seahawk wrote:The role of the FAA will have to seen. Surely they can not look through the complete source code of a modern airliner, so they depend on the description of function by the OEM. The question is how Boeing described the MCAS function.
As far as I am familiar with the design of safety-critical embedded systems, it is common awareness that the results (the code) are impossible to check or test, due to code complexity. This holds for decades. Testing is unrealistic, because the error rates of very botched code may be extremely low in statistical terms already.There were 2 deadly MCAS-related crashes, but in that time, what, hundreds of thousand of MAX flights have taken place. So the probability of error would be like 2/100.000. No way you can test for this. One common example of extremely botched design that resulted in horrible deaths was the Therac-25 radiation therapy machine in 80ties. It managed to malfunction 6 times, killing 5 patients and getting familiar with that story is basic training for software development of medical systems. But in that timeframe when 6 malfunctions happened, 6000 patients went through it without any problems. And yet this was a classical example of very very bad code and very very bad design decisions.
So the very stringent design process is the the key to getting safe products. It is the only way. That means that certain rules that don't make sense at first are observed, certain coding standards, certain steps in the development are done, and so on. If you then have coked-up salesman getting his way because he just signed 200 aircraft deal which will go through "IF the engineering just stops complaining" this is a recipe for disaster.
Let's not forget that Toyota lost in court not because the engine control software caused deaths (it was impossible to prove or disprove it), but because they violated even THEIR OWN rules how to write engine control software code (the code which was suspected to cause acceleration violated 5 of Toyota's own 9 rules).
And this is not very different from how FDA works. AFAIK they don't take samples of medicines routinely (or this is not their main priority). When they show up at the pharmaceutical manufacturing plant, their main concern is paperwork, e.g. checking whether you as a manufacturer is following the process that results in safe medicines. I know many people think this is ridiculous but the modern manufacturing processes (and modern embedded software design) simply cannot be supervised otherwise.
Now, FAA outsourcing work to Boeing employees basically breaks that process at several places, I know it has been going on for long time, but in case of MCAS the system obviously broke down completely.