VAF Forums

VAF Forums (https://vansairforce.net/community/index.php)
-   Glass Cockpit (https://vansairforce.net/community/forumdisplay.php?f=35)
-   -   Do I still need an independent backup AI? (https://vansairforce.net/community/showthread.php?t=122553)

Brantel 02-09-2015 03:54 PM

I had a triple screen G3X system with dual AHRS units and still had a totally standalone separate backup EFIS (TT Gemini then a Dynon D6). The latest version of my panel swapped the triple screens for one 10" Touch but kept the backup EFIS. I eventually plan to add the 7" Touch to the co-pilot side but I will keep the backup EFIS.

I totally agree with TeamX's position on this subject!

RV7A Flyer 02-09-2015 11:01 PM

Quote:

Originally Posted by avionicsr (Post 957541)
Absolutely YES, you need an independent backup Attitude, Altitude and Airspeed. ...The reason is, even with two AHRS and an independent backup battery there is still the very, very slim potential for a common software problem to cause all displays and/or AHRS to reset.

Although there is nothing wrong with having redundant devices/systems from different manufacturers, it is not necessarily true that it eliminates common-mode software errors. Experiments done by software safety researchers (ref. Leveson, et al.) demonstrate that n-version programming quite often results in the same "errors" in design and implementation by completely independent teams (given the same requirements). This is quite a controversial result, but it appears to be the case based on research into software systems safety.

avionicsr 02-10-2015 01:12 PM

Quote:

Originally Posted by RV7A Flyer (Post 957896)
Although there is nothing wrong with having redundant devices/systems from different manufacturers, it is not necessarily true that it eliminates common-mode software errors. Experiments done by software safety researchers (ref. Leveson, et al.) demonstrate that n-version programming quite often results in the same "errors" in design and implementation by completely independent teams (given the same requirements). This is quite a controversial result, but it appears to be the case based on research into software systems safety.

As we all know, nothing in aviation is an absolute guarantee, but the likelihood of two independent systems suffering a failure that causes a reset at the exact same time is significantly lower than that of a single system resetting.

Rather than getting wrapped up in the miniscule details of software, research, and hardware, the point being made here is:
Due diligence in providing a safe, IFR platform means following the part 23 guidelines and providing an independent Attitude, Altitude, and Airspeed powered by an independent power source (independent backup battery is acceptable).

I personally, will not put myself or my family in a glass panel aircraft in IFR conditions, either certified or experimental, without a panel mount backup basic flight instruments with an independent power supply. Whether that backup power supply is an internal backup battery or pneumatic and vacuum makes no difference, as long as it's independent.

RV7A Flyer 02-10-2015 10:39 PM

I'm not arguing that point. I have a backup EFIS myself, and both primary and backup have backup batteries, plus one is on the E-buss, primary has external ADAHRS, backup has internal/external, etc. (Skyview primary, D6 backup).

I was only pointing out that the na?ve approach of insisting on different manufacturers on the basis of n-version programming isn't necessarily grounded in facts, based on research into safety-critical software development.

dutchroll 02-13-2015 02:07 PM

I look at redundant same-brand EFIS screens as simply a convenience in the case of something like a display failure. Likewise, electrical bus faults do happen and so some sort of backup power supply is a given.

However I agree that a totally independent standby attitude source, if you fly lots of IFR, is a very good idea.

From a risk assessment perspective, the chance of a common fault causing multiple display failure in IMC is certainly rare. However the consequences are extreme if there isn't an independent source!


All times are GMT -6. The time now is 11:54 PM.