuse for some military customers. They will be able to move applications between various "platforms," which contain an operating system, development environment and other software. They can move between the "general purpose platform" and the "platform for safety critical" as soon as the latter software platform adopts the development environment used in the general purpose package. This is scheduled to occur later this year.
Today avionics manufacturers still use homegrown RTOS and stripped-down, single-purpose operating systems known as runtime executives. But they are becoming more comfortable with third-party, commercial off-the-shelf (COTS) products, as well.
Recent aircraft provide striking evidence of this trend. The Boeing 787 Dreamliner will use COTS operating systems by Green Hills Software and Wind River Systems in core avionics systems.
Smiths Aerospace chose Wind River Systems' VxWorks 653 RTOS for the B787's common core system (CCS), a cabinet that will host 80 to 100 applications, including Honeywell's FMS and health management software and Collins' crew alerting and display management software. Multiple utility management applications relating to landing gear, electrical power, hydraulics, environmental control and even "lavs and galleys" management also are hosted on the CCS, according to Mike Madden, Smiths' program director for B787 common core system. (CCS also includes the common data network and remote data concentrators.)
The Wind River RTOS is part of the CCS infrastructure software, which also includes the Smiths common operating environment and a certified configuration management tool set. Smiths is integrating the "architecture and configuration tool set," which incorporates software from Smiths, Wind River and Rockwell Collins.
Smiths also plans to use the RTOS on the B767 global tanker transport aircraft's avionics flight management computer, a traditional line replaceable unit with VMEbus cards. The FMS software and the related operating environment will be part of an STC, the RTOS' first FAA, DO-178B acceptance. The operating environment, including the RTOS, will be certified to DO-178B, Level B, but the artifacts "will be developed to Level A for use on future applications," says John Armendarez, Smiths' director of military air transport programs.
Green Hills' Integrity-178B is present on the Dreamliner, as well. Honeywell chose the RTOS for the B787's fly-by-wire flight control electronics. Integrity-178B is to run in the B787's flight control modules, which are distributed among the four flight control electronic cabinets the integrator will supply each 787. Outputs from the software in these flight control modules drive Honeywell actuator control electronics units, which in turn communicate with the actuators that move the control surfaces.
Honeywell chose Green Hills because it provides a DO-178B, Level A, certified time and space partitioned operating system with a tightly coupled development environment, says Don Morrow, Honeywell's director of Boeing business development. Both Green Hills and Wind River have effectively been "certified," Morrow says. "They already have convinced FAA that they have systems which are compliant with ARINC 653." This standard concerns RTOS "partitioning," the services the RTOS supplies to enable the running of multiple applications on the same processing resources.
Honeywell is particularly interested in commercially available tools, such as compilers, linkers and debuggers. The company had to create the operating system and tools for its highly integrated airplane information management system (AIMS) on the B777. "It costs a lot of money, and it's not our core business," Morrow says
Honeywell and Collins have not gotten out of the operating system business completely. Honeywell uses DEOS in the Primus Epic integrated avionics suite and in the flight control system of the Embraer 170 and 190 regional jets.
(typo alert) My last should have started: “The PROBLEM . . . “
Pictures show APU inlet door open. The APU is typically not started until taxi in.
Islamofascists hacked into the computer?
Hmmmm. I can see how they could determine that the blades were turning from a crash scene photo. I don't think that allows one to determine whether the blades were powered, or just windmilling in the slipstream.
IIRC, the definitive blades are after the combustion chamber, if sand and grit are melted onto the blades the fire was on...
VxWorks, Integrity and DEOS all have certified level-A
kernels. No implementation of Windows is certified
(that I know of) under 178B or any other FAA cert.
There is no Windows software on any aircraft operating
any safety critical system, although they well may use it
in secondary logging or entertainment systems. MS probaly wouldn’t see any profit in carving out a certifiable kernel
out of Windows CE and providing source access to third parties, and most importantly investing in all the specialized software engineering expertise it takes to do code coverage analysis.
The code coverage requirements are pretty comprehensive
for A level software and I think its pretty unlikely
for something this catastrophic to be purely software
related. Of course, unloaded guns also kill people occaisionally.
[speculation]
IANAP but I believe that the engines are fed from separate fuel tanks. If that is the case, the possibility of simultaneous problems in two separate engine systems would be significantly reduced. If ice were to form in the fuel, I would expect it to happen at cruising altitude rather than at several hundred feet, where it's warmer.
[/speculation]
Plus 45 minutes fuel.
It is a violation to land with less than 45 minutes fuel if on an instrument flight, half hour if on a visual flight.
Aircraft carry enough fuel to make it to their planned desination plus their weather alternate.
Is that 45 minutes after you arrive at alternate, or does your alternate have to be within the 45 minutes of fuel you have to reach your intended destination? I take it from the wording of the rule that it means that where ever you end up you must have 45 minutes of fuel left.
I know nothing of the damage to expect in a landing like this, but from the pictures I’ve seen of the engines, especially the left engine, the blades seem awfully intact for the engine to have hit the ground at 200 mph or so and have them spinning at any speed at all. Just an observation.
I would expect a lot of doors and things to open during the course of that roll out! Good observation though.
GMTA
It is after you land you must have 45 minutes fuel left, wherever you land. If it is at an alternate, you have to allow that in your flight plan.
It is up to the pilot to include enough fuel to meet the requirement that there be 45 minutes fuel remaining.
Next thing you know they’ll have someway to find out where you are without having to tune two VOR’s and do the math in your head to figure out what radials are crossing. Isn’t it a wonderful world!
You can even have the terrain displayed under your map.
You can make equivalent of ILS approaches to airports that have no radio guidance.
I haven’t flown for quite a while either. I flew a T210 which had 5 hrs fuel. I always said I had 4 hrs for the flight plan. I never planned legs further than 4 hrs.
I was never worried about running out of fuel either.
That is the most avoidable accident there is.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.