Boeing is fundamentally redesigning the software architecture of the 737 MAX flight control system to take data from both of the system’s computers and to compare the data from the sensors feeding them. The existing system uses data from only one flight control computer and the second serves as a backup. In the new setup, both computers will be actively engaged in cross checking the performance of the aircraft’s various systems. The Seattle Times broke the story and said the major change is in response to a fault discovered by FAA test pilots which showed that small microprocessor faults could have disastrous effects in the MAX because of the newly added MCAS system.
The faults, which can be caused by cosmic rays hitting circuitry and randomly changing binary code from 0 to 1 or vice versa, are addressed by FAA certification standards but their effects were tested by FAA pilots in relation to the function of the MCAS by flipping five of the binary switches. Although the perfect storm of simulated failures would be an extremely rare occurrence in the air, the agency said it had to be addressed. “While it’s a theoretical failure mode that has never been known to occur, we cannot prove it can’t happen,” one of the Times’ sources said. “So we have to account for it in the design.” Double teaming the flight control computers mitigates that risk because each computer is constantly checking the performance of the other. If either detects a problem, neither will move of the flight controls and the aircraft will have to be flown manually.
Although the redesign of the system is a major project, Boeing still thinks it can be finished in time to have it evaluated by the FAA this fall. Most airlines that fly the MAX are skeptical of that optimism and have eliminated the MAX from their schedules until late in 2019 or early 2020.