This raises the question of what kinds of tests Boeing did for this autopilot...
I would want to have simulated landings at every airport in the world and a few million synthetic airports, and to do those tests with various simulated wind speeds, signal degradations, engine failures, broken actuators, damaged wings, etc.
For each test, I would determine if the plane is within the design envelope (for example, cross wind speed under 100 mph for landing), and if so require the test success.
I would also be running tests outside the design envelope, but be aiming to tweak the design to pass as many as possible - that way you might survive a few crazy 'wing cut off by passing UFO' type incidents.
I don't see any way such a bug could pass such tests... Which suggests they didn't run those tests, which is concerning.
Just a side note: the loss of a wing is one the "exceptions" that go deliberately "unhandled". Not even sensors and alerts are implemented -- after all, it's such an unlikely event, unrecoverable from, and they would simply add weight and complexity just to let the crew know the plane is doomed.
This sadly happened, though, with flight Gol 1907 in 2006. The wing was cut off by a crash with another plane in-flight. You can hear in the voice recorder the warnings about the plane falling off the safety envelope (and no mention to the lost wing ofc), and it's really sad how lost the crew gets during the seconds between the loss of the wing and the airplane destruction.
Interestingly there are lots of 'unusual' flight modes that actually stay aloft, especially if you are able to throttle up/down and move actuators very fast (ie. 10 Hz). I could totally imagine some existing planes being able to do some.
Interesting indeed. There was an Israeli pilot who managed to land an F-15 with a single wing [0]. That was considered impossible by then.
I couldn't find a link, but I think that, more recently, they were trying to reproduce the feat using the possibilities offered by automation. That would be a desirable feature in military aircraft indeed. However, I'm not sure whether that would be physically possible in airliners. The lift provided by the fuselage is too little.
The beauty of international standarda and norms is, that you do not have to test every single use case. All you have to do, and that is difficult enough, is to test to standardized use cases. And then someone else is making sure everyone is adhereing to those standards. That is what regulations are good for.
I would want to have simulated landings at every airport in the world and a few million synthetic airports, and to do those tests with various simulated wind speeds, signal degradations, engine failures, broken actuators, damaged wings, etc.
For each test, I would determine if the plane is within the design envelope (for example, cross wind speed under 100 mph for landing), and if so require the test success.
I would also be running tests outside the design envelope, but be aiming to tweak the design to pass as many as possible - that way you might survive a few crazy 'wing cut off by passing UFO' type incidents.
I don't see any way such a bug could pass such tests... Which suggests they didn't run those tests, which is concerning.