Why do passenger jets accept input that will cause the aircraft to perform dangerous maneuvers it was not designed for?

Question

Examples:

A bank angle > 45 degrees is considered an “upset,” putting the plane in a position that can lead to a loss of control.
A pitch > 20 degrees can possibly be dangerous and cause the aircraft to stall (depends on many factors or course).

These are just a few examples of limits that most passenger jets have. Now why is it that the plane actually accepts input that will cause the aircraft to go beyond these limits? What possibly use could “diving” straight towards the ground or towards the sky have? Or having a high bank angle that will almost certainly cause stalling and loss of control?

Not all passenger jets permit pilot control inputs to cause the aircraft to enter a dangerous attitude. Most Airbus aircraft, operating in "normal law",have flight-envelope protections intended to prevent this. Some Boeing aircraft have flight envelope protection but this can be defeated by using "excessive force". — RedGrittyBrick, Jan 19 '15 at 18:35
Automatic "flight envelope protection" is discussed in this wikipedia article and provide examples of situations that may justify manual control. A well known case is China Airlines Flight 006. — mins, Jan 19 '15 at 19:15
Not an answer but related. Modern fighters enable the pilot to make maximum control inputs. The computers will figure out what control surface deflection is applied without breaking the pilot or the airplane and fly on the edge of the envelope. Early F16 development made a lot of breakthroughs in this area and one of the problems was that the aircraft could make maximum input maneuveurs without breaking the airplane but the pilots could not withstand the G. The computer algorithms were tweaked to protect the "wetware" a little more. — Simon, Jan 19 '15 at 19:34
@mins: China Airlines flight 006 is a great example of why flight envelope protection is superior. If the plane had flight envelope protection, it would have never entered the spiral dive in the first place! (And the flight envelope protection systems are smart enough to switch to direct control if the flight envelope is already left e.g. due to really extreme turbulence). — Jan Hudec, Jan 19 '15 at 20:22
@JanHudec. Pitch-direct may not be available after abnormal attitude detection. It seems this would be Pitch-alternate with load factor protection still active, preventing a pullup at 5.5g. Not sure however, correct me if I'm wrong. — mins, Jan 19 '15 at 23:20
@mins: I think yes, it would be alternate. still with g-based command. After all if turbulence upsets you you still don't want to break the aircraft apart by pulling too hard. If it won't let you in a spiral dive (and it won't; the system maintains level to 33° bank and will automatically reduce higher bank), you won't need it. — Jan Hudec, Jan 20 '15 at 05:47
I believe that my Ford Focus will let me input commands (steering, braking, accelerator) that would cause it to perform dangerous maneuvers it was not designed for. And the Ford Focus is designed to be piloted by general (licensed) consumers, not by rigorous highly-trained professionals as is a Boeing 787. — dotancohen, Jan 21 '15 at 13:38
@dotancohen Not only is your Ford Focus not carrying 300 passengers and 300,000 liters of fuel (or maybe you tricked it out some?) I wouldn't use your Ford Focus' lack of safety features as a positive. Driving is so much riskier than flying commercially. — Schwern, Jan 21 '15 at 18:44
@JanHudec The Wikipedia article on China Airlines 006 mentions the attempt to restart an engine at too high an altitude, and failure to apply rudder. I can imagine it might have helped if the autopilot of a B747 had rudder control, but what about the altitude? Should the avionics force the aircraft to descend to 30000 feet when an engine flames out? (That's not a rhetorical question, by the way.) — David K, Jan 22 '15 at 14:31
@DavidK: No, it shouldn't. It should just prevent it from entering a spiral dive because of it. Which is exactly what the Airbus one would do. It does not automatically dial in the rudder trim, but it would apply aileron and elevator which would make the aircraft fly with more drag (in a slip), in a circle because the aileron would only be applied as reaction to too much bank, but it would not be loosing altitude. That would give the pilots time to regain situational awareness and fix the problem. — Jan Hudec, Jan 22 '15 at 16:23
@JanHudec If I read the article correctly, the autopilot was already applying the maximum aileron control (I don't know about elevator), but it wasn't enough. I'm not sure about this exact incident, but I believe an aircraft with four engines can safely maintain a higher altitude than the same aircraft with three engines running, so if one engine flames out near the maximum sustainable altitude the pilot must descend. If the pilot does not, the laws of physics will accomplish the same goal, but not in a nice way. — David K, Jan 22 '15 at 16:51
@DavidK: Well, no, it wasn't. The autopilot has a limit force and disconnects if it would need to apply greater force. And I think the aileron returns to neutral when that happens and pilot does not take over. In Airbus the flight envelope protection is a separate layer that will not disconnect unless the necessary sensors fail or pilot turns it off manually and that will apply as much control force as needed. I have read reports about testing engine failure in Airbus and the described behaviour was: banked somewhat, entered slipping turn, maintained vertical speed. — Jan Hudec, Jan 22 '15 at 17:23
@JanHudec What I see on Wikipedia is: "As the speed decreased even further, the plane began to roll to the right, even though the autopilot was maintaining the maximum left roll limit." I did not understand that to be "disconnected". But neither do I believe everything I read on Wikipedia. On the other hand it would not surprise me if the autopilot had one rule for what to do when the pilot dials in an excessive maneuver somehow on the control panel, and a different rule for what to do when it is merely trying to maintain the aircraft's existing attitude. — David K, Jan 22 '15 at 19:51
@DavidK: I don't have detailed knowledge of that system, but I don't believe the ailerons would not have enough authority if applied manually; the yaw-roll coupling is not that strong. It would be the autopilot limit that was exceeded. And then the autopilot disconnected. They all disconnect when they can't maintain the set parameters, because it normally means something fails and the autopilot is not able to fix it. And then the plane was completely uncontrolled. — Jan Hudec, Jan 23 '15 at 09:11

score 54 · Accepted Answer · edited Jan 21 '15 at 17:14

54

Generally speaking, pilots don't like it when a computer interprets or limits their actions. They want final control. They don't always get their way on this but that's their preference.

If I recall correctly, Boeing tends to stick with the philosophy that "the pilot is the final arbiter." Airbus is more likely to preempt pilot inputs and modify them.

Although the majority of crashes and incidents wind up being pilot error, there is a serious flaw to modifying pilot inputs. That flaw is in the case of systems failure.

By definition, failure modes involve things going wrong. When things go wrong it's effectively impossible to plan, in automation, for all contingencies. People are much better at responding to the unknown than automation systems are.

Take for instance the rule that "bank angles > 45 degrees are dangerous, and are therefore prohibited". How does the plane know that the bank angle is > 45 degrees? Well it's a sensor of course, but what if the sensor has failed? A failed sensor will either signal to take action when none is needed or fail to signal when action is called for. What if the control surfaces have failed and the plane cannot correct the bank angle?

The usual answer to that is redundant systems, high reliability parts and design, etc. All those are great of course and certainly help a lot. However we still have incidents and accidents.

In the end the question is: Who do you trust more? A pilot or a machine? And statistics and science only help you part-way here. A person's experience, biases and feelings will have a lot to say about how they answer. And by "person", understand that I'm including the customers, the paying public.

edited Jan 21 '15 at 17:14

Community

1

answered Jan 19 '15 at 22:30

Brian Too

536
4
3

5

+1 For the Boeing vs. Airbus comparison. In Boeing jets, the pilot is the final authority in flying the airplane. In an Airbus, he is just a voting member. – Bassinator Jan 19 '15 at 23:17
11

+1 especially for sensor failure comment. It's more likely a plane will need the pilot to do something irregular and unexpected because of situations including malfunctions and things the computer may not be able to even have good data on. When is the pilot going to risk a dangerous maneuver without a a good reason? – Dronz Jan 20 '15 at 05:01
2

Not even a fully working sensor can tell you dependably what roll angle the aircraft is flying. And, btw, newer Boeing planes (777, 787) restrict the pilot's actions quite as much as Airbusses do since the A320. – Peter Kämpf Jan 20 '15 at 11:26
1

@PeterKämpf Heck, it's hard enough to tell how fast you're going, let alone the angle. – user Jan 20 '15 at 14:21
2

@BrianToo "Although the majority of crashes and incidents wind up being pilot error, there is a serious flaw to modifying pilot inputs." I'm sure if the computer had more control, then the majority of crashes would be the computer's fault. – Jan 20 '15 at 20:03
4

Re "what if the sensor has failed?", it was of course a failed sensor which caused AF 447 to switch to 'alternate law' - switching off the limits that would have prevented the pilots from stalling the aircraft: "once the computer lost its airspeed data, it disconnected the autopilot and switched from normal law to "alternate law," a regime with far fewer restrictions on what a pilot can do. In alternate law, pilots can stall an airplane." – A E Jan 21 '15 at 10:13
6

This (highly upvoted) answer consists of opinion. Pilots who have flown both Boeing and Airbus have more nuanced opinions (example 737 & A320 pilot). I'd like to see some more objective/factual references for the assertions made. – RedGrittyBrick Jan 21 '15 at 11:04
@MichaelKjörling: Indeed, from that very article: "A second consequence of the reconfiguration into alternate law was that "stall protection" no longer operated. Whereas in normal law, the airplane's flight management computers would have acted to prevent such a high angle of attack; in alternate law this did not happen. (Indeed, the switch into alternate law occurred precisely because the computers, denied reliable speed data, were no longer able to provide such protection – nor many of the other functions expected of normal law)." – Lightness Races in Orbit Jan 21 '15 at 11:36
Should also consider the human pilot's track record -- in the US alone, there's an average of 87,000 commercial flights per day. There's been a few commercial airline accidents in the news as-of late, but typically flying in an airplane is significantly safer than most of your daily activities. Statistically you are more likely to die choking on your lunch than in an airplane crash. It should speak to how well a trained and experienced airline pilot can fly on average; heck, even the poor airline pilots are incredibly safe statistically speaking. – SnakeDoc Jan 21 '15 at 17:27
The argument of "pilot having full authority" is somewhat vague and I think unjustified. The Airbus normal law is designed to allow full certified flight envelope. For example the max bank angle of 67 degrees will give 2,5Gs in level flight - which is the structural limitation. In sudden distress it is safe to make maximum side stick input and you will get maximum available performance. The safety comparison (by Airbus) presents that fly-by-wire controls have reduced number of loss-of-control incidents roughly by factor of ten. https://accidentstats.airbus.com/statistics/generations-of-jet – busdriver Jun 16 '21 at 06:28

score 22 · Answer 2 · answered Jan 19 '15 at 18:21

22

The philosophy is that the pilot knows best. If they need to make a maneuver, they should be trusted to do so.

Although there are absolute limits such as structure, other limits are less exact and depend on conditions (and even structure is built to withstand additional margins, failure, and damage). Something that qualifies as an "upset" is certainly not routine, but it is not necessarily fatal either, and can be used to deal with certain situations.

A big reason for abrupt maneuvers would be avoiding an obstacle. In the case of terrain, this would generally be a steep climb, or possibly a steep turn. But this could also be another aircraft, in which case the pilot may want to descend quickly.

answered Jan 19 '15 at 18:21

fooot

72,860
23
237
426

2

Indeed. There have been fly-by-wire that would refuse "dangerous" input. They had to go back in and convince the control software to permit the maneuver if the pilot moved his controls to the stops after a couple of crashes that might have been prevented by an out-of-range maneuver. – Joshua Jan 19 '15 at 21:12
3

@Joshua: Which ones? For Airbus many cases are known where the protections prevented crash, a couple where they failed to prevent it (usually when the sensors failed so it couldn't provide the protections) and no cases where the outcome without them would have been better. – Jan Hudec Jan 21 '15 at 17:29
1

I'd be hard pressed to find it again, sorry. It was taught as standard material in CS courses 10 years ago. The problem is the flight computers can't see ahead and so will fly into a mountain rather than attempt too radical a maneuver. – Joshua Jan 21 '15 at 17:51
1

@Joshua Huh? Why exactly would a flight computer be unable to "see ahead"? While there might be a few cases where the computer caused a crash, the statistics are very clear that the vast majority of crashes are caused by human error. People just don't like the idea of not being (or at least having a fellow human) in control, even if it'd objectively safer. – Voo Jan 21 '15 at 18:31
I did find a reference in this book to Iberia 1456, where the protections incorrectly pitched the aircraft down, causing it to land very hard. – fooot Jan 21 '15 at 18:33
Well that's not the one but it's the same essence. The computer doesn't know the current trajectory will crash and even in stall airspeed will be traded for altitude. The one I recall the plane collided with a mountain that should have been cleared if the pilot's steering was followed. – Joshua Jan 21 '15 at 21:34
1

And a related aspect of this--in an emergency the correct maneuver may be to risk the airframe. When you see the mountain in front of you an overstressed airframe is the least of your worries. – Loren Pechtel Jan 22 '15 at 05:25
@LorenPechtel I'd say it's the greatest of your worries, actually. Collisions tend to be quite stressful. – JAB Sep 09 '16 at 20:57

Peter Kämpf · Answer 3 · 2021-06-15T11:50:52.583

18

Let's just focus on roll. The same command that can be used to roll the aircraft from 0° roll angle to 30° can be used to roll it from 30° to 60°. Who is to decide at what roll angle the airplane is and that from now on no further roll commands are acceptable?

A computer-controlled FCS, obviously, if we decide the pilots cannot be trusted. But can we trust the FCS more? What would be the basis for it to establish the correct roll angle?

Gyros? They need to be calibrated once in a while, because all gyros drift. Some more, some less, but no technology can prevent them from showing dangerously wrong readings when they are left running long enough.
Accelerometers which show the gravity vector? As soon as the airplane flies a coordinated turn, it should be obvious that they point only away from the lift vector. No dice.
Radar altimeter at the wingtips? Fly high enough and they become useless. This might work for low-level flight, but not in all flight phases.
Camera and image processing to find the attitude towards the horizon? Stops working at night or in fog.

I could extend the list, but by now it should become clear that this is not as easy as it sounds. Especially the FCS design for autonomous UAVs is quite tricky and needs to correlate the inputs of different sensors in order to establish level flight. This was learned the hard way by Aurora Flight Sciences when flight-testing their Perseus A prototype. Relying on the gyro alone, the team did not realize that the sensor drifted away and commanded increasingly steep bank angles. When the aircraft disintegrated, the team did not even immediately realize what had happened because the maximum sink rate value on the flight data downlink corresponded to just 20 m/s - it just got stuck at -1023 counts. The aircraft prototype was totally destroyed in the accident.

Perseus A before its final 21st flight.

I guess this is the last forum on the whole Internet where it needs to be explained that relying on perfectly functioning software is foolish. Somehow, human pilots are still better at resolving unforeseen difficulties, for the same reasons why they sometimes screw up in inexplainable ways.

edited Jun 15 '21 at 11:50

answered Jan 19 '15 at 20:42

Peter Kämpf

231,832
17
588
929

5

So the Perseus A suffered its own form of the spatial disorientation that afflicted the human pilots of CA006, AF447 etc? – RedGrittyBrick Jan 19 '15 at 21:46
3

Well, that's one team of engineers who will remember that gyros drift. There's no substitute for experience. – Andrew Morton Jan 19 '15 at 22:03
If turning at constant speed, then the aircraft is also constantly accelerating so indeed, not an easy problem to solve. – Simon Jan 19 '15 at 22:06
5

Pilots also loses their sense of level flight when in fogs without their instruments, and instruments can lie, as seen in this accident, and pilots have gotten into accidents when they trust their artificial horizons too much. It's the Perseus software's fault that it relies too much on gyro, but you only need to teach a computer once. Human has a natural affinity for visual flight and adapting to unforeseen circumstances, but computers have better potential at instrument flying and avoiding accidents in the first place. Both need to be properly trained/written to be effective at what they do. – Lie Ryan Jan 20 '15 at 00:27
9

+1 for "relying on perfectly functioning software is foolish". To quote a renowned computer scientist, E. W. Dijkstra, "[software] testing can only prove the presence of bugs, not their absence". – Jeff B Jan 20 '15 at 20:29
But... can pilots really perform better at identifying the roll angle in difficult conditions when compared to computers? – JonathanReez Jan 17 '18 at 19:34
@JonathanReez: As others have pointed out, properly written software has an edge in some conditions. On the other hand, Perseus A crashed on a clear day in broad daylight, and even an inexperienced pilot would had performed better than this particular autopilot. – Peter Kämpf Jan 17 '18 at 21:18
Also, how would the radar altimeters know whether they're pointing straight down, or, instead, at an angle?

Vikki

Nov 15 '18 at 00:16

score 15 · Answer 4 · answered Jan 19 '15 at 20:35

15

Most new designs do not accept such inputs. That includes:

Airbus models from A320 onwards (includes A318 and A319 that are variants of A320).
Boeing models B777 and B787.
Sukhoi SuperJet Su100.

Airbus has roll limit 65°, not 45°, but it automatically returns to at most 33° without constant pressure on the stick. I can't find explicit pitch limit, but it has alpha-limit (angle-of-attack, depends on type, 17° for A320, pitches down not to exceed it), maximum speed and Mach limit (pitches up if exceeded) and minimum and maximum wing loading (vertical acceleration, -1G to +2.5G clean, 0G to +2G with flaps)

answered Jan 19 '15 at 20:35

Jan Hudec

56,247
12
155
268

2

But the direct law is enabled in many situations when the computer sees a problem and will accept any input. – Vladimir F Героям слава Jan 20 '15 at 10:19
1

@VladimirF: Depends. On Airbus it will degrade to alternate law where the stick deflection still correspond to vertical acceleration and roll rate (so they are still limited) unless the problem is with inertial reference. Boeing always interprets yoke deflection as control surface deflection, so it does not have alternate law. As for Su100, it aims for Airbus commonality, but it might differ in this; I don't know. – Jan Hudec Jan 21 '15 at 17:25
1

Airbus degrades to Alternate law (/w or w/out protections) after single or some dual failures when the computers can still figure out how to protect the aircraft. Some dual and most triple failure degrade to direct law. It's not about the control surface deflection (control law) but about computers having enough info to enact a protection – Radu094 Oct 04 '16 at 07:40

score 8 · Answer 5 · edited Jan 20 '15 at 18:09

The pilot must be trusted over anything else (and even Airbus planes accept any input in Direct law, Normal law doesn't always apply). Any unforeseen situation may arise during the flight. Computers cannot handle every abnormal situation.

A good example of such a situation is the case of FedEx Flight 705. The pilots were attacked with a sledgehammer by a hijacker. They would probably be dead, if not for the extreme maneuvers attempted. They pushed their DC-10 plane far beyond its limits (bank angle up to 140°, overspeed near mach 1.0). Had the computer prevented them to do this, the plane may have crashed and they'd be all dead.

score 5 · Answer 6 · edited Jun 19 '18 at 13:58

As an airline pilot (and test pilot) I like to keep my airplane under control (like all other airline pilots do). There is Boeing school and the Airbus school. Boeing airplanes will warn you not to get into those envelopes. Airbus won't allow you to get in that regime (envelope protection). In any case you can override that by changing law or disconnecting flight computers. In extreme cases where the situation is desesperate, I won't hesitate to overrule the computer and go into the extreme envelopes if I need to save lives. Bear in mind that everything in aviation is designed with a safety factor of 30% to 60% in some cases.

So to answer your question: You are at FL370, sipping coffee, you have a fire on board. The aircraft limits your vertical speed and speed during descent (or bank angle if you want to turn back). Would you be OK with such limits? Myself, no. We are paid big bucks in the front to make decisions.

Second scenario (fake). FL340, cruise, your TCAS failed but you don't know (like I said it is fake scenario). Suddenly you see the other guy heading towards you. Same FL. But your computer says "sorry you cannot pull hard because of the G protection", you hit the other guy: you are legally dead because you have not stressed the airframe.

Last example: Just after departing for a 16-hour flight you have fire in cargo. The fire extinguishing systems are unsuccessful. You must land, but you cannot because you are overweight (by 100 tons I would say at least). What would you do?

Hope I've triggered something about your question. BTW I'm on 777.

score 4 · Answer 7 · answered Jan 22 '15 at 10:22

A couple of reasons, but essentially it comes down to "Because sometimes it may be the lesser of two evils"

Instruments go wrong. Pitot tubes break, gyroscopes go wonky etc... Sometimes, the pilot really does know best. Autopilots disengage when they aren't sure what to do, the same applies to autopilots limiting the control in a fly by wire setup... what happens when the aircraft thinks it's stalling but it isn't? It tries to prevent the nose being raised, or actually lowers the nose, until the aircraft hits the ground.
A "virtually guaranteed stall" may one day be a better option than an "actually guaranteed collision" - if your choices are pull up hard or fly into a mountain, I'll take my chances with attempting to recover from a stall.

1 is unlikely (and considering how often aircraft fly under IFR, would likely affect the pilot the same as the autopilot), 2 is probably even more unlikely, but is the situation which would prompt thousands of "Why can't the pilot over-ride the autopilot?" questions.

At the end of the day, people still mistrust computers. They may get it right 99.9999% of the time, but they still can't "think on their feet" like a human.

Now, there are elements of this already in aircraft design. For example all modern airliners have audible/visual warnings when dangerous situations are presented (high sink rates, stall warnings etc). And Airbus goes further, using "fly by wire" controls which do indeed prevent most "normal" stall situations in what's called "Normal law". Airbus does, however, give final control to the pilot if the computer is not 100% sure of the situation.

score 3 · Answer 8 · edited Jun 17 '20 at 08:28

Another thing to consider is that knowledge required for controlling the aircraft is increasing with such systems in place.

There nearly was a plane crash in Germany some years ago (see this video showing the landing), when a plane was landing during strong side winds. The problem was that the flight controls reacted differently when the plane touched ground or not. That was not known by the pilots. They managed the situation, but it could have been easier for them with knowing that behavior. This behavior even was not documented in the manual.

EDIT:
From the investigation report (thanks to @DeltaLima): Section 3.1

The pilots could not have been aware of the specific flight system control response characteristics during a landing with a gusty crosswind und were, therefore, unable to incorporate it into their decision taking process.

And later on in this section

• When the left main landing gear first touched the runway, the lateral control system condition thus met all the requirements for the transition from Flight Mode to Ground Mode, so, the system switched from lateral Flight Mode to lateral Ground Mode even though the aircraft was once again in the air.

• The aircraft was designed so that the effect of lateral controls (along the longitudinal axis) would reduce by about one half of full deflection as soon as one main landing gear touched down.

• The reduced effect of controls was not documented in the system description and was unknown to pilots or the training department.

• During the landing, the aircraft's system behaviour contributed to a flight attitude which was unintended and undesired by the pilots and ground contact with the wingtip could not be prevented anymore.

Hello SpaceTrucker, welcome to Aviation.SE. I think you are referring to this accident, investigation report here. Feel free to include it in your post. — DeltaLima, Jan 21 '15 at 10:55

score 3 · Answer 9 · answered Jan 21 '15 at 22:15

One of the problems with commercial aircraft is the sheer number of hours of flight that any given aircraft type will see and the vast number of different conditions and failures that will inevitably arise during all that flying.

I had the job of writing the software that validated the control laws for the center of gravity management systems of several of these beasts. There's really no way to completely analyse all possible 'modes of flight'. The FCGMS system wasn't quite in the same category with the flight controls, but it WAS a 'safety of flight critical system'. There was a lot of validating involved, and this was just purely functional test, not all the vast array of unit level testing that went into the flight software. The thing is you have 20 boxes on these planes, all doing critical stuff, all built by different people, etc.

In the end someone has to be able to take hold of the stick and PULL UP! when its required and get a direct response. Its quite true that this capability might be as often detrimental, but you just cannot and never will be able to, completely analyse code and know what it will do when pieces are falling off the airplane.

score 2 · Answer 10 · answered Jan 20 '15 at 18:49

Let's think of this from a different angle. Sometimes it's not just pilot input that would put the plane into an unsafe attitude. Now if the plane is forced into a heavy bank, climb, or dive through external forces but the pilot is limited in what response he can give to the plane to adjust....

Also think of high fog and communication issues. and two planes are in risk of collision. The plane says to the pilot "nope you can't bank because that would put us at risk".

Under normal flying conditions, you'd want to fly within operating parameters. But when the proverbial stuff hits the fan, you want full control to attempt to avoid a tragedy.

Phil Frost · Answer 11 · 2015-01-20T21:08:06.873

Your question can be answered by a simple reductio ad absurdum argument. If the airplane knew what inputs were safe, then why have any pilot at all?

In fact modern commercial flights already pretty much fly automatically, and they do have mechanisms to avoid potentially dangerous inputs. The problem is that failure detection is hard because when something has failed, the system (by the definition of failure) does not have valid data to make decisions. It is the same reason crazy people may not know they are crazy. The pilot is there to make decisions in the face of ambiguity.

Of course sometimes the pilot makes the wrong decision too, and the airplane crashes. See Air France 447.

But more often they make the right decision, and everyone lives. See the Gimli Glider.

score 1 · Answer 12 · answered Apr 27 '15 at 00:51

Generally limiters are optimized and designed to fulfill a specific function or role relation such as the Airbus full stick aft to achieve max AoA during terrain avoidance. However, not all limiters are foolproof, despite what is advertised by the manufacturers. Limits can be exceeded depending on how the limiter functions and FCS are implemented eg using dynamic manoeuvres such as repeated pushing and pulling at reasonant frequency or sudden manoeuvres at speeds for which the FCS wasn't designed for or in degraded aircraft modes. Although these possibilities exist, they are usually not relevant because these are corner cases unlikely to be encountered.

score 0 · Answer 13 · answered Apr 27 '15 at 00:09

About the AF accident. The basic of flight: PITCH, POWER, PERFORMANCE. Meaning that when something is wrong you disconnect all automation and get manual control of the ship. The key beyond the PPP is that for almost any given situation applying a pitch, a power setting and a configuration (flaps, slats, gear....) you will kee you flying. With automation those things are long gone. During a flight, each hour I was writting down power setting, wind direction, temperature (among fuel and other legal stuff). Those whom started flying without autothrust and on turbo props know what it s like.

Hi, Houba. Welcome to Aviation.SE! It's great to have another ATP on board providing answers. Would you mind moving this answer into your other answer on this question (by editing the other one to copy this in and then deleting this one?) In general, SE sites discourage users from writing multiple answers to the same question. For more information about the practices here, see [ask] and our help center. — reirab, Apr 27 '15 at 05:51

score -2 · Answer 14 · answered Jan 22 '15 at 01:12

Pilots want to have control over the aircraft. Personally, if I was an ATP I would never fly an automated FBW aircraft like an Airbus for that exact reason.

You don't to be in a spin or death spiral and then find out you can't get out of it because "the computer will not allow that input", and trust me if you are in an aircraft that goes into a spin you most definitely want the pilot to have FULL control over the aircraft.

You may think: if the computer is controlling the aircraft it will never enter a spin. Not so. Some thunderstorms can arise very quickly and unexpectedly and are so violent they can force the aircraft into a spin or other attitude which the computer has zero chance of reacting to correctly. "Good" computers turn themselves off at that point.

The most advanced FBW aircraft have a feature called "automated recovery" which allows them to automatically recover from some stall conditions, but in extreme conditions the changes in attitude will be happening so fast that you need a human to do it.

Why do passenger jets accept input that will cause the aircraft to perform dangerous maneuvers it was not designed for?

14 Answers14

Linked

Related