se300 software engineering practicesmercury.pr.erau.edu/~siewerts/se300/documents/lectures/... ·...
Post on 23-Apr-2020
3 Views
Preview:
TRANSCRIPT
February 12, 2015 Sam Siewert
SE300
Software Engineering Practices
Lecture 8 – Interactive Architecture and
Design Case Study – Flight 447
(System Architecture and Design)
Business This Week
Return and Go Over Mid-Terms – Thursday
Return Assignment #2 This Week
Turn in Assignment #3 This Week
Form Teams for Assignment #4 to #6
Go Over Assignment #4 Before Break
Sam Siewert 2
Interactive Architecture – Case Study
Best Effort, Predictable Response, Hard Real-Time
Quality of Interaction
– Latency – Time Between Real Event and Presentation or Input and Realization or Actuation
– Lag (Over Networks) – Transport of Event Data
– Jitter – Variation in Latency and/or Lag Over Time
Presentation of Information – Graphics, Video, Indicators, Text
Input – Keyboard/Mouse, Hand Controller, Data Glove, Gestures, Voice, Eye-trackers, Other
Flight 447 Investigation – Official Documents
Sam Siewert 3
Copyright {c} 2014 by the McGraw-Hill Companies, Inc. All rights Reserved.
6-4
Four Common Types of Systems
(a) Interactive subsystem
a
b
c
c
z
y x
a
a/x
b/y c/z
b
(b) Event-driven subsystem
(c) Transformational subsystem (d) Database subsystem
Aerospace Interactive Systems Avionics
– Flight Management System
– Flight Control System
– Auto-Pilot
– Instrumentation
– Health and Status Indicators
UAV/UAS Operations
Satellite Mission Operations and Control (POCC, MCC)
Air, Ground and Space Multi-Segment Systems
Security and Safety Threat Monitoring Systems
Many more …
Sam Siewert 5
Interactive Architecture & Design Flight 447 Case Study – A330, Fly-by-wire, Rio De Janeiro to Paris – PBS Nova
Did Interactive Features of Avionics Have Anything to Do with Crash? – Multiple Factors Contributed, But Root Cause is What?
1. Weather and RADAR limitations
2. Multiple Pitot Tube failures linked to Auto Pilot shutdown
3. Air Speed / Auto-thrust, Lack of thrust feedback?
4. Side-stick controllers? - Boeing vs. Airbus Viewpoints on Yoke/Side-stick
5. Pilot error? – Standard Op for Speed Maintenance (const. thrust, pitch)
6. Cascading Alarms? (Ignore at Key Times)
7. Stall Likely, But Should Not be fatal
8. Design of avionic interactive system itself?
– Last report 350 miles on route as expected at 1:35am, lost from RADAR as expected in mid-Atlantic due to Earth curvature
– Weather Issues Developed 3 hours into 11 hour flight
– Deep Sea Digital Flight Recorder and Radio Black-Box Recovery – Nearly Impossible
– ACARS maintenance text messages start at 2:10am, shows failure log (24 critical faults)
What Could be Done to Improve Systems?
Sam Siewert 6
BEFORE BB RECOVERY
Watch NOVA PBS Flight 447 – Amazon Library, Local, Youtube
Sam Siewert 7
BB Recovery May 2011 2 Years Later (Value of BB Recorders?) – INMARSAT Location (Similar to MH370, But More Data Limited
Search Area Based on Cooperative ACARS uplinks)
– ATC Primary RADAR and Secondary Transponder Ground-stations (Holes in Many Locations, Esp. Transoceanic flights)
– ATC NextGen Satellite Link – ACARS, AFIRS, ADS-B
BEA (Summary of Contributing Facts) 1. temporary inconsistency between the measured speeds, likely as a
result of the obstruction of the pitot tubes by ice crystals, causing autopilot disconnection and reconfiguration to alternate law;
2. the crew made inappropriate control inputs that destabilized the flight path;
3. the crew failed to follow appropriate procedure for loss of displayed airspeed information; the crew were late in identifying and correcting the deviation from the flight path;
4. the crew lacked understanding of the approach to stall;
5. the crew failed to recognize that the aircraft had stalled and consequently did not make inputs that would have made it possible to recover from the stall
Sam Siewert 8
Lessons Learned? BEA (Causal Analysis) 1. feedback mechanisms on the part of those involved made it
impossible to identify and remedy the repeated non-application of the procedure for inconsistent airspeed, and to ensure that crews were trained in icing of the Pitot probes and its consequences;
2. the crew lacked practical training in manually handling the aircraft both at high altitude and in the event of anomalies of speed indication;
3. the two co-pilots' task sharing was weakened both by incomprehension of the situation at the time of autopilot disconnection, and by poor management of the "startle effect", leaving them in an emotionally charged situation;
4. the cockpit lacked a clear display of the inconsistencies in airspeed readings identified by the flight computers;
5. the crew did not respond to the stall warning, whether due to a failure to identify the aural warning, to the brevity of the stall warnings that could have been considered spurious, to the absence of any visual information that could confirm that the aircraft was approaching stall after losing the characteristic speeds…
Sam Siewert 9
AFTER BB RECOVERY
Watch Follow Up Stories on Flight 447 – Local, Youtube
Sam Siewert 10
Much More to This Story
Combination of Errors – Weather + System + Crew
Issues with Automation – Crew Confusion, Fatigue,
Overload, Collaboration (E.g. Side-stick Issues)
Auto-Pilots, Intelligent Transportation – Safer?
Avionics Design Flaws? HCI Design Flaws?
Why is Aircraft Tracking Still Unreliable & Inaccurate
– 2009 to MH370, Almost 5 Years Later, Lost, BB Not Recovered
– MH370 Sat Transponder May Have Been Turned Off, Youtube,
PBS NOVA, Local
Sam Siewert 11
Qantas 32 – A380 Highly Automated Aircraft
Well Coordinated Crew (5 Pilots)
Engine #2 Blow Out
Wing Damage, Fuel Leak
– Youtube - Recreation
– Health and Status, Check-lists for Managing
Damaged Aircraft to Safe it for Emergency Landing
– Human Inspection of Damage
– Training Typically Far Less than Cascade of Issues
Seen in Real Scenario
– Ground Support from Qantas Operations Center
and Singapore ATC
– Automated Landing Gear Hydraulics
– Ends Well After Ground Shutdown Issues
Sam Siewert 12
top related