Airbus A380 engine failure a big setback for automated airliners

Software and electronics enthusiasts have long predicted the day when airliners will fly themselves from Runway A to Runway B without any human pilots screwing things up. When the standard airplane was going from four crewmembers (pilot, pilot, flight engineer, navigator) to two (just the pilots), the joke was that one day it would be a single pilot and a dog. The pilot’s job was to feed the dog and the dog’s job was to bite the pilot if he touched anything.

The quest to build an automated airliner has been significantly set back by the engine failure on the Airbus A380. Here’s an interview with one of the pilots, which makes it clear that the software, left to itself, was not able to pick the serious problems out of the crowd of warning messages, nor was it able to make reasonable estimates of landing capability.

This was the newest and most advanced airplane from the company with the most advanced software and most sophisticated automation philosophy. Admittedly the engineers and programmers had to deal with regulatory authorities and designed the system with the knowledge that human pilots would be up front, but anyone wishing to argue against fully automated airliners need only point to this incident.

12 Comments

  1. Fazal Majid

    December 11, 2010 @ 11:40 pm

    1

    To figure out the trade-off, we’d also need to know how many air crash fatalities were due to pilot error that an automated system would not have exhibited.

  2. Jonathan

    December 12, 2010 @ 1:33 am

    2

    One thing that struck me from that interview was that it took them two hours to deal with the junk coming from the computers. Given the damage, I would think “get the damn thing on the ground” would be the best policy. It seems they spent a good portion of their time sifting through a ludicrous number of useless messages.

  3. Bas Scheffers

    December 12, 2010 @ 2:26 am

    3

    Fazal, not only that. To gain acceptance, people need to be comfortable with the notion of being killed by a machine.

    In a recent discussion at our flight school, it became clear even intelligent pilots (puttng themselves in the passenger seat) don’t care about statistics; they would rather die at the hands of screw-up humans than of a computer failure. Even if the humans kill more often.

  4. David Wihl

    December 12, 2010 @ 10:58 am

    4

    Jonathan: the captain specifically said they wanted to make sure the plane was flyable. I think they did the right thing given the plane was stable. What if they were too heavy and had a runway overrun? Given the circumstances, I think they did an awesome job, even more impressive than Sully as they really had to use their wits more than instinct with limited choices.

    Wrt automation, bad software kills people all the time ( sample list). I think Airbus has the right approach: provide envelope protection under most circumstances but allow overrides for unforeseen conditions.

  5. philg

    December 12, 2010 @ 11:05 am

    5

    Jonathan: “get the damn thing on the ground” would have made a lot of sense in a light airplane, and “dump fuel and then get the damn thing on the ground” would have made a lot of sense in a heavy airplane, but since they couldn’t dump fuel and couldn’t extend slats and therefore had a ridiculously high approach speed (perhaps higher than a real A380 had ever been landed at), I think that flying around for a bit burning off fuel helped them avoid a runway overrun.

  6. supermike

    December 12, 2010 @ 8:44 pm

    6

    “In the Airbus and the A380 we don’t carry performance and landing charts, we have a performance application.” (One which failed, upon first application)

    I’m in the software business & I think I’m now going to be exclusively a Boeing 747 man for long, overwater flights. You’d think they’d have at least some notes for a “back of the envelope” calculation.

    Reading the interview leads one to believe that this is really a bleeding-edge technological product, routinely flown at weights that push the limits of its engineering. It also makes one wonder if there’s enough redundancy for a plane with potentially 500+ people aboard.

    If this had been those guys from the Air India 737 incident instead of a bunch of bad-ass seasoned Australians, I doubt we’d have had the same outcome. (Although, the interview makes it sound like an A380 might be a full order of magnitude higher in complexity than a 737)

  7. David Wihl

    December 12, 2010 @ 10:27 pm

    7

    supermike: the number of permutations on the performance tables for different configurations would probably in the hundreds or thousands of pages. I bet they do have notes for “back of envelope” calculations, ie. standard criteria. However, when your margin is 3.25% (130/4000M), I’d personally would like to be more precise.

    Why would you be more comfortable in a 747, when a) Evans said that this condition would have been harder in a Boeing (and he would know), b) there was obviously enough redundancy to make the plane flyable even though it experienced so many concurrent unforeseen failures?

    Guys, this is a testament to the crew and Airbus. It’s Rolls Royce that failed miserably. Rotor containment has been a certification requirement for decades, and they failed, badly.

  8. senorpablo

    December 13, 2010 @ 2:31 am

    8

    David-

    The condition you say would have been harder to deal with in a “Boeing” [747] doesn’t seem to be an issue with 74′s so it’s irrelevant how much more difficult that condition would have been. I’ll take the plane that doesn’t have issues over the one that has issues which are easier to deal with any day.

    Presumably one would be more comfortable on a 747 because of its outstanding track record. There have been over 1409 747′s built and they’ve been flying commercially for 40 years! It’s a proven platform, unlike the A380 which has a 3 year track record, and somewhere around 40 total built. Who knows what other issues there are if any? No one.

    The A380 is only available with two relatively new and unproven engine designs. An A380 sans engines is of zero value, so your praising the aircraft despite the engines is of no comfort. The 747 and any of it’s engine choices have a fantastic track record, and that’s why you too should feel more comfortable on one. I’ve flown on both and there’s no appreciable difference to the passenger in terms of comfort. The 747 is an engineering marvel.

  9. philg

    December 13, 2010 @ 10:02 am

    9

    Senorpablo: I think David was saying that it is important to distinguish the airframe from the engines. The 747 gets re-engined periodically and is therefore subject to the same “new engine” risk as the A380.

    Another way to look at the 747 v A380 is that the 747, like most airliners, requires two systems to function in order to have flight controls: electrics and hydraulics. The electrics pump up the hydraulic pressure and the hydraulic pressure is modulated at the ailerons, elevators, and rudder to move those critical surfaces. The A380, by contrast, supposedly has some self-contained actuators at each control surface that require only electric power. So if something is damaged on the left side of the plane it shouldn’t affect the right side (unlike hydraulic fluid, which when it leaks out is gone for everyone, e.g., in http://en.wikipedia.org/wiki/United_Airlines_Flight_232 ).

    The only time that I’ve ever been terrified on an airliner was when I was one of the pilots (“thank you ladies and gentlemen for flying with us today; I’ve never flown this type of airplane or, in fact, anything with more than 4 seats, but I did get some experience in a simulator that they say is similar. My most recent landing was at 75 knots and 2800 lbs.; I hope that you enjoy my first landing at 145 knots and 47,000 lbs.”).

  10. David Wihl

    December 13, 2010 @ 1:14 pm

    10

    The A380 can use Rolls Royce Trent 900s. The new Boeing 787 can use the Trent 1000, which also suffered uncontained rotor failure. Interestingly, a Qantas 747 also experienced an uncontained engine failure in August (video). Fortunately for the 747 crew, the blades went sideways rather than up through the wing, but clearly this proven design has issues too.

  11. philg

    December 13, 2010 @ 1:28 pm

    11

    I wonder if maybe Airbus should hook up some strings from the fuel tanks to the cockpit so that it is possible to dump fuel even when the electrical system has gone haywire. Alternatively, some sort of backup fuel jettison system that can drop all of the tanks down to about 35 percent capacity, which should nearly always result in a reasonable landing weight and reasonable balance.

  12. supermike

    December 13, 2010 @ 3:53 pm

    12

    David,
    The sense that the article gives me is not that the good people at Airbus didn’t spend a lot of time and effort thinking about safety, just that the A380 is what in software what we used to call “Bleeding edge” in many categories, size (and weight), automation, flight controls, powerplant, you name it. This jet sounds like it’s perilously close to one of those “cascading failures” more often than I’d like. There may be failures in which you’re in a better seat than in a similarly-failed 747, but the 747 has a lot of history on its side. Perhaps a 747 wouldn’t tend to experience a failure like that. I’m going to let other people do the risk-taking in this case.
    That 3.5% safety margin (out of a buggy computer program) is hardly reassuring. Precise? They started throwing out variables until they got an answer. It’s mostly a philosophical question, but if it had been 3.5% over, what do you think they would have done? My guess is that they would have tried to figure the implications of burning a little more fuel, but they were already worried about balance. It’s fortunate that they got an answer they could live with. Maybe a radio call: “Hey, is there anything really hard or sharp at the end of that runway?”

Log in