Reply to post: Safety critical avionics software (and the hardware to support it)

You're not Boeing to believe this, but... Another deadly 737 Max control bug found

Electronics'R'Us
Holmes

Safety critical avionics software (and the hardware to support it)

Speaking as someone who has been a design authority for safety critical avionics hardware, I completely agree; DO-178 is of course the relevant standard.

The real issue here is what DAL was required by Boeing? Considering that avionics suppliers to civil aircraft cannot usually charge NRE, they need to recoup all that invested money from sales which acts as an incentive to the airframer (Boeing in this case) to use the lowest they think they can get away with as with increasing safety levels comes increasing costs to the supplier and ultimately to Boeing.

There is a key question I have that can yield only one answer and it is not the one Boeing specified from what I have read:

"Can this piece of kit command movement of flying control surfaces where there is no other effective system oversight of that commanded movement"?

I am aware that the pilot can cause MCAS to disengage (briefly) but that should be easy to do (which it clearly was not).

The answer here is a resounding YES and should require DAL A (which affects way more than software - got an FPGA in the loop? Add 5000 hours of engineering time for just the paperwork associated with DO-254. There is of course, a lot more than just that).

DAL A also requires redundancy (you can get away with a dual channel system in some cases although triple redundancy is far more common in these situations). The rule is that no single failure shall be able to cause a catastrophic failure and the usual statistic is that the chance of catastrophic failure (from multiple failures from all possible sources) is less than 10^^-9 per flight hour

It would be interesting to see the RFP / RFQ / System requirements sent to the avionics suppliers (although this may already be happening in the civil lawsuits as this is a key item of how Boeing viewed the functionality of MCAS. Boeing would have a really tough time justifying anything less than DAL A imo).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019