Re: Boeing 777 - Totally Irresponsible?

Date:         13 Dec 96 04:25:59 
From:         Bob Mann <>
Organization: R.W. Mann & Company, Inc.
References:   1
Next article
View raw article
  or MIME structure

Bernie Gracy, Jr. wrote:
> The keynote speaker of the 1996 Pacific Northwest Software Quality
> Conference reviewed the 10^9 (ten to the ninth power) problem.  Years of
> testing a PC program are required to believe that it won't fail within a
> week of release.  To meet the FAA standard of 10^9 hours of failure free
> operation would require 100 years of testing assuming that one could
> execute 1 test/sec (there are about 10^7 seconds in a work-year).
> He went on to say that because of the millions of lines of code written
> for the 777 that it would be impossible to test all of the failure
> conditions, and therefore was irresponsible to design and deploy such an
> aircraft.  He vowed never to fly on one...
> How was the 777 tested?  Is it safe?  Or is it "unsafe at any airspeed?"

By that definition, are any of the commercial FBW/FADEC aircraft
"safe"?  Of course they are.  But there's probably a reason that most
manufacturers leave the PIC in the loop as final authority to override
the autopilot.

The greater question is the "least common denominator" factor imposed by
some aircraft maunfacturers' autopilot control laws and their finality
of authority.  This, in effect, "dumbs down" the flight envelope, such
that hand-flying that would not cause structural failure -- but which
could prevent an incident -- is prohibited by the system's limits, which
the PIC cannot override, as I understand it.
- Bob Mann
  R.W. Mann & Company, Inc.