Posts about: "TCMA (All)" [Posts: 279 Pages: 14]

Originally Posted by aeo

So are we now saying total loss of AC power for the RAT activation and activation of TCMA on two very independent engines for the power loss? What are the chances..

I can buy the AC power loss, but TCMA activation as well - That\x92s a stretch. TCMA is available on the ground and on approach and will activate if the engine thrust doesn\x92t follow the Thrust Lever command. On the ground it will shut the engine down (think RTO with engine stuck at T/O). On approach it will reduce the thrust if the engine doesn\x92t respond to the Thrust Lever command ala Cathay Pacific A330 (CMB - HKG) with the fuel contamination incident.

Originally Posted by tdracer

I hate to disappoint you, but the people (like me) who design, test, and certify aircraft are not idiots. We design for failures. Yes, on rare occasion, something gets missed (e.g. MCAS), but we know that aircraft power systems sometimes fail (or suffer short term interuptions) and we design for that. EVERY VALVE IN THE FUEL SYSTEM MUST BE POWERED TO CHANGE STATE!!!! If electrical power is lost, they just stay where they are. The engine fuel valve must be powered open, and it must be powered closed. Same with the spar valve. The pilot moves a switch, that provides electrical signals to the spar valve and the engine fuel valve to open or close. It's not complicated and has been in use for decades.
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.

Hint, you might try going back a few pages and reading where all this has been posted previously.

Originally Posted by lighttwin2

TCMA requires the a/c to believe it is on the ground (via multiple redundant inputs, both weight on wheels and radalt). I do not know if there is also a max activation speed.

I posited a potential TCMA sequence in a post timed 1804Z - speculative of course. Agree with others, it is difficult to contemplate and seems staggeringly unlikely.

Originally Posted by TURIN

Good spot, but it is possible the actuator that operates the door is damaged.
Unlikely, but possible.
This does add more credance to the complete power loss scenario.

Originally Posted by Fifthleg

It might appear from this photo that the APU intake flap is in the \x91not closed\x92 position and generally not damaged.
The APU will automatically start in flight , irrespective of SW position, if 3 or more engine VFSGs are lost.

Originally Posted by lighttwin2

There are a few comments along the lines of "it is incredibly unlikely that..." this is selection bias in reverse. Something incredibly unlikely has happened, and it's contained in this sample set.

To summarise some known facts about the TCMA system:

1) TCMA will shut down an engine if:

• It believes via multiple redundant sensors indicate the aircraft is on the ground
• It detects engine power in excess of that set by the thrust levers - subject to a margin to account for engine performance variation - that is determined to be a runaway condition

2) In 2019 an ANA pilot was able to confuse the TCMA by rapidly moving the thrust levers into reverse, to forward and back into reverse again. This caused both engines to shutdown.

3) Since then the TCMA should have been updated/fixed (and indeed the software will have been updated by SB since the a/c was delivered, to detect a wider range of runaway conditions)

And speculation:

4) It may be possible - given the close timings - that a TCMA activation occurred as the a/c was leaving the ground, with kinetic energy and spool down time getting the a/c from the ground to its peak height

In the recent BA LGW incident the PF reduced thrust to idle at V1, then added thrust back, then committed to a RTO. I wonder if something similar could have occurred:

• In error, PF reduces power to idle at a speed approaching V1
• Engines begin reducing power, but n1 reduces more slowly than the TCMA system is expecting (perhaps because the TCMA margin is calculated when the a/c is stationary, but at 170kt a turbofan will spool down more slowly due to the ram air / windmill effect)
• TCMA detects a runaway condition - while a/c is on the ground - and cuts off fuel via the relay circuit
• PF decides to commit to takeoff and rotates, not knowing that TCMA has already activated
• 10-15s after rotation, n1 has now dropped below minimums for electrical generation. Electrics fail, final transponder signal is sent, and RAT is deployed

Obviously this should not be possible, and there are other possibilities.

Originally Posted by DaveReidUK

A TCMA bug just doesn't bear thinking about, I really hope that doesn't turn out to be the case.

Originally Posted by Captain Fishy

What if the PF called stop just before V1 and closed the thrust levers but either changed his mind or was overridden by the other pilot, who rapidly pushed the thrust levers back up. Could this trigger a TCMA intervention and subsequent dual engine shutdown as it was still on the runway at this point? Hopefully not.

Originally Posted by slf99

On Aviation Herald it is stated that "Government Officials reported the aircraft had a longer than normal takeoff run and used up almost all of the 3905 meters / 1499 feet runway". That would perhaps explain the dust on one of the videos as it passed across usually undisturbed areas. However it also would fit in with the theory in post #1433 that the thrust levers may have been pulled back and hence the aircraft had a period of deceleration before the levers were the quickly pushed forward and confused the TCMA.. It could be that the accident occurred due to what happened on the runway, not the overall config thereafter.

Originally Posted by FullWings

I think it needs to be said again that pretty much anything can happen to the aircraft systems and the engines will carry on running - this is by design as they have independent FADEC and power supplies and at sea level fuel will get through without boost pumps. You could almost saw the wing off the fuselage and the engine would still produce thrust, TCMA notwithstanding.

We don\x92t know yet what actually triggered the RAT from the relatively short list but every item on it means there is a serious/critical failure(s). The flight path suggests that it was a double engine failure or shutdown (commanded or uncommanded) as anything else should have left the aeroplane in a poor state but able to climb away .

Originally Posted by tdracer

The 'good' news is that even a cursory check of the FDR will indicate if TCMA activated, so we'll soon know.

Originally Posted by Screamliner

So one thing to keep in mind, the RAT can be deployed manually, but also comes automatically when certain conditions arise, everybody here is assuming it\x92s only on dual engine failure but there are 4 more conditions that trigger the RAT

Originally Posted by Stivo

Am I understanding that you are saying that the noise on the video identified as a RAT has a Doppler shift that matches plausible values for height and speed? That seems pretty conclusive to me that it is a RAT.

Originally Posted by fdr

I will wager that this is absolute nonsense. The effect of pulling the power levers back to idle at rotate would be readily countered by pushing them back up again. The engines are still delivering thrust, it is a function of N1, not the lever. The lever commands where the thrust level will end up, the N1 gives the thrust output. The acceleration/thrust characteristics of these engines is not like a J52 or JT3D etc.

The proposition that is floated is that the pilot does not pull back on the control column, which he is holding onto with both hands as his seat slides backwards like a caricature of a bad Cessna 180 seat rail, that is plainly obvious from the pitch attitude of the aircraft, yet grabs lustily a double handful of thrust levers and holds onto those until meeting Ganesh in the next life?

Greek papers appear to be as rigorous and incisive in their cognition as the Daily Telegraph. Golly.

Seats: electric.
RAT deployment... presumably the hapless pilot doesn't grab the control column, or the thrust levers, just grabs both fuel control switches instead????

Do any reporters bother to read what they write?

Originally Posted by tdracer

TCMA is on both the Trent 1000 and GEnx-1B 'basic' - it was required for certification. There is no reason for TCMA to be listed in the MMEL as the only 'functional' portion is the via the electronic overspeed protection system (which is required for dispatch - no MEL relief) - the rest is software resident in the FADEC.

Originally Posted by C2H5OH

Why is that required for certification? Slamming the brakes and cutting fuel should do and has always sufficed in pre FADEC era. Going full power when the throttle cable brakes has been considered the safe state.
Where does that piece of software reside by the way?

Originally Posted by A0283

Would be interesting to understand more about the exact definition of TCMA’s “on the ground“ and some more detailed insight into its implementation (only one or more WoW’s or multiple sensing?… is there a switch on the gear added? …is there an ALT/AGL check?.. how is implementation split over HW/FW/SW? … ).

Also, how could external factors impact that sequence to run.

Appreciating your previous answers (as usual).

Originally Posted by Alty7x7

It was assumed for decades that in the event of uncontrollable high thrust (UHT) that the pilot would cut the fuel. Until there was a UHT event (1999?) on the takeoff roll and the crew - in an RTO - rode it all the way down and off the runway without cutting fuel. TCMA is primarily about the RTO scenario (throttle back to idle), and after that fleet event it became a requirement for FAA Part 25 certification.

Originally Posted by tdracer

What Alty posted is correct. There have always been single faults in the engine control systems that could cause uncommanded high thrust (UHT) - and such failures were considered in the safety analysis (e.g. FMEA) with the note that it wasn't unsafe as the pilot would shutdown the affected engine. Then there was a 737-200 event (JT8D engines) (1999 sounds about right - I'm thinking it was either an Egyptian operator or it happened in Egypt, but don't hold me to that) - the JT8D had an issue with excessive wear of the splined shaft that provided the N2 input into the hydromechanical fuel control. In this event, that splined shaft started slipping - causing the fuel control to think the N2 was below idle, and it keep adding fuel to try to get the N2 back above idle. This caused the engine to accelerate uncontrollably - the pilots pulled back the throttle and performed an RTO, but the engine didn't respond, and they went off the runway at low speed. Everyone evacuated safely, but the aircraft was destroyed by fire.

The FAA pointed to this accident and said we couldn't depend on crew action to shutdown a runway engine, and therefore any single failure that could result in uncontrollable high thrust was not compliant with 25.901(c) (basically says no single fault can result in an unsafe condition). This basically made every commercial airliner flying non-compliant as every turbine engine control system at that time had single faults that could cause UHT . A consequence of this was everyone was effectively prevented from certifying any further engine control changes since we couldn't show compliance with 25.901(c) (even if the change actually improved safety). The FAA and EASA were forced to issue partial exemptions for all existing aircraft/engine combinations, with the stipulation that they wouldn't certify any new engines that didn't address UHT. A working group was put together at Boeing to come up with some way to comply - and they eventually came up with TCMA , only active on the ground since UHT was only considered unsafe when on the ground - first incorporated on the GE90-115B/777-300ER/200LR.

I've never been 100% comfortable with TCMA (for reasons that should be all to obvious right now), but the regulators gave us few options.
BTW, during the early development of the 747-8, we didn't have a robust way of providing air/ground to the FADECs - which the FAA immediately found objectionable since they never wanted the risk of TCMA being active in-flight. I eventually came up with a design change that would provide a robust air/ground indication (it solved several issues we were confronting at the time), so that concern went away - which made the FAA very happy.

Originally Posted by FrequentSLF

FLS here with engineering background, a simple question, how the TCMA software is coded, multiple designers, on different hardware and redundant? Can be a bug on that system definetevely impossible?

Originally Posted by FrequentSLF

FLS here with engineering background, a simple question, how the TCMA software is coded, multiple designers, on different hardware and redundant? Can be a bug on that system definetevely impossible?