Re: Flight controls

From:         rdd@cactus.org (Robert Dorsett)
Date:         10 Dec 92 16:07:06 PST
References:   1 2 3 4
Followups:    1
Next article
View raw article
  or MIME structure


In <airliners.1992.77@ohare.Chicago.COM> philip@rainbow.mentorg.com (Philip 
Peake) wrote:

> In article <airliners.1992.67@ohare.Chicago.COM>, rdd@cactus.org (Robert Dorsett

> if you want to knock the A320, there are much better grounds for doing so
> than ergonomics - without the more serious design problems, there would probably
> have been many fewer "accidents", and hence less reason to blame the ergonomics.

I am hard pressed to think of many other things.  Structurally, the A320 is 
extremely conservative, highly conventional.  In systems layout and design, 
highly conventional.  There are a few frills, such as the cabin lighting 
system, toilets, or window heat, which have been "automated," but only in 
relatively self-contained manners (toilet going out doesn't have the slightest 
ramification on ELAC 1 being able to do its job, for instance: they aren't
on the same networks :-)).

The EFCS, in turn, has been the focus of so much attention that at least one 
pundit suggested that other aspects may have been allowed to lapse, as 
evidenced by the initial problems with the toilets or the cabin intercom/
lighting system, the latter of which, in the words of a BA maintenance 
engineer, had software so simple "a child could have done it better."  These 
aren't safety-critical items (well, maybe the lighting is: it didn't work at 
Habsheim).  

Two of the three accidents were misuses of the FMGS MCU; the other--the 
first--was so bizarre, such an outrageous case of poor airmanship, that I've 
yet to fully assess the implications. This therefore seems to call for better 
ergonomics or training, with the latter recognized as precisely what it is: a 
kludge, covering up poor design.  

It's important to note that while, on a quantifiable basis, the A320's EFCS
is most subject to criticism, it's equally clear that, thus far, the EFCS has
performed almost flawlessly.  And even if it doesn't meet the 1-in-a-billion 
failure rate, it's likely that if it produces even one EFCS-induced 
catastrophic failure every 10 years, the human and material costs can be 
easily absorbed by the industry--and when it does fail, we probably wouldn't 
be able to determine what happens, since the DFDR certainly doesn't record 
the myriad execution paths.  

The real issue, of course, is whether this is as safe as a conventional
system.  And if it isn't, there are tremendous ethical and moral issues
at play.



> Besides "cosmetic" issues like tactile feedback, and some layout issues,

This isn't cosmetic.  The choice of using sidesticks, the four major flight
control modes, the many possible permutations within those modes, are part of
a highly integrated *system* design.  If one looks at it for itself, it's a 
very "sexy" design, a startingly coherent design philosophy. How well it
adapts to the real world is another issue, entirely, of course.

I would even suggest that if one disqualifies one aspect of this model: 
sidestick, throttle control, switch design--the totality could suffer 
irreparable damage.  None of this is "cosmetic."  It's the heart of how the 
airplane is controlled.


> the 767
> is pretty close to an A320 - as you have said (I think - sorry if I misquote 
> you)
> the 767 is just more conventional in cockpit design - its a pity its automatic
> landing system can be as good as the best pilot on a good day, and a rough as
> the worst on a bad day ... usually more towards the latter ... 

I would not have rated the airplanes as equivalents.  The 767 is "equivalent"
to an A310, but even then, there are significant differences in cockpit 
design.  If I've given the impression of "equivalency," it was by mistake: 
perhaps in avionics maintenance practices, or the A320 or 747-400 as 
"consumers" of the benefits of the 767/A310 learning curve; little else.  The 
airplane I'd compare with the A320 is the 747-400, at least in cockpit design, 
systems design, and AIDS/BITE integration; certainly not the mission 
requirements.


> ) writes:
> |> We can automate easily quantifiable issues: simple tasks.  Judgement and
> |> airmanship has thus far evaded us, on all levels.  Until we get a grip on
> |> it, talk of fully autonomous aircraft or ground control is nothing more
> |> than science fiction.
> 
> [...] history, even modern history is littered with comments from
> people writing off things as "science fiction", "can't be done", "will never rep
> lace
> the current ...." etc who have had to eat their words shortly after.

In the software engineering community, words like "Oh, that's easy," or "I can
do that on time, on schedule, and under budget" are *always* eaten, later on.
Software is an art, not an engineering discipline.

I wonder what the aero manufacturers are doing that the rest of us poor sods 
aren't, that let them miraculously produce highly complex packages right on
schedule, in a certification environment in which even a day's delay can costs
millions of dollars.  10M of code in an A330/340, indeed.  I have a hard enough 
time keeping my little 1M Microsoft Word in line.

Usually, when I write "stupid" things, I regret it an hour later.  It's
been over 72 hours, now, and I stand by my words.  At this point in time, 
it is not feasible to create fully autonomous transport aircraft, as implied 
in the original article.  By the time it is, I expect my bones to be dust.


Incidentally, a few people seem to have interpreted my comments about software
engineering as coming from an AE perspective: they weren't.  I'm not sanguine
about CS types writing this stuff: I simply don't think development 
technology's at a point where we can write reliable software with the level 
of confidence I feel is necessary.  This is a whole other discussion, though.

I actually have little experience with the capabilities of AE-types to write 
code.  Although I suppose if they had done it, the EFCS would have been 
written in FORTRAN, not C/Pascal/assembly. :-)  

I will concede that the CS approach is likely the lesser of two evils.




---
Robert Dorsett
rdd@cactus.org
...cs.utexas.edu!cactus.org!rdd