"Locked-door" said:
How on earth do you attribute the BA777 dual rollback to the FADECS? The power loss was caused by fuel starvation due to ice in the fuel/oil heat exchangers. Your accuracy with this is as good as your Airbus knowledge.
CC says:
I've read the 777 thread and I know that ice all by itself is blamed for the accident. But I just don't buy it. Thousands of jet engines with fuel/oil heat exchangers have operated in icing temperatures all over the world for fifty years and I've never heard of a single crash caused by all engines just sitting there in idle. Aren't trent engines certified? Aren't the heat exchangers required to have some sort of a emergency fuel bypass? (this would allow power up which would extinguish any engine fuel ice lights once hot oil re-entered the exchanger.) Haven't you ever done this on jets? Pulled up the boards and shoved the power up on descent to kill the ice lights? I have. Since the machine was dirty, it didn't need boards, just a pilot to disconnect ATS and manually advance enough power to heat up the oil.
But engineers stated on that thread that we don't know for sure that FADEC commanded a throttle up since data points were infrequent and maybe only plotted software commands outside of FADEC instead of actual FCU position. I'm not a software expert, but even I know that FADECs have a reboot subroutine that rolls the engine back to idle if certain anomalies crop up. Not only that, but a programmer there was claiming the A and B channels are identical code adopted (allegedly) to save programmer costs.
Ask yourself:
how could both engines have enough fuel to remain in idle but not enough to produce partial power when commanded to? What are the odds ?
All I can fathom is that dual identical software bugs struck at the same time in the same conditions since the code is identical on both channels and identical on both engines. I'm told all performance is impossible to test before certification, since you're talking about millions of lines of computer code and exponential combinations of output. It might take ten or twenty years to test all the possible software decision trees. So they rubber stamp it and "finish it in the field."
An insane arrangement, but one that today's button pusher seems to have no problem with. An engine who knows better than the captain when to roll itself back or prevent a power up if expected engine and RPM values don't materialize!
Again, we've saved the equipment and lost the airplane.
What a concept!
Oh, Give me a steel cable connected directly to the FCU anyday!
(i.e, give me a way to turn the HAL 9000 off when it goes nuts).
Captain Dinosaur - out
By the way, I'm retired and all these are just my opinions only, and I could be wrong about everything.
..