2025-06-17T10:01:00
permalink Post: 11904160
Not an avionics specialist, but electronics / software engineer here, with extensive experience in hardware fault tracking, protocol monitoring and software debugging in embedded systems : mods, feel free to delete this post if I am completely out of track (and thank you for the huge amount of work you've done trying to keep this discussion clean).
After I have read the whole thread, I think most of the community agrees about a lack of engine thrust being the cause of the crash. Searching in that direction, I'm trying to "think out of the box", discarding the usual suspects (birds ingestion, TCMA, human mistake...), and to find a plausible single point of failure among the various subsystems involved. I was thinking of reversing the causality of the event, i.e. exploring a case where the engines would have behaved unexpectedly because of a major electrical failure, instead of the already explored case where both powerplants went AWOL first.
Therefore, I have a couple questions for tdracer / fdr / other informed contributors (BTW, fantastic contribution guys, please keep the good info coming):
1. From the scarce info available, is it reasonable to conclude that the engines were totally shut down? Could they have just been set to idle or reduced thrust instead?
2. In the second case, if (and that's a big IF) a major electrical failure happened first (which could have triggered RAT deployment), and considering this plane is a FBW aircraft, could there exist a case where the FADECs would command idle thrust -- or significant thrust reduction -- because they receive invalid input data from the throttle controls? Kind of a garbage in-garbage out case?
The associated scenario would be: major electrical fault (with subsequent RAT deployment) -> major protocol disturbance on ARINC/AFDX buses -> FADECs detect invalid data from the controls -> FADECS enter some kinf of safe mode and command reduced or idle thrust.
Does it make sense or is it pure fantasy?
After I have read the whole thread, I think most of the community agrees about a lack of engine thrust being the cause of the crash. Searching in that direction, I'm trying to "think out of the box", discarding the usual suspects (birds ingestion, TCMA, human mistake...), and to find a plausible single point of failure among the various subsystems involved. I was thinking of reversing the causality of the event, i.e. exploring a case where the engines would have behaved unexpectedly because of a major electrical failure, instead of the already explored case where both powerplants went AWOL first.
Therefore, I have a couple questions for tdracer / fdr / other informed contributors (BTW, fantastic contribution guys, please keep the good info coming):
1. From the scarce info available, is it reasonable to conclude that the engines were totally shut down? Could they have just been set to idle or reduced thrust instead?
2. In the second case, if (and that's a big IF) a major electrical failure happened first (which could have triggered RAT deployment), and considering this plane is a FBW aircraft, could there exist a case where the FADECs would command idle thrust -- or significant thrust reduction -- because they receive invalid input data from the throttle controls? Kind of a garbage in-garbage out case?
The associated scenario would be: major electrical fault (with subsequent RAT deployment) -> major protocol disturbance on ARINC/AFDX buses -> FADECs detect invalid data from the controls -> FADECS enter some kinf of safe mode and command reduced or idle thrust.
Does it make sense or is it pure fantasy?
Subjects: Electrical Failure FBW RAT (All) RAT (Deployment) TCMA (All)
3 users liked this post.
2025-06-17T14:52:00
permalink Post: 11904368
EDML: "No. The throttle position sensors (dual per engine) are part of the FADEC. The throttle position data is not transmitted through the ARINC busses of the aircraft".
To clarify, you are saying that the throttle position sensors are wired directly to the FADEC, and nothng else ?.
To clarify, you are saying that the throttle position sensors are wired directly to the FADEC, and nothng else ?.
The thrust lever inputs are hardwired (resolvers connected to the thrust levers, powered by the FADEC), other aircraft communications on the 787 are on an ethernet based network.
2025-06-17T16:41:00
permalink Post: 11904452
Question to avionics specialists again. Below is the main drawing of the TCMA subsystem, included in
the patent document
. I can't stop scratching my head about the link I have circled in
red
in the center of the image. AFAICS, this link shunts the internal RUN path of TCMA entirely : the RUN signal is supplied by the RUN contact of relay assembly 52, then goes through the common and RUN contacts of relay 22, then goes through the common and RUN contacts of relay 28, then exits TCMA subsystem 18 by wire 124, and... we're back to square 1, because of the link. So TCMA subsystem 18 doesn't actually control the OPEN relay 118 of the HPSOV, only the CLOSED relay 100, and in the case where relay 22 and/or 28 are activated, both coils of HPSOV could even be energized at the same time.
Obviously enough, this isn't a real circuit diagram, but shouldn't this link be removed from the patent drawing?
Odd link in TCMA patent drawing
Obviously enough, this isn't a real circuit diagram, but shouldn't this link be removed from the patent drawing?
Odd link in TCMA patent drawing
Subjects: High Pressure Shutoff Valve TCMA (All)
1 user liked this post.
2025-06-18T16:12:00
permalink Post: 11905370
Once again, a question for people who know: what happens if voltage is applied to CLOSED coil of HPSOV when OPEN coil was already energized (dual conflicting inputs)?
Subjects: High Pressure Shutoff Valve
2025-06-19T11:34:00
permalink Post: 11905954
The RAT is an electrical generator, not a hydraulic pump. How many times does this need to be said?
This service bulletin provides instructions to replace the Ram Air Turbine (RAT) Pump and Control Module
Assembly to prevent failure of the hydraulic pump at low air speed. The RAT Assembly provides an emer-
gency source of electrical and hydraulic power for the primary flight control if the left, center and right main
hydraulic systems fail. Loss of the RAT Pump and Control Module Assembly could lead to loss of control
of the airplane when emergency power from RAT Assembly is needed. If this change is not incorporated
on the RAT Assembly and hydraulic power is lost on the left, right and center main hydraulic systems, then
the RAT Assembly may not provide sufficient hydraulic power which could result in the loss of many critical
control systems that are necessary for safe flight.
Assembly to prevent failure of the hydraulic pump at low air speed. The RAT Assembly provides an emer-
gency source of electrical and hydraulic power for the primary flight control if the left, center and right main
hydraulic systems fail. Loss of the RAT Pump and Control Module Assembly could lead to loss of control
of the airplane when emergency power from RAT Assembly is needed. If this change is not incorporated
on the RAT Assembly and hydraulic power is lost on the left, right and center main hydraulic systems, then
the RAT Assembly may not provide sufficient hydraulic power which could result in the loss of many critical
control systems that are necessary for safe flight.
787 RAT hydraulic pump location
Last edited by Senior Pilot; 19th Jun 2025 at 11:40 . Reason: Image
Subjects: Generators/Alternators Hydraulic Failure (All) Hydraulic Pumps RAT (All) RAT (Electrical)
6 users liked this post.
2025-06-21T15:52:00
permalink Post: 11907864
Some assumed numbers about normal biotreatment.
https://www.biobor.com/wp-content/up...ation-IATA.pdf
If we assume 50 tonnes fuel load a 100ppmw biotreatment will be 5kg of biocide total in all tanks.
The GEnx-1B will burn about 4,5kg/s fuel each on a take off run (give or take a bit) so 9kg/s in both donks for about 20s until rotate.
So the total nominal biocide dose could be pumped in about half a second through both engines on take off power if it where not mixed at all and arrives in both engines at the same time.
This gives you an idea that with the nominal amount of biocide dose not much could have happened. If biocide is the source of this dual EFATO than an extreme overdose in addition to wrong application preventing mixture with the fuel had to be the case.
https://www.biobor.com/wp-content/up...ation-IATA.pdf
If we assume 50 tonnes fuel load a 100ppmw biotreatment will be 5kg of biocide total in all tanks.
The GEnx-1B will burn about 4,5kg/s fuel each on a take off run (give or take a bit) so 9kg/s in both donks for about 20s until rotate.
So the total nominal biocide dose could be pumped in about half a second through both engines on take off power if it where not mixed at all and arrives in both engines at the same time.
This gives you an idea that with the nominal amount of biocide dose not much could have happened. If biocide is the source of this dual EFATO than an extreme overdose in addition to wrong application preventing mixture with the fuel had to be the case.
First, the problem involves the valves (notably but not exclusively FMV and FSV), not the combustion of the product:
It is highly probable that Residue primarily composed of magnesium salts accumulated in FMV spool and FSV spool, which meter engine combustion fuel, restricted movement of spools, caused inadequate fuel metering, thereby led to engine rpm oscillation that occurred from the first flight after conducting biocide treatment.
Investigation into similar cases revealed that there were six cases reported in which both engines could not start in twin engine aircraft, and one case each in which all engines could not start in four-engine aircraft and engine thrust could not be adjusted. Any of these cases were presumed to have been caused by concentration ratio of biocide (Kathon FP1.5) that was set at higher values (about 1,000 ppm) than specified ones during biocide treatments.
From the biocide test result, it is probable that Magnesium salts contained in biocide did not dissolve in fuel, but dissolved in water contained in fuel and were accumulated in spools as crystals through the engine fuel system.
These "rpm oscillations", leading to substantial loss of thrust, could as well have occurred simultaneously, and 81 seconds (for the RH engine) is an awfully long time. According to the report, Kathon FP1.5 is not used anymore for biocide treatment, but another contributor ( nachtmusak , who seems to be a petrol specialist) suggested that other products may have similar effects .
Therefore, regarding the case we are discussing at large (thanks again, mods!), I think we shouldn't overlook the hypothesis of fuel contamination by biocide, since it is a single point of failure (among a very limited number of SPoFs) from a system analysis point of view.
Subjects: Biocide EFATO Fuel (All) Fuel Contamination
2 users liked this post.
2025-06-21T17:23:00
permalink Post: 11907918
(5) From the results of the interview with the CS who was in charge of biocide treatment work, it is probably that the CS calculated according to the AMM so that the recommended final concentration ratio in the tanks would be about 100 ppm, and additionally loaded the treated fuel as described in 2.7 (11).
According to the AMM calculation formula, the concentration ratio of the additional biocide treated fuel is calculated to be about 250 ppm in the left tank and about 285 ppm in the right tank. However, there was no record of the calculation of the concentration ratio of the biocide and the dosage amount. It is desirable to keep these records because they are considered to be important for traceability of maintenance work.
According to the AMM calculation formula, the concentration ratio of the additional biocide treated fuel is calculated to be about 250 ppm in the left tank and about 285 ppm in the right tank. However, there was no record of the calculation of the concentration ratio of the biocide and the dosage amount. It is desirable to keep these records because they are considered to be important for traceability of maintenance work.
Subjects: Biocide
2 users liked this post.
2025-06-21T18:20:00
permalink Post: 11907962
This is the type of software we are usually subject to in our everyday lives basically everywhere. Your phone, your fridge, your oven, your water heater, your car, etc. pp. ad nauseam.
In case of the Safran FADEC 3 this is not actually what we're dealing with. It uses something called an FPGA (Field Programmable Gate Array) which is a very different beast to what we are used to dealing with.
(...)
Unsurprisingly this is rather inconvenient when dealing with the real world and especially when dealing with volatile physical processes that need monitoring. Like a modern turbine engine.
Enter the FPGA.
While it is programmable what that actually means is that (at a very high level) you can build a thing called a truth table, that means a definitive mathematical mapping of input states to output states. Unlike our sequential CPU driven system an FPGA will be able to perform its entire logic every time it is asked to do so. We don't have to wait for our happy check to perform any other check.
In case of the Safran FADEC 3 this is not actually what we're dealing with. It uses something called an FPGA (Field Programmable Gate Array) which is a very different beast to what we are used to dealing with.
(...)
Unsurprisingly this is rather inconvenient when dealing with the real world and especially when dealing with volatile physical processes that need monitoring. Like a modern turbine engine.
Enter the FPGA.
While it is programmable what that actually means is that (at a very high level) you can build a thing called a truth table, that means a definitive mathematical mapping of input states to output states. Unlike our sequential CPU driven system an FPGA will be able to perform its entire logic every time it is asked to do so. We don't have to wait for our happy check to perform any other check.
... which is part of a larger Powerpoint presentation by Ansys , explaining that these products are developed with SCADE development workbench, generating either Ada or C code, and that the resulting code runs under a microkernel realtime operating system:
Now, obviously enough, a CPU can be embedded in an application-specific FPGA, but it would still execute machine code. And from my experience in other embedded systems development, current CISC or RISC CPUs have more than enough computation power to implement command and control on a modern turbofan.
Subjects: FADEC
1 user liked this post.