With all the discussion concerning failure(s), failure modes and the like I would like to present another view point---NO Failure at all. What about the possibility that everything is working per design intent. Most unlikely but up for discussion to toss around. One system *Control System* unable to cope with the normal transient behavior of the engine and as a result it goes into a failure mode reaction; the rest is history. Example of what I'm trying to get across--Improved components allowed for a faster acceleration from Idle to 100% speed (jet engine). Within the (electronic portion of) control system was an Overspeed limit of 3% above set point. The control system -a bit out dated at this point- was unable to cut the fuel back fast enough to prevent the engine from going over the 3% limit. As a result it triggered failure mode logic that caused repetitive large amplitude speed cycling that could only be terminated by pulling back the throttle. The practical solution, in this case, was to soften the failure mode logic such that the reaction to the overspeed was a few low amplitude speed cycles that ended within a couple of seconds and was basically undetectable by the pilot. As noted--probably unlikely in the run-a-way acceleration fiasco but until Toyota comes up with a software/hardware failure mode anything is possible. MLD
- posted
14 years ago