QANTAS A330 pitch upset final report

[scott967 31]

The ATSB released its final report AO-2008-070 on the Oct 08 pitch upset events experienced by QANTAS A330-303 VH-QPA operating as QA flight 72.It is interesting reading for anyone who has worked in mission critical software engineering. There were basically two problems: First, the ADIRU experienced a failure mode where its ADR outputs were wrong at intervals (report calls these data spikes), in particular the AoA parameter. Apparently this failure mode had never been seen before nor had design analysis anticipated it. The exact cause was not determined, but seemed to be in the CPU module, possible a soft hardware fault in RAM.Second, the flight control computer (PRIM) that receives the AoA parameter and computes flight control commands from it did not have a design for a failure mode of intermittent data spikes. The algorithm was based on one used on the A320 but a problem was identified during testing. Resolving this problem required modifying the algorithm. As it turned out, this change created a vulnerability to this data spike scenario that wasn't tested for.The report offers some observations on the engineering of safety and mission critical software and also speculates on some possible methodology changes, but I don't think it found any magic method for engineering.My experience was in mil std 1697 and dod std 2167 era, but I don't think things have changed that much. scott s..

[mgh 89]

A link would be helpful.

[fencer 16]

A link would be helpful.

Here you go :http://www.atsb.gov.au/publications/investigation_reports/2008/aair/ao-2008-070.aspxBruno