Tuesday, May 21, 2019

How the Boeing 737 Max Disaster Looks to a Software Developer

There have been many articles about the Boeing 737 Max disaster published in the last few months, but this one in the IEEE Spectrum magazine, written by a software developer who is also a pilot, is the best that I've seen. It focuses on the critical process and design flaws that led to the disaster, and there were many. But this is probably the most critical.
So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737’s dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3.
I've had quite a bit of experience documenting failure modes of complex software and hardware systems and have been directly involved in their design. It is beyond belief that Boeing could produce a control system that did not have multiple sanity checks for its control inputs. It makes me reluctant to ever fly on a Boeing aircraft again. 

No comments: