Airbus A350 software forces airlines to turn planes off and on every 149 hours
Patch your darn metal bird, sighs EU aviation agency
Airbus A350-1000
An Airbus promotional picture of an A350-1000. Its sister type, the A350-941, is the affected model of airliner
Some models of Airbus A350 airliners still need to be hard rebooted after exactly 149 hours, despite warnings from the EU Aviation Safety Agency (EASA) first issued two years ago.
In a mandatory airworthiness directive (AD) reissued earlier this week, EASA urged operators to turn their A350s off and on again to prevent "partial or total loss of some avionics systems or functions".
The revised AD, effective from tomorrow (26 July), exempts only those new A350-941s which have had modified software pre-loaded on the production line. For all other A350-941s, operators need to completely power the airliner down before it reaches 149 hours of continuous power-on time.
Concerningly, the original 2017 AD was brought about by "in-service events where a loss of communication occurred between some avionics systems and avionics network" (sic). The impact of the failures ranged from "redundancy loss" to "complete loss on a specific function hosted on common remote data concentrator and core processing input/output modules".
In layman's English, this means that prior to 2017, at least some A350s flying passengers were suffering unexplained failures of potentially flight-critical digital systems.
Airbus' rival Boeing very publicly suffered from a similar time-related problem with its 787 Dreamliner: back in 2015 a memory overflow bug was discovered that caused the 787's generators to shut themselves down after 248 days of continual power-on operation. A software counter in the generators' firmware, it was found, would overflow after that precise length of time. The Register is aware that this is not the only software-related problem to have plagued the 787 during its earlier years.
It is common for airliners to be left powered on while parked at airport gates so maintainers can carry out routine systems checks between flights, especially if the aircraft is plugged into ground power.
The remedy for the A350-941 problem is straightforward according to the AD: install Airbus software updates for a permanent cure, or switch the aeroplane off and on again.
Flying down the rabbit hole
An Airbus marketing publication (PDF) from 2013 explains that the A350's Common Remote Data Concentrator (CRDC) units were designed to "allow significant wiring simplification", with an aerospace trade mag going into greater depth to explain that Airbus' newest airliner design features 29 CRDCs "spread around the aircraft" and working in concert with 21 Core Processing Input Output Module (CPIOM) modules, interfacing with various systems and sensors.
CRDCs take input data (say, the exact position of a flight control surface) and turn that into an ARINC 429-compatible digital signal for transmission over the A350's internal network to a CPIOM. That network runs over a protocol developed by Airbus called ADFX, or Avionics Full-Duplex Switched Ethernet. The CPIOM is effectively a mini computer; in the A350 CPIOMs run discrete avionics "applications", in the sense of apps. CRDCs themselves do not host or run applications, suggesting that the failure condition detailed in the EASA AD may mean loss of a particular app on a CPIOM after a buffer overflow.
A Delta Airlines training manual on Scribd, of all places, explains what the A350's CPIOM apps are. They include: the fuel quantity and management system, which tells pilots how much juice their bird has drunk; the cabin pressure control system; wing ice protection systems; the engine bleed air system, which among other things supplies oxygen to the passenger cabin for you to breathe; and the landing gear extension and retraction system.
Excerpt from A350 avionics training manual
Airlines acquiring the A350-941 model subject to the EASA AD include Air France, American Airlines, Delta Air Lines and Lufthansa, as well as Air China and Taiwan's China Airlines. Both British Airways and Virgin Atlantic are buying A350-1041s, which are a different model from the affected A350-941s.
There are no A350s (ICAO codes A359 and A35K) currently on the UK register, though registrations have been reserved for those being acquired by British airlines.
Airbus PR reps failed to respond to multiple requests for comment.
Ingen kommentarer:
Legg inn en kommentar
Merk: Bare medlemmer av denne bloggen kan legge inn en kommentar.