Go Back  PPRuNe Forums > Flight Deck Forums > Tech Log
Reload this Page >

TCAS philosophies

Tech Log The very best in practical technical discussion on the web

TCAS philosophies

Old 17th Sep 2007, 23:14
  #41 (permalink)  
 
Join Date: Dec 2003
Location: Tring, UK
Posts: 1,822
Received 2 Likes on 2 Posts
PBL,

I would have thought it was a straightforward exercise to list the differences between a ground proximity warning and an RA.

1. Ground proximity is based on radio altimetry, not on self-advertisement from another electronic device.
2. That altimetry is measuring something definite and very close
3. What it is measuring will not move and requires no projected CPA that must be monitored during the manoeuvre in case a different advisory is required
4. You are way out of legal airspace when you get that warning, so the likelihood that there is someone else around you is just about zero and you can pretty much do what you like.
I agree with 1. to 3. but would you agree that 4. is likely to happen near an airport (you have to approach the ground when landing and get near it when taking off) and airports are well known as places where aeroplanes like to congregate... Anyway, the points I'm trying to make are:

a) GPWS and TCAS (and to a lesser extent EGPWS) are last-defence systems, conceived to possibly stop/reduce the chances of an accident occurring. They are not designed or certified to replace ATC or good piloting - except at the last minute when either or both have been lacking.

so,

b) As the alerts/advisories/warnings given by the above equipment are somewhat time constrained in their period of usefulness (!), then a consistent response over a short period is required to allow these systems to function as intended, i.e. you can't pontificate at great length about what action to take: it must be a memory drill - "recall item". And you have to perform it correctly.

I introduced a specific scenario. Maybe if airmen doesn't want to address it, then you can? Why is manoeuvring against the RA the "worst possible option" in the specific scenario I gave?
I assume that is the Überlingen scenario? I say that it was the worst possible because it led to a collision; almost by definition any other action would have produced a "miss". I know this is slightly simplistic but if you think about it in reverse, to generate a "hit" both aircraft have to occupy the same small space over the same very small time period. Any changes to the trajectories of either will quickly disrupt this meeting. Finally, it's because the manual says: "NEVER MANOUVER AGAINST AN RA".

Those are not the only two options. Another arises when you have an advisory to manoeuvre to avoid a conflict from same-level or higher, and you have an aircraft below you in sight. What would your decision be and why?
Follow the RA. The danger in aviation comes mostly from the aircraft you can't/haven't seen or aren't aware of. I would posit that you are unlikely to hit an aircraft that you have in plain sight as you can tell if it is on a constant relative bearing or not; also you have the option of a lateral manoeuvre to de-conflict. If the a/c below has TCAS, there might be coordination going on that you are unaware of. If it doesn't, then they'll (like you) probably follow the rules of the air to avoid a collision (if they've seen you!)

I find detailed technical discussions about most things to do with aviation absolutely fascinating... but the job has shown me that for some scenarios, you have to have a fairly rote response prepared for immediate use. I applaud scientific examination of the limits of aircraft systems but when you get to 99.99% confidence (or whatever) in a particular one, especially if it involves time-critical warnings, you just have to say: "It works, do what it says" as there isn't any room left to do a risk analysis on an alternative response.

I have had several RA's in real life, one caused by an aircraft directly above deciding to descend at a great rate through our level. Did TCAS save our lives? Don't know but it was f***ing close when we did eventually see it.
FullWings is offline  
Old 18th Sep 2007, 06:39
  #42 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
Thoughtful posts from alf, ATC Watcher and FullWings.
I'll respond to alf and ATC Watcher separately from FullWings, since I am having trouble getting the SW to let me jump between pages to copy quotes, without losing my reply window.

Originally Posted by alf5071h
your response related to GPWS
That's right. FullWings posed the GPWS warning as a comparison. I believe the decision problem with GPWS is fairly straightforward; also, one has apparently only about 12 seconds to respond, so even if there are uncertainties, there is no time to formulate a decision: your reaction must have been formulated in advance.

I am also talking about the algorithms, assuming that the equipment functions as intended. And I realise that can be a big "if". ATC Watcher's point about maturity refers partly to this issue: can we get the kit to function as intended?
If so, let me call the kit "refinable".

Let me call a system "adequate" if, when it functions as intended, its goal is achieved.

Let me call a aid system "optimal" if pilots can adequately follow the required behavior.

Then the GPWS algorithm is refinable, adequate, but not optimal. Whereas TCAS is refinable, not adequate, and questionably optimal if at all.

Comparing with EGPWS is a different kettle of fish. For example, Capt Pit Bull's point about map-shifts show that it is not adequate (in the terminology above). I haven't worked on EGPWS long enough to have as good a grasp of the issues as I would like.

Originally Posted by alf5071h
As for the solution to the three aircraft ACAS problem, this is done reasonably successfully by combat pilots in 1 vs 2 situations.
Yes, but they are using 3-dimensional avoidance, whereas TCAS is a 1-dimensional algorithm. The ACAS problem and the TCAS problem are not identical.

Originally Posted by alf5071h
Considering three aircraft avoidance, x, y and z, then a solution could be in the form of x^4 = y^4 + z^4.
This form of equation for powers greater than 2 has been proven to have no solution (Fermat’s conjecture).
What are x, y, and z here?

Three aircraft follow trajectories in 3-d Euclidean space, so
their position at time t is given by functions
f(t), g(t) and h(t), and the values of these functions are points in 3-D space. So there are coordinate functions (in your favorite coordinate system) f1, f2, f3, g1, g2, etc. Easiest is to pick one coordinate as the direction of the TCAS movement: say the third. Then either there are some trajectories f,g,h such that, with accelerations as specified by TCAS in direction f3, g3, h3, at least two of those trajectories come sufficiently close, or for all trajectories f,g,h, none of them come sufficiently close.

The quartic equation you gave has no *integer* solutions. That was shown by Wiles and Taylor. If has lots of solutions; indeed, its solutions form nice shapes in 3-space.

Originally Posted by alf5071h
I claim my PhD !
Sorry, not quite there yet

PBL
PBL is offline  
Old 18th Sep 2007, 06:53
  #43 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
FullWings,

I agree that GPWS alerts are most likely to happen during take-off and landing phases, and I obviously agree that airplanes congregate around airports. However, if there is rising terrain then either you are in "mountainous terrain" and the next legitimate airplane is 2,000 ft above, which at < 256 kts true leaves everyone lots of time, or you are near a protected approach channel (that you should be on) and there is no one close above. And you don't follow a GPWS pull-up for 30 seconds.

With TCAS, at more than 256 kts true, and airplanes legitimately 1,000 ft above (under RVSM, say), you have a required 30 second manoeuvre time, and you are in that other guy's legitimate airspace before your manoeuvre is over.

I can guarantee you that this situation has not been analysed thoroughly with regard to the interactions.

So I don't regard the situations as comparable.

Concerning the scenario I posed,
Originally Posted by FullWings
Follow the RA. The danger in aviation comes mostly from the aircraft you can't/haven't seen or aren't aware of. I would posit that you are unlikely to hit an aircraft that you have in plain sight
You seem to me to be giving conflicting answers here. "Follow the RA" says climb into the aircraft you are not painting. But you then say he's the danger. Exactly my view. The "aircraft in plain sight" that "you are unlikely to hit" is DHL. So that suggests you would manoeuvre contrary to what you suggested in the first sentence.

PBL

Last edited by PBL; 18th Sep 2007 at 07:07.
PBL is offline  
Old 18th Sep 2007, 07:42
  #44 (permalink)  
 
Join Date: Aug 2007
Location: Oerlinghausen, DE
Age: 49
Posts: 35
Likes: 0
Received 0 Likes on 0 Posts
@FullWings:

You base your descision, which reaction to a collision threat is good, which is bad on the manual and the outcome of a situation.

As the outcome of a collision threat and the actions to resolve it can only be judged after the threat is resolved (or not), a crew cannot use this criteria for its descisions. Leaving only the manuals. If all manuals around the world contain the same instructions, all would be fine. But in the Ueberlingen accident, this was not the case.

Finally, it's because the manual says: "NEVER MANOUVER AGAINST AN RA".
The Tu154M Flight Operations Manual had the following passgae (at least around Jul 2002) and, as you will note, "never manouver against an RA" was not in it.

"For the avoidance of in-flight collisions is the visual control of the siituation in the airspace by the crew and the correct execution of all instructions by ATC to be viewed as the most important tool.
TCAS is an additional instrument which ensures the timely determination of on-coming traffic. the classification of the risk and, if necessary, planning of an advice for a vertical avoidancy manoeuvre."

So the "never manoeuver against an RA" at least was not in the TU154M FOM. Instead the crew was supposed to follow ATC, get visual control of the situation and descide for itself, which action best to take.


So, if the out-come and the manuals are not usable for deciding on good and bad reaction to a collision threat, what criteria do we have left?
joernstu is offline  
Old 18th Sep 2007, 23:07
  #45 (permalink)  
 
Join Date: Dec 2003
Location: Tring, UK
Posts: 1,822
Received 2 Likes on 2 Posts
PBL,

However, if there is rising terrain then either you are in "mountainous terrain" and the next legitimate airplane is 2,000 ft above, which at < 256 kts true leaves everyone lots of time, or you are near a protected approach channel (that you should be on) and there is no one close above. And you don't follow a GPWS pull-up for 30 seconds.
Hmmm. In the widebody I fly, a full-energy pull-up will generate sustained rates of climb of 5,000fpm+, when down to average landing weights. This is enough to cause an RA for someone 2,000' above you. Also, most airlines SOPs would require that a "hard" GPWS is followed by a max angle climb until out of immediate danger, then possibly further to MSA, especially in IMC. This is because if you trigger the GPWS you are probably not where you thought you were, so instead of finding out exactly where the ground is by using the aircraft structure as a probe, you get the hell out of there into a known environment. This may take some time, possibly a lot longer than 30 seconds.

One of my recent details involved flying north over Lake Geneva at 1,500' in landing config. until a full EGPWS was triggered. It took some time to get to 7,000' to clear the top of the mountain (as you keep the config. the same during the escape) but the angle of climb just overtook that of the slope.

You seem to me to be giving conflicting answers here. "Follow the RA" says climb into the aircraft you are not painting. But you then say he's the danger. Exactly my view. The "aircraft in plain sight" that "you are unlikely to hit" is DHL. So that suggests you would manoeuvre contrary to what you suggested in the first sentence.
I think you've misunderstood my response. When I said "follow the RA" I wasn't thinking about whether it was climb, descend, monitor, increase, decrease, etc. I meant follow it whatever it says. I've done many sim exercises involving multiple aircraft encounters and it's interesting being non-handling and watching the whole thing unfold out of the window whilst monitoring what's on the cockpit displays. With "crossing climbs" and "squeezes" you get pretty close but there is always a "reality check" with relative bearings - if it's moving across the windscreen, you're not going to collide (unless it's filling it as well ). If for some reason the TCAS has failed to resolve the conflict then there is always the last-ditch option of a lateral or vertical change of course. This is likely to be an exceedingly rare event, so an early attempt to manoeuvre outside/against the TCAS guidance will diminish safety margins pretty much all of the time.

In your original scenario: "an advisory to manoeuvre to avoid a conflict from same-level or higher, and you have an aircraft below you in sight" there are at least three aircraft present. As far as I'm aware there were only two aircraft involved in the accident we're talking about?

joernstu,

If all manuals around the world contain the same instructions, all would be fine. But in the Ueberlingen accident, this was not the case
I'm sure they do now. I think, although I may be wrong, that the Tu154 Flight Manual for that airline was out of step with SOPs in pretty much every major carrier, even in 2002
FullWings is offline  
Old 20th Sep 2007, 07:22
  #46 (permalink)  
 
Join Date: Jan 2006
Location: Deep in fog
Posts: 24
Likes: 0
Received 0 Likes on 0 Posts
This is an extract from the
FCOM3 A-319\320 Operating Limitations 3.01.34 p1
of one of Russian airline.

"It is not recommended to use TCAS II (ACAS) TA/RA mode in flight in former USSR airspace. When ТА mode is selected, pilots should coordinate actions with the АТС. In the former USSR airspace, aircraft can only fly on routes covered by АТС ground facilities, using RBS mode."

Looks strange (at least).
Every flight I brake this "limitation".
hedgehog-in-fog is offline  
Old 20th Sep 2007, 08:20
  #47 (permalink)  
 
Join Date: Sep 2007
Location: FL600-FL290
Posts: 71
Likes: 0
Received 0 Likes on 0 Posts
I wonder how close ATC "Traffic Alert" and "Conflict Alert" parameters are to TCAS RA's, I know they have greater margins built in to ATC alerts, so that a TCAS RA can be avoided if possible.


How much lead time does a TCAS RA give? Or is it dependant on the situation?
CDN_ATC is offline  
Old 20th Sep 2007, 10:31
  #48 (permalink)  
Pegase Driver
Thread Starter
 
Join Date: May 1997
Location: Europe
Age: 73
Posts: 3,656
Likes: 0
Received 0 Likes on 0 Posts
Oh dear oh dear !
hedgehog-in-fog:
This is an extract from the
FCOM3 A-319\320 Operating Limitations 3.01.34 p1
of one of Russian airline.It is not recommended to use TCAS II (ACAS) TA/RA mode in flight in former USSR airspace
I sincerely hope that the date on top of this FCOM page is before 2002 ..
CDN_ATC,:
How much lead time does a TCAS RA give? Or is it dependent on the situation?
I do hope that you are not working as a controller in the UAC I am thinking about, seen your profile location. If you do, then we we still a lot of education to do...
In short :
ATC Short term conflict Alert (STCA) is depending on ATS systems, there is no fixed parameter worldwide, but is typically 2 minutes, while ACAS audio warnings are dependent on altitude, but in the upper airspace , they start around 45 seconds before CPA. There are no coordination whatsoever between the 2 systems.
ATC Watcher is offline  
Old 20th Sep 2007, 13:12
  #49 (permalink)  
 
Join Date: Jan 2006
Location: Deep in fog
Posts: 24
Likes: 0
Received 0 Likes on 0 Posts
ATC Watcher
I sincerely hope that the date on top of this FCOM page is before 2002 ..

2006
Sorry
hedgehog-in-fog is offline  
Old 20th Sep 2007, 17:24
  #50 (permalink)  
 
Join Date: Nov 2004
Location: Here, there, and everywhere
Posts: 1,118
Likes: 0
Received 12 Likes on 7 Posts
"Please read my analysis of the decision problem presented to the Bakshirian crew at Überlingen. They were faced with an "intruder" at 10 o'clock which they saw, and an unknown conflict at 2 o'clock which they didn't see, and for which they had an advisory to descend (that is, he was at or above their altitude).
What would you do? Climb towards another conflicting aircraft that you don't see but ATC does? Or avoid him, descend towards an aircraft that you do see, and hope to avoid him using visual means?
Please give some good reasons for your answer that will also be good reasons for any other pilot in this situation."
Reading part of the report quickly, I couldn't find where this second intruder is mentioned. Please show the chapter for me.

Section 2.2.2 says that the DHL plane was to the left of the 154 and first seen on TCAS at 27 miles. The board says in this chapter that the crew knew that the intruder aircraft was at their altitude based on the captain saying "Here it is showing zero". The 154 crew then got a traffic alert and after being instructed to descend by ATC, they got a climb RA. They followed ATC and the rest is history.

Faced with your scenario above, I would follow the RA. It is most surely correct that it is giving accurate information about a high risk of conflict. Ignoring an RA because there are some other lights out there is very risky. There are many optical illusions, especially at night and those other lights may be very far off or not even an airplane. I would suggest that the risk of a collision with that aircraft is likely less and even if you were to intentionally try to hit it you would most likely miss. On the other hand thinking that you can visually avoid a conflict by going against the RA can lead to disaster as this JAL captain nearly found out, by almost creating the world's worst aviation disaster.

http://aviation-safety.net/database/...?id=20010131-3

As an example of an illusion of a risk of collision leading to evasive action that actually caused a collision leading to airline passenger deaths, read this.

"TWA Boeing 707 N748TW and Eastern Constellation N6218C approached Carmel VORTAC at FL110 resp. FL100. Due to an optical illusion caused by the up-slope effect of cloud tops, the Eastern 1st officer thought they were on collision course with the TWA jet. He pulled up the Constellation. The reaction of the TWA crew was to roll to the right, followed by a left roll down. Both aircraft collided. The Boeing made a safe landing.

PROBABLE CAUSE: "Misjudgement of altitude separation by the crew of EA853 because of an optical illusion created by the up-slope effect of cloud tops resulting in an evasive manoeuvre by the EA853 crew and a reactionary evasive manoeuvre by the TW42 crew.""

http://www.prop-liners.com/midair.htm

Avoid the danger that is being warned to you by reliable technology, sometimes it is dangerous to try to outthink it all. In the end, its an odds game with TCAS in your favour.

As an interesting tidbit in this report, read section 1.1.2. The aircraft was proceeding direct to Trasadingen VOR. After the captain of the 154 said "Look here, it indicates zero", and more than a minute before the collision, with the autopilot pitch channel and roll channel still engaged, the airplane turned at a bank angle of 10° to the right a total of 10° heading change. Was this using the TCAS as a lateral conflict avoidance tool? Would they have missed each other if this slight turn had not been made? Perhaps not.

Last edited by punkalouver; 9th Dec 2007 at 22:49.
punkalouver is online now  
Old 22nd Sep 2007, 10:54
  #51 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by punkalouver
I couldn't find where this second intruder is mentioned. Please show the chapter for me.
If one doesn't know that the Russian crew were concerned with two possible intruders, one is missing a large part of what can be learned from the accident.

Since the thread has split since some of the observations were introduced, let me first refer to it:
Originally Posted by pbl, in post on [email protected], currently #87 of Überlingen-trial thread
Section 2.2.2 of the (english version of the) report, which says "According to CVR data it can be concluded that the instructor searched the airspace in front and to the right in vain."
Reason is that ATC had given as a reason for immediate descent that traffic was at 2 o'clock. Bakshirian already had visual contact with DHL, who was at 10 o'clock.

The Überlingen-trial thread went two ways, almost from the start. The first was to, well, celebrate the rehabilitation of Peter Nielsen (which event I applaud!). The second was to discuss the accident again. I plead guilty to contributing to the second. ATC Watcher split the thread.

A good place to start reading the previous thread is at a contribution from 30.05.2007 by 120.4. I brought in my study of TCAS on 05.09@10:40, currently post #78. The study can be found at
http://www.rvs.uni-bielefeld.de/publ...rts/SCSS04.pdf
and is published in
http://crpit.com/Vol47.html,
specifically
http://crpit.com/confpapers/CRPITV47Ladkin.pdf
in which the paper by Ed Williams is also pertinent:
http://crpit.com/confpapers/CRPITV47Williams.pdf

Originally Posted by punkalouver
the airplane turned at a bank angle of 10° to the right a total of 10° heading change. ......... Would they have missed each other if this slight turn had not been made?
We have been trying to figure out this turn for a couple of years, without success.

I think they would have missed.

PBL

Last edited by PBL; 22nd Sep 2007 at 11:24.
PBL is offline  
Old 22nd Sep 2007, 12:49
  #52 (permalink)  
 
Join Date: Nov 2004
Location: Here, there, and everywhere
Posts: 1,118
Likes: 0
Received 12 Likes on 7 Posts
Thanks I found the referance. I would still play the odds in my favour and follow the RA. After all. If ATC is giving you an immediate descent due to traffic they are showing here that they probably have already made an error of some sort. A big reason for TCAS is to prevent a collision due to ATC error.
Follow the RA. I don't think many of us on a line check will get top marks for saying we wouldn't(not counting an overriding stall or GPWS warning at the same time).

Last edited by punkalouver; 22nd Sep 2007 at 17:43.
punkalouver is online now  
Old 22nd Sep 2007, 16:36
  #53 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by punkalouver
If ATC is giving you an immediate descent due to traffic they are showing here that they have [probably] already made an error of some sort
Or they are handling a military aircraft with an emergency, or a military aircraft with whom they have lost communications and who is manoeuvring. [Added after punkalouver's edit: I don't think anyone has a good grasp of what probabilities may be involved here.]

You are right about it being an odds game. Profis call it a "decision problem under uncertainty". One of the main issues for me is that none of the experts who study and devise strategies for such "decision problems under uncertainty" would go so far as to make a strategy compulsory. But that is what the BFU recommended about TCAS RAs, and that is what other organisations are promoting.

PBL

Last edited by PBL; 22nd Sep 2007 at 19:36.
PBL is offline  
Old 22nd Sep 2007, 17:46
  #54 (permalink)  
 
Join Date: Nov 2004
Location: Here, there, and everywhere
Posts: 1,118
Likes: 0
Received 12 Likes on 7 Posts
I edited my last post to say thet they have PROBABLY already made an error. As a minor side note, at least some aircraft are designed so that if a GPWS warning is activated, the TCAS will go into TA mode and TCAS audio alerts are muted.
punkalouver is online now  
Old 22nd Sep 2007, 18:48
  #55 (permalink)  
 
Join Date: Sep 2007
Location: FL600-FL290
Posts: 71
Likes: 0
Received 0 Likes on 0 Posts
ATC Short term conflict Alert (STCA) is depending on ATS systems, there is no fixed parameter worldwide, but is typically 2 minutes, while ACAS audio warnings are dependent on altitude, but in the upper airspace , they start around 45 seconds before CPA. There are no coordination whatsoever between the 2 systems.
I'm aware that TCAS and ATC CA do not co-ordinate, wasn't my question sorry if it came off that way.


There has been numerous accounts however of TCAS going off and issuing an RA even when there's no airplane within 100 miles of their location.

Also TCAS going off and issuing an RA for "Traffic above" when tapes prove neither airplane infringed on the 1000' separation.

If TCAS/ACAS is giving RA's for airplanes that don't even exist, whos to say it will come up with the right answer every time when they do?

Obviously TCAS is an invaluable tool, and would have likely saved the Gol disaster had the Legacys transponder been on, but one has to wonder just how well it works.

It's not exactly easy to "test" it on a regular basis real world without endangering lives.
CDN_ATC is offline  
Old 22nd Sep 2007, 19:42
  #56 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by CDN ATC
Also TCAS going off and issuing an RA for "Traffic above" when tapes prove neither airplane infringed on the 1000' separation
This is an ACAS versus ACAS-II specification incompatibility. It is also a kit problem, as follows.

This is a known problem with Honeywell's TCAS 2000 V 6.4, which is not ACAS-II-compliant, and is fixed with TCAS 2000 V7, which is ACAS-II-compliant. The issue is that the RVSM altitude-measurement requirements allow some margin for error, and if the aircraft below errs allowably above its true and the aircraft above errs allowably below its true, the vertical separation is less than that required to trigger a V 6.4 RA (but not less than that required to trigger a V7 RA).

I hear rumors that it is taking longer to get away from V6.4 than originally envisaged. Anyone have data?

PBL
PBL is offline  
Old 22nd Sep 2007, 21:44
  #57 (permalink)  
 
Join Date: Dec 2003
Location: Tring, UK
Posts: 1,822
Received 2 Likes on 2 Posts
One of the main issues for me is that none of the experts who study and devise strategies for such "decision problems under uncertainty" would go so far as to make a strategy compulsory. But that is what the BFU recommended about TCAS RAs, and that is what other organisations are promoting.
But do their "decision problems under uncertainty" include a very limited amount of time for assessment and action? It's a bit like the "rules of engagement" that military personnel operate under - if they're made too complicated, people on both sides end up being killed unnecessarily.

There are finite probabilities that normal actions taken on board aircraft may have diverse undesired catastrophic results, through system failure/design/build or just plain bad luck. These probabilities are low enough for the failure modes to be discarded by the operator as unlikely and confusing and are not included in SOPs for this reason. This is how I view a TCAS RA. Yes, there may be a small chance that the software has failed to provide an adequate solution to a complicated multi-body problem - but what do I do about that, especially as I know that incorrect action (or inaction) will lead to a "sub-optimal safety scenario" 99.99% of the time?

IMHO the authorities have it right this time. Bluntly, either you do what it says or you might as well not fit it. To be effective, TCAS relies on at least one interested party doing something close to what it is suggesting; to inject an element of doubt at this stage does not help matters much and may lead to a reduction in the chances of a successful conflict resolution.
FullWings is offline  
Old 22nd Sep 2007, 22:03
  #58 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by FullWings
But do their "decision problems under uncertainty" include a very limited amount of time for assessment and action?
Yes.

Originally Posted by FullWings
There are finite probabilities that normal actions taken on board aircraft may have diverse undesired catastrophic results, through system failure/design/build or just plain bad luck. These probabilities are low enough for the failure modes to be discarded by the operator as unlikely and confusing and are not included in SOPs for this reason.
This is blue-sky hypothesising. As far as I can tell, none of these "low enough" "finite probabilities" have ever been estimated; neither is it clear that one could do so.

Originally Posted by FullWings
Yes, there may be a small chance that the software has failed to provide an adequate solution to a complicated multi-body problem - but what do I do about that,
If you wish to make it compulsory, you devise a provably-correct algorithm, prove it correct, and put the proof in the public domain for peer review.

And if you can't do that, you let it be advisory and let people choose what to do. And respect them for making a choice which, while different from yours, is still rational.

Originally Posted by FullWings
especially as I know that incorrect action (or inaction) will lead to a "sub-optimal safety scenario" 99.99% of the time?
You don't "know" that; in particular, you don't know about that 99.99%. By the way, that is far too often for the typical TLS's required to be assured in similar cases.

PBL
PBL is offline  
Old 22nd Sep 2007, 23:36
  #59 (permalink)  
 
Join Date: Dec 2003
Location: Tring, UK
Posts: 1,822
Received 2 Likes on 2 Posts
This is blue-sky hypothesising. As far as I can tell, none of these "low enough" "finite probabilities" have ever been estimated; neither is it clear that one could do so.
Exactly. So for practical operation of the aircraft, we ignore them.

If you wish to make it compulsory, you devise a provably-correct algorithm, prove it correct, and put the proof in the public domain for peer review.
That doesn't solve your problem. You need a provably correct implementation of the algorithm. Have the manufacturers "open-sourced" their code yet?

And if you can't do that, you let it be advisory and let people choose what to do. And respect them for making a choice which, while different from yours, is still rational.
The Tu-154 crew chose, or should I say "elected" to do something different. People died. I'm not saying they didn't have reason (their SOPs seem to have been at odds to everyone else's, for one thing) but the end result was disaster. An avoidable disaster, one that TCAS was invented to prevent. You can "choose" to drive on the opposite side of the road to other people but I don't think you'll get much respect for it.

You don't "know" that; in particular, you don't know about that 99.99%
That leaves us in a bit of a stalemate as you don't "know" either... That gives me a (miniscule) chance of being absolutely correct with my random typing of decimal places.

Point is, we, the airline industry, have been given a collision avoidance tool that has been approved and accepted, even mandated, by many national aviation authorities. For effectiveness it relies on timely responses to given commands, so it loses much of its appeal if these commands are ignored or flown against. Thus the need for legislation.

As a pilot I'm paid to consider possibilities... The FAA, CAA, LBA, etc. could be making a huge mistake and exposing us all to increased risk from this system and I shouldn't trust it... But where is the evidence? Well, it's all proprietary stuff so looks like it'll be some time (if ever) before any non-affiliate can come up with any data one way or the other. So I'll just have to go on the information available which seems to be: it does what it says on the tin and you'd be foolish to ignore it.

Last edited by FullWings; 23rd Sep 2007 at 11:40.
FullWings is offline  
Old 23rd Sep 2007, 12:21
  #60 (permalink)  
 
Join Date: Jul 2007
Location: Germany
Posts: 556
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by PBL
This is blue-sky hypothesising. As far as I can tell, none of these "low enough" "finite probabilities" have ever been estimated; neither is it clear that one could do so.
Originally Posted by FullWings
Exactly. So for practical operation of the aircraft, we ignore them.
I think you misunderstood. One cannot tell that these probablilities are "low enough" to disregard them. Since we do not know them, perhaps never will, they may be quite high.

That doesn't solve your problem. You need a provably correct implementation of the algorithm. Have the manufacturers "open-sourced" their code yet?
A provably correct implementation of a flawed algorithm won't help. First and foremost the algorithm needs to be proven correct. Methods to make a very-high confidence implementation of a specified algorithm are today available and well-understood, although they are neither trivial nor cheap.

The Tu-154 crew chose, or should I say "elected" to do something different. People died. I'm not saying they didn't have reason (their SOPs seem to have been at odds to everyone else's, for one thing) but the end result was disaster. You can "choose" to drive on the opposite side of the road to other people but I don't think you'll get much respect for it.
joernstu will remember the details by heart, and correct me if I'm wrong, but I think the Tupolev crew got the ATC instruction slightly before the RA. A case which is not considered in the ACAS specifications, as it assumes it is needed only when ATC separation has already failed. It does not take into account late ATC action, which I imagine happens frequently.

An avoidable disaster, one that TCAS was invented to prevent.
And yet, the Ueberlingen accident would not have happened, if neither aircraft had been equipped with TCAS. ATC was there to separate them. (Perhaps later than usual, but early enough.) Thus, the presence and operation of TCAS was a necessary causal factor in that accident, as has been shown clearly by Stuphorn's Why-Because Analysis.


Bernd

Last edited by bsieker; 23rd Sep 2007 at 12:50.
bsieker is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.