[新聞] 787 必須要定期重開機

作者: takahashikag (那來自某島的蘇州軍部長)   2020-04-03 13:49:26
[媒體名稱] Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots
[新聞日期] 2 Apr 2020 at 14:45
[網址] https://bit.ly/3e0w5TI
[內文] 翻譯蒟蒻跟感想在心得
US air safety bods call it 'potentially catastrophic' if reboot directive not implemented
The US Federal Aviation Administration has ordered Boeing 787 operators to switch their aircraft off and on every 51 days to prevent what it called "several potentially catastrophic failure scenarios" – including the crashing of onboard network switches.
The airworthiness directive, due to be enforced from later this month, orders airlines to power-cycle their B787s before the aircraft reaches the specified days of continuous power-on operation.
The power cycling is needed to prevent stale data from populating the aircraft's systems, a problem that has occurred on different 787 systems in the past.
According to the directive itself, if the aircraft is powered on for more than 51 days this can lead to "display of misleading data" to the pilots, with that data including airspeed, attitude, altitude and engine operating indications. On top of all that, the stall warning horn and overspeed horn also stop working.
This alarming-sounding situation comes about because, for reasons the directive did not go into, the 787's common core system (CCS) – a Wind River VxWorks realtime OS product, at heart – stops filtering out stale data from key flight control displays. That stale data-monitoring function going down in turn "could lead to undetected or unannunciated loss of common data network (CDN) message age validation, combined with a CDN switch failure".
Solving the problem is simple: power the aircraft down completely before reaching 51 days. It is usual for commercial airliners to spend weeks or more continuously powered on as crews change at airports, or ground power is plugged in overnight while cleaners and maintainers do their thing.
The CDN is a Boeing avionics term for the 787's internal Ethernet-based network. It is built to a slightly more stringent aviation-specific standard than common-or-garden Ethernet, that standard being called ARINC 664. More about ARINC 664 can be read here.
Airline pilots were sanguine about the implications of the failures when El Reg asked a handful about the directive. One told us: "Loss of airspeed data combined with engine instrument malfunctions isn't unheard of," adding that there wasn't really enough information in the doc to decide whether or not the described failure would be truly catastrophic. Besides, he said, the backup speed and attitude instruments are – for obvious reasons – completely separate from the main displays.
Another mused that loss of engine indications would make it harder to adopt the fallback drill of setting a known pitch and engine power* setting that guarantees safe straight-and-level flight while the pilots consult checklists and manuals to find a fix.
A third commented, tongue firmly in cheek: "Anything like that with the aircraft is unhealthy!"
A previous software bug forced airlines to power down their 787s every 248 days for fear that electrical generators could shut down in flight. Airbus suffers from similar issues with its A350, with a relatively recent but since-patched bug forcing power cycles every 149 hours.
Staleness persists
Persistent or unfiltered stale data is a known 787 problem. In 2014 a Japan Airlines 787 caught fire because of the (entirely separate, and since fixed) lithium-ion battery problem. Investigators realised the black boxes had been recording false information, hampering their task, because they were falsely accepting stale old data as up-to-the-second real inputs.
More seriously, another 787 stale data problem in years gone by saw superseded backup flight plans persisting in standby navigation computers, and activating occasionally. Activation caused the autopilot to wrongly decide it was halfway through flying a previous journey – and manoeuvre to regain the "correct" flight path. Another symptom was for the flight management system to simply go blank and freeze, triggered by selection of a standard arrival path (STAR) with exactly 14 waypoints – such as the
BIMPA 4U approach to Poland's rather busy Warsaw Airport. The Polish air safety regulator published this mildly alarming finding in 2016 [2-page PDF, in Polish].
This was fixed through a software update, as the US Federal Aviation Administration reiterated last year. In addition, Warsaw's BIMPA 4U approach has since been superseded. The Register asked Boeing to comment.
[心得]
簡單說,如果 787 的總電源沒有固定的關閉後重開,導致機上的電腦持續運轉,那過時的傳輸數據可能會在 AFDX 之中傳送,最嚴重的結果可能是機載電腦接受這些數據後,向飛行員「顯示錯誤的數據」,這些數據包括空速,姿態,高度和發動機運作狀態
而最嚴重的是,失速警告和超速警告系統也會因為錯誤數據而停止工作
而導致這種狀況的原因是,787 飛行電腦的作業系統(CCS,這是基於 WindRiver 公司開發的 VxWorks 作業系統,然而 VxWorks 這套 rtOS 其實本身很穩定,許多衛星跟軍用平台都是用這套系統去改寫)出現問題,CGS 停止了從關鍵功能中過濾掉過時數據的功能
也因此,用於監視數據傳輸的功能可能反過來告訴 AFDX 交換器傳輸的正常資料是過期或異常的,進而導致交換機異常
而這種問題第一次被發現,是在全日空的 787 電池單元起火的事故中,調查中發現黑盒子中的數據被異常且不正確的數據寫入,影響了調查,然而這種問題並沒有被確實解決
而另外的兩個問題,分別是備用電腦會在飛行中自己啟動,導致自動駕駛錯誤地認為它是在上一次飛行的中途,而且試圖重新它認為「正確」的飛行路徑,而另一個問題是系統會當機且顯示空白畫面,這個問題可以透過通過十四個導航點的進場指引方式來觸發
A350 也有過電太久候機上電腦會異常的問題,但這個相對較新的問題也經被修復
作者: NiChu (氵尼~~魚禾火~~)   2020-04-03 13:54:00
飛行電腦重開不知道會不會很久? 如果不會很久,那把每趟飛行後必須關閉電腦或是每次飛行前需執行開機-再啟動的SOP寫進飛行前檢查不就結案了??...
作者: akira30 (akira)   2020-04-03 14:08:00
48hr內要做一次Daily check
作者: yoshilin (明明可以靠臉吃飯)   2020-04-03 14:24:00
我也是這樣解決Windows的問題很有效喔
作者: maikxz (超級痛痛人)   2020-04-03 14:29:00
Power cycle設備大招啊
作者: acomp (clarity)   2020-04-03 14:37:00
這不是 2016 就被 FAA 要求修復的 bug 嗎喔..這是新bug.
作者: tivallion (Tiva)   2020-04-03 15:25:00
787可以考慮裝360 安卓手機清垃圾第一品牌
作者: yamakazi (大安吳彥祖)   2020-04-03 15:31:00
作者: TsukimiyaAyu (ㄎㄎㄎㄎㄎㄎㄎㄎㄎㄎㄎ)   2020-04-03 15:34:00
金山軟件
作者: cka   2020-04-03 15:37:00
Windows也是這樣 有異常的時候重開機就好了
作者: asdfghjklasd (好累的大一生活)   2020-04-03 15:40:00
787 是找中國人寫的FW?
作者: jack168168tw (陳年老魯蛇)   2020-04-03 15:52:00
看到標題以為我在mobileComm版
作者: eatingshit (別懷疑我叫宜霆謝)   2020-04-03 16:07:00
一定是安卓惹的禍
作者: whocare96   2020-04-03 16:34:00
記憶體呼叫了用完沒release?
作者: QuentinHu (囧興)   2020-04-03 17:36:00
立刻想到愛國者飛彈+1
作者: lexar (hot n' cold)   2020-04-03 17:51:00
重開機治百病
作者: FTICR (FT-ICR)   2020-04-03 18:51:00
正常情況平常不會關機嗎?
作者: edison (edison)   2020-04-03 19:15:00
這陣子肯定是關機關到拔插頭了
作者: aahome (少說話)   2020-04-03 20:54:00
伺服器的概念 伺服器沒問題是不用重開的
作者: ganlinlowmo (ID是個錯誤-槍哥)   2020-04-03 21:01:00
賓士的中控系統不會當機 可是BMW常常當airbus boeing
作者: donkilu (donkilu)   2020-04-04 03:46:00
這什麼爛OS...
作者: snalvc (snalvc)   2020-04-04 19:29:00
這個"爛OS"幾乎在所有航太和軍事系統上都可以看到,一大票衛星導彈飛機都有用。我猜不是VxWorks本身的問題,32位元無號整數最大表示到4294967295,如果是以毫秒為單位的時間戳的話,大概就是51天,應該是application沒處理好溢位的問題。
作者: Boeing78710 (b787-10)   2020-04-06 10:01:00
不是啦 是我不想睡太久而已...
作者: yuinghoooo (KiXeon)   2020-04-08 20:27:00
重寫很痛苦吧
作者: sammy98 (軍)   2020-04-10 06:35:00
BMW也是啊 不重新reset 一堆假錯誤碼

Links booklink

Contact Us: admin [ a t ] ucptt.com