Boeing 737 MAX crash and the rejection of ridiculous data - Philip Greenspun’s Weblog

2 min read Original article ↗

“Boeing 737 Max: What went wrong?” (BBC) contains a plot showing the angle of attack data being fed to Boeing’s MCAS software. Less than one minute into the flight, the left sensor spikes to an absurd roughly 70-degree angle of attack. Given the weight of an airliner, the abruptness of the change was impossible due to inertia. But to have avoided killing everyone on board, the software would not have needed a “how fast is this changing?” capability. It would simply have needed a few extra characters in an IF statement. Had the systems engineers and programmers checked Wikipedia, for example, (or maybe even their own web site) they would have learned that “The critical or stalling angle of attack is typically around 15° – 20° for many airfoils.” Beyond 25 degrees, therefore, it is either sensor error or the plane is stalling/spinning and something more than a slow trim is going to be required.

So, even without checking the left and right AOA sensors against each other (what previous and conventional stick pusher designs have done), all of the problems on the Ethiopian flight could potentially have been avoided by changing

IF AOA > 15 THEN RUNAWAY_TRIM();

to

IF AOA > 15 AND AOA < 25 THEN RUNAWAY_TRIM();

About 10 characters of code, in other words. (See the Related links below for the rest of the flaws in the MCAS system design, which the above tweak would not have fixed.)

We fret about average humans being replaced by robots, but consider the Phoenix resident who sees that the outdoor thermometer is reading 452 degrees F on a June afternoon. Will the human say “Arizona does get hot in the summer so I’m not going to take my book outside for fear that it will burst into flames”? Or “I think I need to buy a new outdoor thermometer”?

Related: