quarta-feira, 2 de julho de 2014

MH370 - The Aircraft Experienced a Power Failure



29 Jun 2014


Inmarsat, the company that officially analyzed flight data from MH370, has confirmed the assessment but says it does not know why the aircraft experienced a power failure.
 
Inmarsat, a empresa que oficialmente analisou dados de vôo do MH370, confirmou a avaliação, mas diz que não sabe por que a aeronave experimentou uma falha de energia.
 
"It does appear there was a power failure on those two occasions," Chris McLaughlin, from Inmarsat, told The Telegraph. "It is another little mystery. We cannot explain it. We don't know why. We just know it did it."
 
"Parece que houve uma falha de energia nessas duas ocasiões," Chris McLaughlin, da Inmarsat, disse ao The Telegraph. "É mais um pouco de mistério. Nós não podemos explicar. Não sabemos o porquê. Só sabemos que foi isso. "
 
The Australian report released by Australian authorities has revealed that the Boeing 777 attempted to log on to Inmarsat satellites at 2.25am, three minutes after it was detected by Malaysian military radar.
 
O relatório australiano divulgado por autoridades australianas, revelou que o Boeing 777 tentou fazer log-on nos satélites da Inmarsat às 02:25 AM, três minutos depois que foi detectado pelo radar militar da Malásia.
 
This was as the plane was flying north of the Indonesian island of Sumatra. The aircraft had already veered away from the course that would have taken it to its destination of Beijing, but had not yet made its turn south towards the Indian Ocean.
Isto foi quando o avião estava voando ao Norte da ilha indonesiana de Sumatra. A aeronave já tinha se desviado para longe do curso que ele teria tomado para seu destino Pequim, mas ainda não tinha feito a sua vez para o Sul em direção ao Oceano Índico.
 
The aircraft experienced another such log-on request almost six hours later, though this was its seventh and final satellite handshake and is believed to have been caused by the plane running out of fuel and electrical power before apparently crashing, somewhere in the southern Indian Ocean. The other five handshakes were initiated by the satellite ground station and were not considered unusual.
 
A aeronave experimentou outra solicitação de  log-on quase seis horas mais tarde, embora este foi seu sétimo e último ‘handshake’ com o satélite e é acreditado ter sido causado pelo avião ficar sem combustível e energia elétrica antes de aparentemente se despencar, em algum lugar ao sul do Oceano Índico. Os outros cinco ‘handshakes’ foram iniciados pela estação terrestre de satélites e não foram considerados incomuns.
 
Asked whether the power interruption could have been caused by a mechanical fault, Mr Gleave said: "There are credible mechanical failures that could cause it. But you would not then fly along for hundreds of miles and disappear in the Indian Ocean."
 
Perguntado se a interrupção de energia poderia ter sido causada por uma falha mecânica, o Sr. Gleave disse: "existem falhas mecânicas críveis que causariam isso. Mas você não voaria depois ao longo de centenas de quilômetros e desapareceria no Oceano Índico".
 
Another aviation expert, Peter Marosszeky, from the University of New South Wales, agreed, saying the power interruption must have been intended by someone on board. He said the interruption would not have caused an entire power failure but would have involved a "conscious" attempt to remove power from selected systems on the plane.
 
Um outro especialista em aviação, Peter Marosszeky, da Universidade de New South Wales, concordou, dizendo que a interrupção de energia deve ter sido intencionada por alguém a bordo. Ele disse que a interrupção não teria causado uma falha de energia inteira, mas teria envolvido uma tentativa "consciente" para remover energia de sistemas selecionados no avião.
 
"It would have to be a deliberate act of turning power off on certain systems on the airplane," he said. "The aircraft has so many backup systems. Any form of power interruption is always backed up by another system.
"Teria de ser um ato deliberado de desligar a energia em determinados sistemas no avião", ele disse. "A aeronave tem vários sistemas de suporte. Qualquer forma de interrupção de energia é sempre sustentada por um outro sistema.
 
"The person doing it would have to know what they are doing. It would have to be a deliberate act to hijack or sabotage the aircraft."
"A pessoa fazendo isso teria que saber o que elas estvam fazendo. Issoteria que ser um ato deliberado para seqüestrar ou sabotar a aeronave."
 

Electrical Power

There are three individual power systems dedicated to the Primary Flight Control System, which are collectively referred to as the Flight Controls Direct Current (FCDC) power system. An FCDC Power Supply Assembly (PSA) powers each of the three power systems. Two dedicated Permanent Magnet Generators (PMG) on each engine generate AC power for the FCDC power system. Each PSA converts the PMG alternating current into 28 V DC for use by the electronic modules in the Primary Flight Control System. Alternative power sources for the PSAs include the airplane Ram Air Turbine (RAT), the 28-V DC main airplane busses, the airplane hot battery buss, and dedicated 5 Ah FCDC batteries. During flight, the PSAs draw power from the PMGs. For on-ground engines-off operation or for in-flight failures of the PMGs, the PSAs draw power from any available source.


Fault Tolerance

‘‘Fault Tolerance” is a term that is used to define the ability of any system to withstand single or multiple failures which results in either no loss of functionality or a known loss of functionality or reduced level of redundancy while maintaining the required level of safety. It does not, however, define any particular method that is used for this purpose. There are two major classes of faults that any system design must deal with. These are

 
·         A failure which results in some particular component becoming totally inoperative. An example of this would be a loss of power to some electronic component, such that it no longer performs its intended function.

·         A failure which results in some particular component remaining active, but the functionality it provides is in error. An example of this failure would be a Low Range Radio Altimeter whose output is indicating the airplane is at an altitude 500 feet above the ground when the airplane is actually 200 feet above the ground.

 


 One method that is used to address the first class of faults is the use of redundant elements. For example, there are three PFCs in the 777 Primary Flight Control System, each with three identical computing ‘‘lanes” within each PFC. This results in nine identical computing channels. Any of the three PFCs themselves can fail totally due to loss of power or some other failure which affects all three computing lanes, but the Primary Flight Control System loses no functionality. All four ACEs will continue to receive all their surface position commands from the remaining PFCs. All that is affected is the level of available redundancy.

Likewise, any single computing lane within a PFC can fail, and that PFC itself will continue to operate with no loss of functionality. The only thing that is affected is the amount of redundancy of the system.

The 777 is certified to be dispatched on a revenue flight, per the Minimum Equipment List (MEL), with two computing lanes out of the nine total (as long as they are not within the same PFC channel) for 10 days and for a single day with one total PFC channel inoperative.

Likewise, there is fault tolerance in the ACE architecture. The flight control functions are distributed among the four ACEs such that a total failure of a single ACE will leave the major functionality of the system intact. A single actuator on several of the primary control surfaces may become inoperative due to this failure, and a certain number of spoiler symmetrical panel pairs will be lost. However, the pilot flying the airplane will notice little or no difference in handling characteristics with this failure. A total ACE failure of this nature will have much the same impact to the Primary Flight Control System as that of a hydraulic system failure.

The second class of faults is one that results in erroneous operation of a specific component of the system.

The normal design practice to account for failures of this type is to have multiple elements doing the same task and their outputs voted or compared in some manner. This is sometimes referred to as a “voting plane.’’

All critical interfaces into the 777 FBW Primary Flight Control System use multiple inputs which are compared by a voting plane. For interfaces that are required to remain operable after a first failure, at least three inputs must be used. For example, there are three individual Low Range Radio Altimeter (LRRA) inputs used by the PFCs. The PFCs compare all three inputs and calculates a mid-value select on the three values; i.e., the middle value LRRA input is used in all calculations which require radio altitude. In this manner, any single failure of an LRRA that results in an erroneous value will be discarded. If a subsequent failure occurs which causes the remaining two LRRA signals to disagree by a preset amount, the PFCs will throw out both values and take appropriate action in those functions which use these data.

Additionally, a voting plane scheme is used by the PFCs on themselves. Normally, a single computing lane within a PFC channel is declared as the ‘‘master” lane, and that lane is responsible for transmitting all data onto the data busses for use by the ACEs and other airplane systems. However, all three lanes are simultaneously computing the same control laws. The outputs of all three computing lanes within a single PFC channel are compared against each other. Any failure of a lane that will cause an erroneous output from that lane will cause that lane to be condemned as ‘‘failed” by the other two lanes.

Likewise, the outputs from all three PFC channels themselves are compared. Each PFC looks at its own calculated command output for any particular actuator, and compares it with the same command that was calculated by the other two PFC channels. Each PFC channel then does a mid-value select on the three commands, and that value (whether it was the one calculated by itself or by one of the other PFC channels) is then output to the ACEs for the individual actuator commands. In this manner, it is assured that each ACE receives identical commands from each of the PFC channels.

 
 

Nenhum comentário:

Postar um comentário