In-flight Upset due to "Latent Software Error"

In-flight Upset due to "Latent Software Error"

From: Peter B. Ladkin <ladkin_at_xxxxxx>
Date: Wed, 11 Apr 2007 09:19:54 +0200
Message-ID: <461C8C1A.8060002@xxxxxx>
Risks 24.61 contains a note about the release of the ATSB's report into the
in-flight upset of a Malasian Airlines B777 aircraft out of Perth on 1 August 2005.
That the ADIRU was at fault was known at the time, and that it had to do with recent
versions of the SW was also suspected at the time (the FAA issued an
emergency AD which required users to reinstall a previous version of the SW).

According to the report, now available at
all versions of the ADIRU SW up to and including that latest version installed
on the B777 contained a "latent software error in the algorithm to manage the sensor
set used for computing flight control outputs ......" (page 8, Section "Component Software
Evolution", first sentence). The software implements a highly-redundant architecture
with significant fault tolerance.

Although there have been software-related incidents with fly-by-wire commercial
aircraft before, this is the first time I can recall in which one of the primary causes is
an error in the SW. (The other primary causes in this incident are related to the
sequence of HW faults and the architecture.)


Peter B. Ladkin, Professor of Computer Networks and Distributed Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319
Received on Wed 11 Apr 2007 - 08:16:59 BST