History and problems of the system installed on the Boeing 737 MAX

Gregory Travis, a software engineer and pilot, has contributed to the IEEE magazine about the ' Boeing 737 MAX 8 ' that has had two crashes in five months and is still out of service as of April 2019. doing.

How the Boeing 737 Max Disaster Looks to a Software Developer-IEEE Spectrum


◆ Improvement for fuel efficiency makes aerodynamic characteristics unstable
The Boeing 737 is an aircraft that appeared in 1967. It was installed on various airlines because it was equipped with a small engine and the system was relatively simple, simple and reliable. Over the years, the 737 has been upgraded with increasing complexity. At that time, it was economics, not safety, that was regarded as the most important. Airlines wanted to improve fuel efficiency to reduce operating costs.

The Boeing 737's engine will grow in size to increase engine efficiency and reduce fuel consumption. The 737 engine originally had a fan diameter of about 100 cm, but the 737 MAX was enlarged to a diameter of about 176 cm, and to solve this, the engine was installed slightly upward in the 737 MAX. However, the fact that the engine position moves upward means that the center position of the thrust has also changed, and when the pilot increases the engine output, the nose is turned upward than before. It is said that

If the nose turns up beyond a certain angle, the aircraft will be in a state called

stall and lose its lift. To recover from the stall condition, it is necessary to lower the nose, but according to Travis, the 737 MAX has a very large engine and it is in front of the wing, so the engine itself generates lift when the attack angle is large. It seems to be a structure that In the situation where the nose is rising as it stalls, the characteristics of the aircraft that lead to further increase the nose were dangerous enough to violate the old aircraft regulations. However, Boeing used software to solve this problem.

◆ Dealing with software to be able to switch pilots without retraining
The Boeing 737 MAX was equipped with a system called MCAS, which automatically pulled down the nose when the aircraft was likely to stall. Travis says that instead of Boeing redrawing the design, he prioritized 'compatibility with 737' to solve the aircraft problem using software.

According to Travis, what was important when selling the 737 MAX was that pilots who were already piloting the 737 were able to maneuver without special training. So, there was a need for Boeing to claim that the 737 MAX had no differences in flight characteristics or systems compared to any other 737 aircraft.

◆ There is a problem with the design, such as using only one of the two instruments in the software.
Rudder ( Rudder ) The system is all computer-controlled and the pilot controls the computer to operate a system called fly-by-wire used in modern aircraft such as the Boeing 737 MAX. In this system, it was possible to steer the aircraft stably by not accepting operations outside of a certain range.

As one of such fly-by-wire systems, MCAS was installed on the Boeing 737 MAX. The MCAS receives information on how much the aircraft is facing upward from the angle-of-attack sensor installed just below the window of the cockpit, one on each side of the aircraft, and stalls when the angle goes up more than a certain amount. It is a system that automatically lowers the nose to prevent it. By installing two sensors, it does not matter if one sensor is broken, but the MCAS installed on the Boeing 737 MAX is designed to use only one of the angle-of-attack sensors. It seems so.

Because MCAS is a 'correct the pilot's incorrect operation', it is designed to make it hard for the pilot to ignore the MCAS and force the operation. In other words, even if the information on the attack angle sensor is incorrect and the MCAS makes the wrong judgment, the pilot tends to be affected by the MCAS. According to Travis, previous Boeing machines were designed to give priority to humans when human and machine judgments conflict, but in 737 MAX, the design was changed to give preference to machines. It looks like it was there.

◆ While a bug is different from hardware, which can cause hundreds of millions of damage, it may be due to a good software culture just by patching
In the hardware world, even if a defect is found, it can not be fixed immediately, and it will be expensive because it needs to be manufactured again, but in the software world it can be solved simply by applying a patch.

Travis points out that the easy-to-update nature of software has brought software developers 'lazy' thinking that they can be fixed later. In addition, Travis continues that such lazy ideas are beginning to affect the world of hardware as software has a greater impact on hardware, such as with the development of fly-by-wire.

Travis also mentions the complexity of the system, quoting the words of the sociologist Charles Perrault, saying, 'You can not maintain a complex system where the components of the system are closely connected,' It states that it should be fixed and removed rather than increase the complexity of the system.

in Note,   Software,   Ride, Posted by log1d_ts