[SystemSafety] Correctness by Construction
Dewi Daniels
dewi.daniels at software-safety.com
Fri Jul 10 18:22:18 CEST 2020
On Fri, 10 Jul 2020 at 15:40, Olwen Morgan <olwen at phaedsys.com> wrote:
>
> Correct me if I'm wrong but I thought at least one key event in one of
> the 737 MAX crashes was that an AoA sensor had been inappropriately
> fitted to the airframe and consistently read around 20 degrees off?
>
> How does a pilot recover from that?
>
Very easily, as a matter of fact. A pilot doesn't need an AoA sensor to fly
an aircraft. Boeing didn't even fit an AoA sensor to the Boeing 737 until
the 737-NG. Even then, the AoA sensor was an optional extra to drive an
optional AoA display. Neither of the two 737 MAX aircraft that crashed were
fitted with the optional AoA display. The only reason the two aircraft that
crashed were fitted with an AoA sensor was to drive MCAS. If MCAS had not
been fitted at all, or if its authority had been limited, as was the design
intent, neither accident would have happened.
Yours,
Dewi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200710/6b56b515/attachment-0001.html>
More information about the systemsafety
mailing list