Page Links: First Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next Last Index Page
| Lead Balloon
2025-06-17T04:11:00 permalink Post: 11903953 |
Thanks tdracer and EXDAC for the info re the throttle position resolvers (and I'm aware of what is "
well understood by those who specify, design, test, and certify critical aircraft systems", EXDAC). But do the separate resolver outputs involve physically separated wiring through separate looms and connectors and, if there are any earths or power connections involved, are they at separate points and, in the case of power connections, on separate busses? Duplicated, supposedly completely independent, "designed, tested and certified critical aircraft systems" occasionally have a common, single point of failure, not as a consequence of bad theoretical design but, rather, physical implementation.
And what of the weight on wheel sensor inputs to the 4 TCMA channels (2 per engine)? 4 separate sensors with 4 separated sets of wiring in different looms through different connectors? |
| dragon6172
2025-06-17T04:12:00 permalink Post: 11903954 |
Pretty sure that the (RR) after that TCMA entry means it is only applicable to Rolls Royce engines. I believe the accident aircraft had GE engines?
|
| ignorantAndroid
2025-06-17T04:46:00 permalink Post: 11903963 |
I'm honestly mystified by the obsession with TCMA. The FADECs control almost every aspect of the engines, so there must be numerous ways they could cause a failure or uncommanded shutdown. So, even if we assume that the engines failed due to faults in the FADECs, why assume that TCMA would be involved? Surely it's more logical to simply posit that some unspecified bug in the FADEC software caused the failure. That bug
could
be related to TCMA, but it could just as easily involve any one of the dozens of other subroutines that likely exist.
Various posters seem to assume that all it takes is an incorrect air/ground signal, and the engines would shut down. But in fact it would also require the FADECs to read the thrust levers as being at or near idle... AND the engines failing to respond to closure of the fuel metering valve. I've read the entirety of both threads, and I haven't seen anyone even attempt to explain how a malfunction within the airframe could cause both of those things to occur on both engines (or even one engine!). 9 users liked this post. |
| bbofh
2025-06-17T04:55:00 permalink Post: 11903967 |
If a gear retraction remains in "tilt", then what does that
interregnum
status say in response to various systems' interrogations of the WoW sensors? Is it stuck in the Netherworld of
betwixt and between
?
Perhaps the safer solution should be an additional circuitry micro-switch feed of all three "up and locked"? (that agrees with the gear-handle). Also waiting to hear what the 787-8 RADALT status is? Was it ever 5G emanations-proofed? Is there any software provision for the TCMA to know for sure that the gear is neither up nor down? I would doubt it. Does that uncertainty affect the thrust-lever's positional input? Last edited by bbofh; 17th Jun 2025 at 05:02 . Reason: typo |
| OldnGrounded
2025-06-17T05:03:00 permalink Post: 11903972 |
|
| Lead Balloon
2025-06-17T05:22:00 permalink Post: 11903979 |
I'm honestly mystified by the obsession with TCMA. The FADECs control almost every aspect of the engines, so there must be numerous ways they could cause a failure or uncommanded shutdown. So, even if we assume that the engines failed due to faults in the FADECs, why assume that TCMA would be involved? Surely it's more logical to simply posit that some unspecified bug in the FADEC software caused the failure. That bug
could
be related to TCMA, but it could just as easily involve any one of the dozens of other subroutines that likely exist.
Various posters seem to assume that all it takes is an incorrect air/ground signal, and the engines would shut down. But in fact it would also require the FADECs to read the thrust levers as being at or near idle... AND the engines failing to respond to closure of the fuel metering valve. I've read the entirety of both threads, and I haven't seen anyone even attempt to explain how a malfunction within the airframe could cause both of those things to occur on both engines (or even one engine!). My recollection may be inaccurate, but wasn't there something in the software for 787 generator control units that would cause generator shut down if the aircraft was 'powered up' for a continuous 248 days? Same software, so all 4 generators would shut down. Is my recollection inaccurate? What we do know, for sure, is that the TCMAs have the same 'authority' and effect as the fuel cut-off switches. The difference is that the crew control the latter. 4 users liked this post. |
| EDLB
2025-06-17T05:38:00 permalink Post: 11903988 |
We have two donks individual fuel supply cut simultaneous in split seconds. There is no rudder activity visible for any thrust asymmetry during this timeframe. TCMA is implemented via the FADECs which are independent for each engine with their own power source from each engine. TCMA is designed to shut down its engine if its power lever is in retard position and the engine is still powering with too much thrust. In addition the airplanes ground sensors must indicate that it is on the ground. For each thrust leaver there are two independent position sensors. It is similar redundant designed as in modern car acceleration pedals. A dual redundancy in each thrust leaver. For TCMA to shut down two fuel supplies within split seconds we have to assume that 4 thrust leaver sensors malfunctioned and the ground sensing logic failed at the same time. The probability that this happens is nil (may be 1 in every 10exp15 hours) which would be about 10 times the age of our universe.
Unless there is a software error in the FADEC TCMA system which only came to light on this flight. But there seem to be nothing special on this flight until rotation. If there is a software error I expect, that we get false single engine shut downs first. And that would already made the news if it happened during rotation. 7 users liked this post. |
| tdracer
2025-06-17T06:11:00 permalink Post: 11903996 |
Thanks tdracer and EXDAC for the info re the throttle position resolvers (and I'm aware of what is "
well understood by those who specify, design, test, and certify critical aircraft systems", EXDAC). But do the separate resolver outputs involve physically separated wiring through separate looms and connectors and, if there are any earths or power connections involved, are they at separate points and, in the case of power connections, on separate busses? Duplicated, supposedly completely independent, "designed, tested and certified critical aircraft systems" occasionally have a common, single point of failure, not as a consequence of bad theoretical design but, rather, physical implementation.
And what of the weight on wheel sensor inputs to the 4 TCMA channels (2 per engine)? 4 separate sensors with 4 separated sets of wiring in different looms through different connectors? I've repeatedly posted I don't know the details of the 787/GEnx-1B FADEC air/ground logic - and I know even less about the 787 air/ground system architecture. That being said, I think the whole air/ground is a bit of a red herring - even with a false air/ground indication, it's going to take a very major flaw in the FADEC logic for TCMA to activate without several other things happening (such as the thrust levers being moved to idle - which all by itself is going to make for a bad day if it's done at rotation). 6 users liked this post. |
| TURIN
2025-06-17T06:28:00 permalink Post: 11904002 |
There is at least one thing common to the TCMA on each engine: The TCMA software.
My recollection may be inaccurate, but wasn't there something in the software for 787 generator control units that would cause generator shut down if the aircraft was 'powered up' for a continuous 248 days? Same software, so all 4 generators would shut down. Is my recollection inaccurate? What we do know, for sure, is that the TCMAs have the same 'authority' and effect as the fuel cut-off switches. The difference is that the crew control the latter. |
| Lead Balloon
2025-06-17T06:37:00 permalink Post: 11904003 |
I'm not sure I've understood what you're saying, TURIN. Are you saying that the software that controls the TCMA A and B channel relays on one engine is written by someone different from whoever writes the software that controls the TCMA A and B channel relays on the other engine? If so, I've learned something very important today.
|
| mechpowi
2025-06-17T07:24:00 permalink Post: 11904022 |
7 users liked this post. |
| mechpowi
2025-06-17T07:42:00 permalink Post: 11904035 |
If a gear retraction remains in "tilt", then what does that
interregnum
status say in response to various systems' interrogations of the WoW sensors? Is it stuck in the Netherworld of
betwixt and between
?
Perhaps the safer solution should be an additional circuitry micro-switch feed of all three "up and locked"? (that agrees with the gear-handle). Also waiting to hear what the 787-8 RADALT status is? Was it ever 5G emanations-proofed? Is there any software provision for the TCMA to know for sure that the gear is neither up nor down? I would doubt it. Does that uncertainty affect the thrust-lever's positional input? Using up and locked as signal to prevent TCMA activation is obviously more dangerous as it allows TCMA to function while the aircraft is in the air. Even in the same aircraft there might be different logics to determin if the aicraft is on the ground or in the air, depending what is the priority. Is the priority to know that the aircraft is in the air or on the ground or even NOT in the air. Some of those logics could use up-and-locked sensors and the gear handle position. 2 users liked this post. |
| Maddoglover
2025-06-17T09:05:00 permalink Post: 11904126 |
Retired but extremely doubtful.
Let me share an experience some time ago (not to pretend that there is a similitude here, but it could explain parts of it). Way back we took off in a 773 with Trent 800 donkeys. We were used to fly the GE90s but still had a few RR dogs left. Long runway with many intersecs, we had covered the first 3, planned was the first. ATC offered the third to get us out quick, so we did. Being used to the kick in the rear by the GE90s, i felt acceleration sluggish, but mentioned to the fo that we were sitting in a dog at more than 35 Celsius. The runway end seemed near, so my rotation turned out a bit nervous and we ended up in the typical 15degs that i had to reduce rapidly to 12ish to get a meager climb. I recalled silently: Did we calculate the 3rd? Yes. Did we take the 3rd and not the 4rth? No longer 100% sure … So i decided to go for max TO thrust (pushed GA) and increased pitch. - Both engines reacted, but they reacted with a very ugly jolt, almost as if they had to swallow first before thankfully giving the unspectacular full of the Trents. As they were EPR controlled, i can’t recall the N1 and especially N2 values and i can’t recall if their FADECs had a N2 overspeed protection or shut-down mode. - So after reading a lot of speculation here, i gather: If in doubt firewalling engines out of reduced TO settings in scorching heat and humidity might make even modern engines “swallow” a microsecond. With today’s multitude of sensors and even more consequential modes i would not be surprised that this could trigger something extremely undesirable. I was always somewhat sceptical towards automation and had my mantra to keep it as simple as possible. It makes overviewing and controlling more easy and thats what pilots are still in for. With all that modern automatic background “protection”, i fear us becoming mere scapegoats for many incidents that need to be brushed under the pilots seat for obvious reasons. 7 users liked this post. |
| JPI33600
2025-06-17T10:01:00 permalink Post: 11904160 |
Not an avionics specialist, but electronics / software engineer here, with extensive experience in hardware fault tracking, protocol monitoring and software debugging in embedded systems : mods, feel free to delete this post if I am completely out of track (and thank you for the huge amount of work you've done trying to keep this discussion clean).
After I have read the whole thread, I think most of the community agrees about a lack of engine thrust being the cause of the crash. Searching in that direction, I'm trying to "think out of the box", discarding the usual suspects (birds ingestion, TCMA, human mistake...), and to find a plausible single point of failure among the various subsystems involved. I was thinking of reversing the causality of the event, i.e. exploring a case where the engines would have behaved unexpectedly because of a major electrical failure, instead of the already explored case where both powerplants went AWOL first. Therefore, I have a couple questions for tdracer / fdr / other informed contributors (BTW, fantastic contribution guys, please keep the good info coming): 1. From the scarce info available, is it reasonable to conclude that the engines were totally shut down? Could they have just been set to idle or reduced thrust instead? 2. In the second case, if (and that's a big IF) a major electrical failure happened first (which could have triggered RAT deployment), and considering this plane is a FBW aircraft, could there exist a case where the FADECs would command idle thrust -- or significant thrust reduction -- because they receive invalid input data from the throttle controls? Kind of a garbage in-garbage out case? The associated scenario would be: major electrical fault (with subsequent RAT deployment) -> major protocol disturbance on ARINC/AFDX buses -> FADECs detect invalid data from the controls -> FADECS enter some kinf of safe mode and command reduced or idle thrust. Does it make sense or is it pure fantasy? 3 users liked this post. |
| EDML
2025-06-17T10:13:00 permalink Post: 11904168 |
Not an avionics specialist, but electronics / software engineer here, with extensive experience in hardware fault tracking, protocol monitoring and software debugging in embedded systems : mods, feel free to delete this post if I am completely out of track (and thank you for the huge amount of work you've done trying to keep this discussion clean).
After I have read the whole thread, I think most of the community agrees about a lack of engine thrust being the cause of the crash. Searching in that direction, I'm trying to "think out of the box", discarding the usual suspects (birds ingestion, TCMA, human mistake...), and to find a plausible single point of failure among the various subsystems involved. I was thinking of reversing the causality of the event, i.e. exploring a case where the engines would have behaved unexpectedly because of a major electrical failure, instead of the already explored case where both powerplants went AWOL first. Therefore, I have a couple questions for tdracer / fdr / other informed contributors (BTW, fantastic contribution guys, please keep the good info coming): 1. From the scarce info available, is it reasonable to conclude that the engines were totally shut down? Could they have just been set to idle or reduced thrust instead? 2. In the second case, if (and that's a big IF) a major electrical failure happened first (which could have triggered RAT deployment), and considering this plane is a FBW aircraft, could there exist a case where the FADECs would command idle thrust -- or significant thrust reduction -- because they receive invalid input data from the throttle controls? Kind of a garbage in-garbage out case? The associated scenario would be: major electrical fault (with subsequent RAT deployment) -> major protocol disturbance on ARINC/AFDX buses -> FADECs detect invalid data from the controls -> FADECS enter some kinf of safe mode and command reduced or idle thrust. Does it make sense or is it pure fantasy? 1 user liked this post. |
| framer
2025-06-17T10:59:00 permalink Post: 11904202 |
There is a possibility that doesn\x92t get much air time on this forum that satisfies all the \x91facts\x92 ( pprune facts mind you), and requires less mental gymnastics to believe than many of the theories put forward. I\x92m not saying it\x92s what happened at all but it seems much more likely than a TCMA fault to me.
This link is to a Japanese report on a Jetstar 787-8 with GE engines that had both engines drop below idle while airborne due to magnesium salts effecting the operation of the FSV spools. The Magnesium salts came from a biocide dose by maintenance two days earlier. For some reason I can\x92t paste the link but if you google JTSB the report number is AI2020-2. I think it\x92s quite easy to imagine that a simple maintenance error ( 1000ppm instead of 100ppm) combined with extremely bad luck on timing lead to this accident. I think I\x92m favouring a theory like this for its simplicity and the fact that fuel is the elephant in the room when you are dealing with a dual engine failure. 9 users liked this post. |
| sorvad
2025-06-17T11:11:00 permalink Post: 11904210 |
There is a possibility that doesn\x92t get much air time on this forum that satisfies all the \x91facts\x92 ( pprune facts mind you), and requires less mental gymnastics to believe than many of the theories put forward. I\x92m not saying it\x92s what happened at all but it seems much more likely than a TCMA fault to me.
This link is to a Japanese report on a Jetstar 787-8 with GE engines that had both engines drop below idle while airborne due to magnesium salts effecting the operation of the FSV spools. The Magnesium salts came from a biocide dose by maintenance two days earlier. For some reason I can\x92t paste the link but if you google JTSB the report number is AI2020-2. I think it\x92s quite easy to imagine that a simple maintenance error ( 1000ppm instead of 100ppm) combined with extremely bad luck on timing lead to this accident. I think I\x92m favouring a theory like this for its simplicity and the fact that fuel is the elephant in the room when you are dealing with a dual engine failure. 1 user liked this post. |
| Gary Brown
2025-06-17T11:43:00 permalink Post: 11904233 |
There is a possibility that doesn\x92t get much air time on this forum that satisfies all the \x91facts\x92 ( pprune facts mind you), and requires less mental gymnastics to believe than many of the theories put forward. I\x92m not saying it\x92s what happened at all but it seems much more likely than a TCMA fault to me.
This link is to a Japanese report on a Jetstar 787-8 with GE engines that had both engines drop below idle while airborne due to magnesium salts effecting the operation of the FSV spools. The Magnesium salts came from a biocide dose by maintenance two days earlier. For some reason I can\x92t paste the link but if you google JTSB the report number is AI2020-2. I think it\x92s quite easy to imagine that a simple maintenance error ( 1000ppm instead of 100ppm) combined with extremely bad luck on timing lead to this accident. I think I\x92m favouring a theory like this for its simplicity and the fact that fuel is the elephant in the room when you are dealing with a dual engine failure. 4. PROBABLE CAUSES In this serious incident, it is highly probable that, when the Aircraft was descending for landing, there occurred oscillation in rpm of each engine causing both engines to temporarily fall below idle at separate times because Residue primarily composed of magnesium salts accumulated in spools impeded movement of spools that involved in fuel metering of both engines. (emphasis added) and the narrative taken from the pilots is that while they happened in short order, the engine issues were not simultaneous. Not to say they couldn't be simultaneous, but they weren't. Also, the problems arose in the descent, as the engines were throttled back. Again, not to say it couldn't happen in the take-off, under full power. 3 users liked this post. |
| Xeptu
2025-06-17T13:12:00 permalink Post: 11904292 |
3 users liked this post. |
| OldnGrounded
2025-06-17T13:44:00 permalink Post: 11904315 |
I'm honestly mystified by the obsession with TCMA. The FADECs control almost every aspect of the engines, so there must be numerous ways they could cause a failure or uncommanded shutdown. So, even if we assume that the engines failed due to faults in the FADECs, why assume that TCMA would be involved?
I think those of us who are persistently trying to learn the details of the sensor inputs to and logic of TCMA (I prefer that characterization to "obsessed with") understand quite well the points you make here — at least those of us whose interest survives in this new thread. However, I at least, and I believe others as well, have also come to the tentative conclusions that (a) the accident aircraft had engines providing little to no useful thrust from nearly the first moments after rotation, and (b) the only possible reasons for that which have been considered here so far involve the sudden and approximately simultaneous shutdown of those engines, most likely by interruption of fuel flow (because that's one of the very few things we know that can do that without producing big bangs, flames and smoke, etc.).
Surely it's more logical to simply posit that some unspecified bug in the FADEC software caused the failure. That bug
could
be related to TCMA, but it could just as easily involve any one of the dozens of other subroutines that likely exist.
Various posters seem to assume that all it takes is an incorrect air/ground signal, and the engines would shut down.
But in fact it would also require the FADECs to read the thrust levers as being at or near idle... AND the engines failing to respond to closure of the fuel metering valve.
I've read the entirety of both threads, and I haven't seen anyone even attempt to explain how a malfunction within the airframe could cause both of those things to occur on both engines (or even one engine!).
Last edited by OldnGrounded; 17th Jun 2025 at 13:46 . Reason: Formatting 5 users liked this post. |
Page Links: First Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next Last Index Page