Quote:
Originally Posted by Ash W
It is not easy to test a piece of equipment or software for every possible permutation. .... Sure some people got hurt by what appears to be a first for this type, but the plane and it's passengers still made it to the ground in one piece.
|
I don't share your design philosophy I'm afraid, Ash. Safety critical systems require a special approach. The outcome in this case obviously could have been much worse but that doesn't make it an acceptable outcome.
My point remains that the logic flaw that exists is one that should have been obvious to test for - I don't rate it as outside the realm of conditions that could be foreseen. The auto pilot disengagement routine logic was sound. It should be pretty obvious that the same reason that required the autopilot to be disengaged should have caused the flight computers to ignore any further input from ADIRU-1 once it had been diagnosed as faulty. In fact I'd be astonished if that logic isn't present, so the task is more to uncover why it didn't trigger, which is probably related to the Flight Control Primary Computer pitch fault.