Posts about: "Gear Retraction" [Posts: 243 Pages: 13]

DISCLAIMER: Poster (a) is one of the (apparently quite numerous) lawyers following this thread; (b) a long-time forum lurker and aviation enthusiast who loves studying FCOMs for fun (to each his own, I guess); (c) has followed and read this thread from the start.

What I cannot do is add new theories or uncover any new facts the actual experts have not already thought of. However, since summarizing and structuring information is one thing lawyers tend to regularly do (and sometimes even do well), here is my attempt at a useful contribution to this thread: an attempt to summarize the main theories discussed here since day one (which I think hasn't been done for quite some time) in the hope that a birds-eye view will be helpful to those who have not read everything since the beginning or might even trigger some new flash of inspiration for someone more knowledgable than me. I have focused on the cons since there does not seem to be enough evidence to come to any positive conclusion.

I shall try to be concise and to refrain from personal evaluations of my own. Of course, no disrespect whatsoever is intended towards all those who have contributed to this thread and to the individual theories, one or combinations of which may turn out to have led to this tragic outcome. That arguments can be made against every single theory that has been propagated seems to be the result of the highly improbable and unusual nature of this deplorable event and certainly not due to any lack of knowledge or reasoning skills in this forum.

DEAR MODS: If I have distorted anything or if, meaning well, should have achieved the opposite \x96 I guess you know where the delete button is\x85

Anyway, here goes:

A. Misconfiguration or wrong takeoff data
Widely refuted, since

• rotation, takeoff and initial climb seem normal;
• likely extreme errors would have been required to have such tragic effect (the fuel tanks should have been only about half full, so not close to MTOW);
• there is strong evidence that at least some flaps were extended for takeoff (post-crash photo, perhaps also visible in video from behind)

B. Flaps retracted post-takeoff instead of gear
Still brought up from time to time. However, widely disregarded due to

• the fact that with two working engines an inadvertent flap retraction should easily be recoverable, even with gear down;
• strong indications that hydraulic and electric power were lost (audible/visible indications of RAT extension, survivor statement, lack of engine noise, position of MLG bogies).

For a while, the forward tilt of the bogies as first part of the retraction cycle was seen as additional evidence that the gear had been selected up. However, it has been pointed out that the forward tilt and the opening of the gear doors occur almost simultaneously so that it seems unlikely that hydraulic power was lost in the split second between bogie tilt and gear door actuation. It is now assumed the forward tilt of the bogies was merely a consequence of the hydraulic power loss.
It should be pointed out that the question of "RAT in or out" was for a while the most contentious in this thread.

C. Low-altitude capture
Still argued, even if refuted by many since

• inconsistent with apparent loss of hydraulic/electric power;
• PF would have been flying manually (however, A/T reaction would have been unexpected for the PF);
• should have been recoverable (unless one assumes that the crew (a) remained unaware of the changed FMA annunciations although alerted by the unexpected FD commands; and (b) was so startled that an A/T thrust reduction was not noticed and corrected, even though the PF was apparently sufficiently alert not to follow the FD commands).

D. Loss of both engines at or shortly after rotation
Various possible reasons for this have been discussed:

I. Bird strike/FOD

• Would have to have occurred simultaneously due to lack of rudder/aileron input indicating symmetric thrust.
• No remains/traces on runway, no visual indications (flocks of birds, flames, structural engine damage).

II. Fuel-related III. Improper maintenance
Unclear which maintenance measures could possibly have been performed that would have resulted in simultaneous loss of both engines. No apparent relationships between malfunctions reported by previous passengers and essential systems.

IV. Large-scale electrical fault (e.g. due to water in E&E bay)
The engines will continue to run if electrical power is lost. FADECs are powered independently.

V. Shutdown of engines by TCMA
A parallel is drawn to the ANA incident. However, this would require not only a fault in the air/ground logic but also a sensed discrepancy between T/L position (not necessarily idle) and thrust output on both engines simultaneously.

VI. (Inadvertent) shutdown by flight crew VII. Malfunction/mishandling of the fuel cutoff switches (most recent)

Engineer not a pilot. Experience in analog front ends, A2D and R2D conversion and embedded systems generally but no specific knowledge of the 787 or GEnx.

I like everyone else have no evidence that TMCA played a role but given that it is one of the few systems with the ability to cut fuel to the engines, here are some thoughts on how signal processing could have extended the window of when TMCA could bite. In particular, I'm looking at the time immediately after the nose lifts up when something may have physically shifted onboard.
I'll phrase it as a number of questions but realise that the few people who can answer may not be able to for now.

Thanks to tdracer's explanation on TMCA (albeit 747 not 787), we know that TMCA is a logic block within the FADEC whose only external inputs are a logic signal fron the aircraft that indicates whether it is on the ground or not and throttle position as determined by two independent resolvers per throttle side.

The logic would seem to be something of the form
If (G AND (N2>A OR N2>B)) Then CutOffFuel()
where G is true when the aircraft is on the ground,
A is an envelope defined by throttle resolver channel A and
B is an envelope defined by throttle resolver channel B

Q1: Am I correct in that assumption that when on the ground, overspeed with respect to EITHER resolver A OR resolver B can trigger TMCA?

We have been told that the logic (ie true or false) signal G is determined from the Weight-on-wheels sensors and the RadALT. It is reasonable to suppose that the designers still wanted TMCA to function after a hard landing where some landing gear components had failed.

Q2: When the nosewheel lifts off but the MLG is still on the ground and RadALT is close to ground, will G still be true?

Next, it is common when data fusing multiple inputs that there is a desire to clean up a signal before it is sampled digitally. This can remove effects such as switch bounce. The inclusion of low pass filters or hysteresis will generally add a propogation delay.

Q3: Is there a slow filter (Tc>=1s) in the ground/air logic which could have caused a slight delay before G became false after takeoff further extending the opportunity of TMCA to activate?

Q4: Does TMCA act almost instantly or does it wait for the fault condition to stay asserted for a period of time before acting?

At that point, the total energy of the system would have comprised of the kinetic energy of the aircraft travelling at Vr, the rotational inertia of the engines and the potential energy of whatever fuel is beyond the cutoff valves.

Q5: Would this total energy have been sufficient to get the aircraft 100ft into the air?

It would still need a mechanism for at least one throttle input to each FADEC to misbehave at the same time. Resolvers are fed with an excitation signal to the rotor and take back two orthogonal signals (Cos and Sin) from stator windings. Usually, the excitation comes directly from the resolver-to-digital (R2D) circuit but sometimes an external signal source is used. I would hope that in an aircraft system, each channel would be kept independent of everything else.

Q6: Does the excitation signal for the 4 throttle resolvers (2 per side) come from 4 independent (internal) sources?

My last thought for a single point of failure between both throttles would be a short between two wires or connection points carrying resolver signals, one from each side. Whether this could be caused by swarf wearing within a wiring loom, a foreign object moving about, crushed wires or even stretching of adjacent wires, I have absolutely no idea.

Q7: Do resolver signals from left or right, either channel A or B, run next to each other in a loom at any point?

The fixed doors on the landing gear are set at an angle that will ensure they assist gravity deployment in an emergency. During retraction that means the effort to stow the gear is increased due to these air loads. This is is standard on all the large aircraft I have worked on.
As for hydraulic pumps, they are limited to how much flow they can produce. The pressure drops significantly during large control movements and the landing gear actuators in particular need a large flow to keep them moving.
When all pumps are operating, engine driven or otherwise that pressure drop is limited, when down to just one small RAT driven pump there's only so much it can do and the design ensures that control of the aircraft can be maintained on just RAT power.
There won't be enough power from the RAT generator to power emergency aircraft systems and large hydraulic pumps. This is why it has its own small hydraulic pump.

Ahah! Logic raises the questions.

What happens when the 2 disparate processes that form TCMA disagree?

Let me try to answer the questions about which I have some knowledge, as an aerospace engineer:
(I am not sufficiently informed to answer Q4,6 and 7, at the moment)

Yes, overspeed on either resolver channel A or B alone will trip the TMCA fuel-cut logic


G is a single Boolean that FADEC derives from Weight-On-Wheels (MLG and NW) and radio-altimeter. Iit stays \x93ground\x94 until all WOW sensors go inactive (i.e. every wheel is off the runway) and the RadALT exceeds its airborne threshold.


That's very unlikely. Ground/air logic uses small hysteresis (tens to a few hundred ms), but not in the multi-second range



Let's do the math very quickly:
Kinetic energy with a weight of 200,000kg, at Vr = 150kn = 77m/s: E_kin = 600MJ
Rotational energy of a GEnX engine is hard to calculate as I don't find reliable values for the rotary inertia. I found some for a GE90 and could roughly estimate 100MJ of rotational energy for each engine. However, I seriously doubt that this energy could be effectively used to gain thrust, as the thrust will drop very quicjkly after the fuel is cut off.
the required potential energy for a 100ft climb of a 200,000kg 787 is around 70MJ.

This ignores aerodynamic drag, still, 100 ft of climb remains energetically feasible.
However, it as been pointed out several times that the actual climb was higher than 100ft. Already for 200ft I would doubt the validity of my statement above.

I perfectly understand that there is much talking about TCMA here.
There is no direct evidence of what caused the crash but several indirect evidences point towards a near simultaneous shutdown of both engines without any visual clue of a catastrophic mechanical mishap. This leads to suspecting near simultaneous fuel starvation of both engines.
As the purpose of TCMA is shutting down the High Pressure Shut-Off Valve (HPSOV) and thus the fuel feed of an engine, it's normal to collect information on TCMA, on how it works, and on what data feeds it.

However, I hardly understand why there is no similar discussion about the spar valves and the systems that control their opening and closure.

I understand that the B787 spar valves are located in the MLG well, or at least are maintained from within that well.
If the engine shutdown happened when the gear retraction was commanded, that's a location commonality (although it's very unlikely that a mechanical problem happened in both wells at the same time).
Also I understand that there are several systems that command the opening or closing of the spar valves:
- opening: "Engine control panel switch" set to "START", or "Fuel control switch" set to "RUN"
- closing: "Engine fire handle" pulled out. (I wonder if "Fuel control switch" set to "CUTOFF" also closes the spar valve).
Are there direct wires running from these controls to the valves or is there a pair of control units receiving these signals and controlling the valve actuators?
If the latter is true, where are these control units? I guess that the likely location is the aft EE bay. Are they beside each other?

I posted my first-cut analysis in the earlier thread.
I've had a bit more time to analyse now.
Those ADS-B data points (and particularly the rate of deceleration) are EXACTLY what you would expect to see from a total engine failure at or very shortly after TAKE-OFF
(it implies a 13:1 L/D which must be pretty close for gear down and flaps 5).
It places takeoff at 700m before the runway end @ ~185kt
Based on those, max altitude was c250ft @ 140kt (or the equivalent total energy equivalent), 500m after the end of the runway.
13:1 L/D would also get you groundspeed on impact of 120kt
Do those numbers make sense?

Exact location of house, Approx distance of 1.5 km from end of runway to crash site .

Coordinates of the camera : 23\xb003'42.3"N 72\xb037'03.5"E

The Approx Camera location of the Balcony is the Red Mark . Can the speed be calculated . Does the speed line up with the ADS B data , Does it Gain Any speed after this Balcony point ?

Co-incidently Another Witness is the Grand Mother of the Balcony Teen, she was closer to the airport as per her . she is saying that the engine was silent after it passed over (but making sound , when it was Over , RAT already deployed?? ) and made offhand comment it was gonna crash . Found that out later .

You are using explanations that are correct but with wrong appreciation for the values and how much thrust is available and what it is used for. Yes, the relation is not linear, far from, but the thrust required at low altitudes is for the initial climbout and acceleration, aka against gravity.

70% is not "very little", it is almost the required thrust in level flight with intermediate flaps out and gear down at those altitudes (depending on the weight). Without the gear, 60% is enough to keep level flight. If you want to descend, 55% is enough to keep speed with flaps full landing configuration and gear down on a 3\xb0 glide. So even at 55% N1, the aircraft wouldn't stall, it would gradually descend if the pitch would be correct.

It is what is between 70 and max rated that is needed for the initial climbout and that thrust is "excess" as it is there needed for the second segment in case of engine out. Considering the fact that the climb only lasted 10 seconds, 2 seconds is 20% of that time where the engines were still pushing. It is not because it is "significantly less" that it is nothing (that's why when you apply full reverse and don't let the engines slow down with idle selected, you will feel the kick forward.)

If you look at the takeoff video, you will see that the aircraft does a very rotation that some pilots prefer to avoid tailstrike: first initial rotation, constant pitch to allow the aircraft to become airborne avoiding tailstrike, second increase in pitch at which point the rate of climb quickly disappears. At that point, the "parabolic" maneuver with constant nose up is created, very typical for a loss of thrust (loss of airspeed with constant pitch).

Which begs the question why they never lowered the nose...

It's starting to look more like a massive electrical or computer issue which resulted in both engines failing, the landing gear may have been left down longer than normal due to startle effect.

It could be maintenance related or a latent condition in the B787 which only occurred due to the required factors all being present on this occasion i.e. the holes in the Swiss cheese all lined up.

Boeing and Air India will be wanting to blame each other, hopefully having the UK AAIB involved will provide a balance as they don't have a dog in the fight.

If this turns out to be another MCAS, it will be difficult for Boeing to continue in it's present form. The B787 has been beset with problems since its introduction, the B777X has had numerous issues during development and the B737 is overdue for replacement. Airlines are starting to drop Boeing due to quality, safety and delivery issues. China is on the rise and if the C919 proves itself, it might be the main alternative to the A320.

Because many normal functions require knowing airborne or on the ground. The most obvious being gear retraction and in-flight braking of the spinning wheels, but there\x92s dozens of actions dependent on WOW.

I think you missed the point of his question.

Because there are some times that the gear is left down after take-off for operational reasons. An automatic retraction is not desirable because the PF needs to know there is a positive rate of climb before calling for gear up, lest the beast settle back on to runway.

Have a look at Emirates in Dubai… https://en.wikipedia.org/wiki/Emirates_Flight_521

This was a go round accident but the positive rate principle is the same.

The 787-8 gear goes through the following movements on TO:

1. During rotation all 4 main wheels on each gear truck stay on the runway, the gear acts as a pivot point for the rotation. Effectively the gear truck is in a forward tilt as it is no longer parallel to the fuselage.
2. Once As the wheels lift off the runway, the trucks tilt rearward (this is the normal extended gear in air position, like on approach)
3. When the pilot commands gear up, the gear retraction sequence begins, specific to the 787-8, the gear trucks tilt forwards first, instantly followed by the gear doors opening.

See this post which discusses the forward tilt is either caused by process (1) or process (3). I suggest (1) is more likely than (3).

Well, in the context of the systems we're talking about here, why would it? The requirement is to "know" the actual air/ground state of the aircraft. The position of the gear lever doesn't help with that and might, if part of the voting, contribute to misidentification of that state.

Just to summarize. There appears to be fairly wide consensus as to what happened:

1. Up to V1 it appeared normal and the pilots did not abort.
2. Loss of thrust very close to V2 rotate or shortly thereafter.
3. Loss of electrical and hydraulics resulting in deployment of RAT seconds after being airborne.
4. Mayday transmission seconds after takeoff (although it may have occurred around V2, the timing has not been established).
5. Gear tilted forward suggesting gear retraction was initiated but not completed.
6. All followed by glide to impact from AGL of little more than 100 feet.

Why the above happened is rather less clear. In my opinion, fuel contamination/starvation, water, additive, vapour or otherwise, may have affected thrust during takeoff before resulting in total loss of thrust and electrical power. On the other hand, software/electrical fault would more likely have resulted in a sudden loss of the engines.

On that basis, there is still some mileage in establishing the aircraft speed in the last moments before takeoff. There is definitely mileage in identifying a single point of failure that would cause the engines to shut down; other than fuel contamination/vapour issues. I suspect that the official investigation is not all that further ahead of this thread. Without useful data from the EAFR they have to rely on forensics and history. Enough has been leaked to know the engines were no more than windmilling at impact.

A high level of interest will continue given there are still remaining questions whether the reliability of Boeing machinery is implicated. That is not to mention the hundreds of people closely affected by this tragedy that are looking for reasons why it happened. Perhaps an interim report is now overdue?

I might have missed the thing, but as the gear up sequence did start we can be quite sure that the WoW logic had the aircraft \x94in air\x94 (not on ground).

This probably makes the theory of the TCMA halt a little? Gear up would be inhibited from not being in air.

The issues with the "they shut down the wrong engine" theory:
1. No asymmetry evidence with flight path deviation. No roll, no yaw effects
2. No rudder inputs visible.
3. No crew should be doing memory items below 400ft. Boeing requires each crew member confirm together memory item switch/control selections.
4. Non-normal gear truck tilt position, a one engine failure should not affect the C hydraulics. As per (3) gear would be selected Up before any memory actions.

The evidence so far is an almost simultaneous dual engine failure, which rules out alot of other theories.

The gear tilt position is not definitive evidence crew had selected gear up. I've speculated another cause for this non-normal gear tilt is that C hydraulics failed around time of rotation. This would explain the gear remaining in the forward tilt position. There are reasons why the crew may have not selected gear up, see earlier post. Therefore we cannot determine wow or air/ground logic from an assumed gear retraction.

Further to the (logical in my view) points you make in response to AAKEE's ostensibly logical conclusion that the commencement of undercarriage retraction (if it did commence) is conclusive of the aircraft being 'in the air' for aircraft systems purposes, including TCMA purposes, I make the following points:

First, whilst it may be that every system that monitors and makes decisions about whether the aircraft is 'in the air' does so on the basis of exactly the same sensor inputs, that may not be true and I'd appreciate someone with the expert knowledge on the 78 to confirm or refute the correctness of the assumption, particularly in relation to, for example, FADEC functions compared with undercarriage control functions.

Secondly and probably more importantly, what happens if one of the sensors being used to determine 'in air' versus 'on ground' gives an erroneous 'on ground' signal after - maybe just seconds after - every one of those sensors has given the 'in air' signal?

Reference was made earlier in this thread to a 'latched' in air FADEC condition that resulted in engine shut downs after the aircraft involved landed and was therefore actually on the ground. But what if some sensor failure had resulted in the aircraft systems believing that the aircraft was now on the ground when it was not? I also note that after the 2009 B737-800 incident at Schiphol – actually 1.5 kms away, where the aircraft crashed in a field during approach - the investigation ascertained that a RADALT system suddenly sent an erroneous minus 8’ height reading to the automatic throttle control system.

The conceptual description of the TCMA says that the channels monitor the “position of thrust lever” – no surprises there – “engine power level” – no surprises there – and “several other digital inputs via digital ARINC data buses”.

WoW should of course be one of those "digital inputs" and be a 1 or 0. But I haven't seen any authoritative post about whether the change in state on the 78 requires only one sensor to signal WoW or if, as is more likely, there are (at least) two sensors – one on each MLG leg – both of which have to be ‘weight off’ before a weight off wheels state signal is sent. Maybe a sensor on each leg sends inputs to the ARINC data and the systems reading the data decide what to do about the different WoW signals, as between 00, 01, 10 and 11.

There is authoritative information to the effect that RADALT is also one of the “digital inputs” to the TCMA. The RADALTs presumably output height data (that is of course variable with height) and I don’t know whether the RADALT hardware involved has a separate 1 or 0 output that says that, so far as the RADALT is concerned, the aircraft to which it is strapped is, in fact, ‘in the air’ at ‘some’ height, with the actual height being so high as to be irrelevant to the systems using that input (if that input is in fact generated and there are, in fact, systems that use that 1 or 0).

If we now consider the ‘worst case scenario will be preferred’ concept that apparently applies to the TCMA design so as to achieve redundancy, the number of sensor inputs it’s monitoring to decide whether, and can change its decision whether, the aircraft is on the ground, becomes a very important matter. The TCMA is only supposed to save the day on the ground, if the pilots select idle thrust on a rejected take off but one or both of the engines fail to respond. In the ‘worst case’ (in my view) scenario, both TCMA channels on both engines will be monitoring/affected by every WoW sensor output and every RADALT output data and, if any one of them says ‘on ground’, that will result in both engines’ TCMAs being enabled to command fuel shut off, even though the aircraft may, in fact, be in the air.

Of course it’s true that the TCMA’s being enabled is not, of itself, sufficient to cause fuel cut off to an engine. That depends on a further glitch or failure in the system or software monitoring engine power and thrust lever position, or an actual ‘too much thrust compared to thrust lever position’ situation. But I can’t see why, on balance, it’s prudent to increase the albeit extraordinarily remote risk of an ‘in air’ TCMA commanded engine or double engine shut down due to multiple sensor failure – just one in-air / on-ground sensor and one of either the thrust lever sensor/s or engine power sensor/s – or, in the case of an actual in air ‘too much thrust compared to thrust lever position situation’, why that ‘problem’ could not be handled by the crew shutting down the engine when the crew decides it’s necessary. Once in the air, too much thrust than desired is a much better problem to have than no thrust. The latter is precisely what would happen if all ‘on ground / in air’ sensors were functioning properly and some ‘too much thrust’ condition occurred.

Hopefully the design processes, and particularly the DO-178B/C software design processes done by people with much bigger brains than mine, have built in enough sanity checking and error checking into the system, followed by exhaustive testing, so as to render my thoughts on the subject academic.

The 787 will control yaw.