PPRuNe Forums - View Single Post - TAM A320 crash at Congonhas, Brazil
Thread: TAM A320 crash at Congonhas, Brazil
View Single Post
Old 31st Jul 2007, 08:18
  #733 (permalink)  
SoaringTheSkies
 
Join Date: Aug 2005
Location: Cloudbase
Posts: 149
Likes: 0
Received 0 Likes on 0 Posts
bsieker,
I have indeed thought about how many accidents might have been prevented by some of the systems in place. Sadly, I doubt we'll ever get those numbers, as no accident, no investigation, no findings, but the low accident numbers we see show that an extremely high percentage of flights are completely inside the system's gamut and those systems are doing their job.
What scares me is that the system, upon leaving it's "field of known good states" does not necessarily err towards safety, partially maybe because it lacks the "understanding" that something awkward is going on.
Let's be very clear, the given input is, at best, ambiguous:
Wheels on the ground and (probably) spinning
RA 0
one TL in REV, the other probably somewhere between IDLE and CLB.
From that data, the system tries not only to match it's internal state to the physical state of the airplane but also to the pilot's intentions.
My understanding is that the only indication of the pilot's intention the spoilers/brakes system has is the TLA. One forward, one reverse doesn't give more clues than a bunch of tea leaves. At least not without any sequence information to it (which I can't see being used from the diagrams).
I have not brought up the big red button and I'm not fully certain that it would indeed make sense to have such a thing.
My point was: logic that inhibits vital functions like the spoilers/brakes logic must in all cases err to the safe side.
Now we could argue what the safe side is, as in the case of a TOGA, fully deployed spoilers would prove catastrophic as well.
Generally speaking, computers or binary logic will outperform humans in almost all cases, as long as the input pattern matches what was anticipated in it's design.
Humans will sometimes fail as well, when presented with unexpected situations, but at least they have a chance to analyze the situation, understand it and take action. Computers don't.
So, the big red button is more a figure of speech, to me, than an actual button. Trying to find a way for the pilot to say "I have no idea what's going on inside the logic system, but it's clear to me that it's not the way it should be, give me full manual control". A real red button like this could, I agree, probably cause more harm than good, though.
Maybe, however, it's a function of making the system aware that it's caught in a state due to ambiguous signals. I'm not sure if the logic diagrams are simplified or if the logic is really just an "AND" of all inputs. Both main gear squat switches depressed, wheels spinning, maybe even nose wheel spinning, RA 0, one TL in reverse, only one signal missing from the full equation, maybe the system could assume a malfunction there and drop the single illogical input from the equation? Maybe the equation would have to take into account the sequence of events? If the pilot was attempting a go around, the sequence of TL movements would be different from a landing with one TL left in CLB. Then again, adding even more complexity to the equations can't be good either.
pj
SoaringTheSkies is offline