back to article Airbus warns of software bug in A400M transport planes

A software bug may have cause the May 9 crash that grounded Airbus' troubled A400M military transport aircraft. Airbus has sent an alert to customers instructing them to conduct “specific checks of the Electronic Control Units (ECU) on each of the aircraft's engines”. Spiegel reports that the bug caused three of the transport …

  1. Mark 85

    Under "wraps"? Seems odd....

    I find it very strange that a judge is keeping the data recorder away from those would benefit from that information. Is this normal behavior in Spain?

    1. bazza Silver badge

      Re: Under "wraps"? Seems odd....

      Under the inquisitorial system of justice that they have in most of Europe it is up to the court to discover the facts. It is quite proper for the judge to keep the evidence confidential until the court is satisfied that it knows what the facts actually are. That means looking at all avenues of inquiry exhaustively prior to reaching an official conclusion.

      You have to recognise that whatever the inquiry finds it is going to have a serious judicial impact on some individuals, if in fact there is anyone to blame. You cannot have half complete theories being espoused by the court because that would unfairly affect those who in the fullness of time would be shown to have no involvement.

      1. gollux
        Headmaster

        Re: Under "wraps"? Seems odd....

        The term is "Adversarial Law" or "Guilty until proven innocent". While the Church was a law unto itself and had it's fingers in the pie, the Secular System was a bit separate from the Inquisition.

        1. Anonymous Coward
          Anonymous Coward

          Re: Under "wraps"? Seems odd....

          Gollux,

          The term is "Adversarial Law" or "Guilty until proven innocent". While the Church was a law unto itself and had it's fingers in the pie, the Secular System was a bit separate from the Inquisition.

          The UK has an adversarial system of law. Countries like France, Spain have the Inquisitorial system of justice. It's very different to the system in the UK, and a whole lot cheaper.

          If you want to know more I suggest you pop across the channel and break a shop window or something.

          Or just try reading up before you post.

        2. Anonymous Coward
          Anonymous Coward

          @gollux - Re: Under "wraps"? Seems odd....

          Actually all the victims sentenced to death by the jolly fellows of the Inquisition were dutifully executed by the secular authorities which also assisted in arresting suspects so I don't see much separation between the two.

      2. Anonymous Coward
        Anonymous Coward

        Re: Under "wraps"? Seems odd....

        There's nothing "proper" about holding up a flight safety investigation. The only value of the flight recorders, either to the criminal investigation or to the rather more useful manufacturer's one, is the data they contain. There's no point in hanging onto the recorders without having the data downloaded, something the investigating judge certainly can't do anyway without outside help. If the judge wants to use the recorder as an evidential doorstop after the data's been downloaded then fine, but don't prevent the problem with the aircraft being identified and fixed. This may be the way things are done in Spain, but that doesn't mean it's sensible.

        1. JDC

          Re: Under "wraps"? Seems odd....

          The fact that the judge is holding the investigation under "secreto de sumario" doesn't mean the flight safety investigation isn't going ahead. It just means the parties involved can't talk to the press about the interim results.

          1. Chicken Marengo

            Re: Under "wraps"? Seems odd....

            in my experience, real investigative engineers don't pontificate before they've got the facts anyway. So it should have no bearing on the technical investigation.

            Of course, their managers and the PR dept will be itching to go off half-cocked...

        2. Yet Another Anonymous coward Silver badge

          Re: Under "wraps"? Seems odd....

          So where does the black box go ?

          To Airbus - so they can prove that it wasn't their fault

          The spanish air force, the spanish civil aviation authority.

          The turkish, since it was their plane.

          The airbus member country who wrote the software

          Who decides if it was the software

          Having a judge decide this after some deiberation seems a better idea than first to the site grabs it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Under "wraps"? Seems odd....

            Actually one of the data recorders has been sent to L3 in Florida (the manufacturer) because they have had some problems with downloading due to lack of compatibility of the systems used to do this in Europe.

    2. Mark 85

      Re: Under "wraps"? Seems odd....

      Thanks tor the answers and the downvotes for some reason... hmmm. Anyway, I didn't realize they use "inquisitional law". Clarifies it.

  2. gollux

    At least it doesn't fly inverted on crossing the equator...

    1. Anonymous Coward
      Anonymous Coward

      Have they tried, yet?

  3. seven of five

    "The project ran late and over budget. "

    Of course it is "late and over budget". It is a project, after all. And not only a governmental, multinational, but a military one.

    As if there would have been another option.

    1. werdsmith Silver badge

      Re: "The project ran late and over budget. "

      The engines themselves: Europrop TP400 were delayed in development due to problems with FADEC and certifying authorities approval of it.

      1. imanidiot Silver badge

        Re: "The project ran late and over budget. "

        The problem is not just the engines. The entire A400M project is just one giant clusterfuck of epic proportions. (Possibly on par with the Joint Strike Fighter program, and thats saying something)

        1. GreggS

          Re: "The project ran late and over budget. "

          That could be the corporate motto of Airbus

          1. TRT Silver badge

            Re: "The project ran late and over budget. "

            Nunquam fatalis, semper ultra bursa.

          2. Yet Another Anonymous coward Silver badge

            Re: "The project ran late and over budget. "

            >That could be the corporate motto of Airbus

            Boeing's was not only late and overbudget but they deliberatly built the first aircraft with non-approved rivets in order to meet Wall St expectations. Then had to drill every single one out and replace it before they could start tests.

      2. Yag

        Re: "The project ran late and over budget. "

        Seems like the problem was before the engine themselves.

        “contradictory instructions” from the flight control system... Off to nag some coworkers :)

  4. Phil O'Sophical Silver badge

    Fail Safe?

    three engines shut down after receiving “contradictory instructions” from the flight control system.

    There's obviously a need to respond safely when contradictory instructions are seen, but wouldn't "just stay as you are" be better than "all stop" ?

    1. SkippyBing

      Re: Fail Safe?

      'but wouldn't "just stay as you are" be better than "all stop"'

      Not if you're on fire.

      1. Ben Bonsall

        Re: Fail Safe?

        Rule Zero: Do not be on fire.

        1. Indolent Wretch

          Re: Fail Safe?

          If ( statements = contradictory )

          {

          if ( fire_status = burning ) or ( airborne = no )

          engine( off );

          alarm();

          }

          1. AndyS

            Re: Fail Safe?

            Oh, crap, you forgot to use "==" instead of "="

            Guess you just crashed and burned every A400M. Oops.

          2. Lysenko

            Re: Fail Safe?

            if ( statements = contradictory ) then

            begin

            if ( fire_status = burning ) or ( airborne = no ) then

            Engine.Active := False;

            System.Alarm := True;

            end;

            ...I guarantee you that in any plane crash curly brackets will be involved somewhere.

            1. M. Poolman

              Re: Fail Safe?

              May I suggest

              if ( statements = contradictory ) then

              System.Alarm := True

              if not airborne then

              Engine.Active := False;

              endif ;

              endif:

              if ( fire_status = burning ) then

              System.FireAlarm := True

              if airborne then

              AskPilotWhatToDo(InCaseOf = EngineFire) ;

              endif;

              endif;

  5. Schlimnitz
    Trollface

    And where, pray

    was Chris Roberts?

    1. phil dude
      Joke

      Re: And where, pray

      I think he was busy controlling Santa's sleigh, using the Blitzen entertainment network port.

      P.

  6. Anonymous Coward
    Anonymous Coward

    It does have to suck

    if you're the guy/girl who wrote that code, knowing your mistake led to the deaths of four people. All I have to worry about is inconveniencing a few folks when I screw up.

    1. Anonymous Coward
      Anonymous Coward

      Re: It does have to suck

      The point is that it really isn't down to one guy or gal to hack out some code and then go fly the plane. For safety-critical class A code like an engine controller (only nuclear power plant code has stricter controls) there is about 18 months of work to do before you even start coding just to establish the number and depth of reviews of the *requirements* then you do a whole bunch of functionality analysis and functional failure analysis to find where the deep bugs might be hiding and so the code for these functions is subjected to special scrutiny etc etc etc. tl;dr getting FADEC code wrong has nothing to do with your leets and everything to do with the surrounding quality control system so it is absolutely correct to say that this was a 'quality problem' The sad part is that although there is possibly a common-mode unintended failure buried here, they would probably have survived if they hadn't hit the pole.

      1. Anonymous Coward
        Anonymous Coward

        @AC - Re: It does have to suck

        So it will be down to three persons then.

  7. Anonymous Coward
    Anonymous Coward

    It sucks

    ...that people died before this Bug was discovered. It seems to me there must be proper means for mission critical software to be properly debugged. Yes I understand their is a cost/time issue but it's worth the cost IMO.

  8. Gene Cash Silver badge

    Hm.

    I wonder what was different about the 4th engine...

    1. Anonymous Coward
      Anonymous Coward

      Re: Hm.

      Sounds like multiple survivable by themselves errors led to a fatal accident.

      Since the text alludes to checking the engine ECUs, the implication is that either there is a customization that was not set up correctly, or that there is some manufacturing setting that wasn't set correctly (like, engine ECU still in mfg test mode allowing commands which are normally illegal to be accepted, or having the ECU spit out extra test data). If a particular test maneuver, say, sloshes the low fuel[1] a certain way for 3 of 4 engines the extra engine diagnostic data about fuel flow issues causes the master controller receiving said unexpected extra data to decide the engine is crackers and issues a DIE DIE DIE (or maybe just a benign on the ground...) reset command. At low altitude 3 suddenly dead engines is not so benign...

      Of course, I just made all that up. It won't happen again whatever it is, because additional avionics code will be added to prevent such a thing. Next time it will be something different... Hopefully the accident report will be detailed enough to say exactly what the failure was.

      [1] perhaps the fuel truck had a flat so they went up with marginal fuel. So 4 European testers die instead of a plane full of Turkish paratroopers.

  9. Anonymous Coward
    Anonymous Coward

    Nuclear bugs

    This is exactly why Iran must never be alowed to play with nukes. The software, addled by Stuxnet/Flame2, will be so buggy that KABOOOOOOOOOOOOOOOOM

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon