Null references (oh no, not again!)

Walter Bright newshound1 at digitalmars.com
Thu Mar 5 22:05:37 PST 2009


Georg Wrede wrote:
> Yup. That's what McDonnell didn't do with the DC-10. They were crashing 
> mysteriously in mid-fligt, and nobody survived to tell.
> 
> The DC-10 had three entirely separate steering systems: a mechanical (as 
>  in wires from cockpit to ailerons), a hydraulic one, and an electrical 
> system.
> 
> After a superior pilot(1) actually brought his plane home after disaster 
> struck, it was found out that the reason to all the crashes was a cargo 
> door lock, which could be shut carelessly and then, if the ground guy 
> was strong enough, lock the latch by force, leaving it only partly 
> locked. Once in the air, the airpressure blew the door open, resulting 
> in the passenger floor collapsing, and shredding the steering systems.
> 
> The "non-Boeing" designers had drawn all three steering systems next to 
> each other, above the cargo door, below the passenger floor.

I started at Boeing soon after that incident. Boeing was very proud that 
they ran one set of controls under the floor, and the other overhead. 
Such a failure mode wouldn't happen to our plane.

This kind of thing is called "coupling", where a single problem could 
bring down both supposedly independent systems. It's a hard thing to 
avoid. For example, in the recent Hudson crash, the engines are designed 
to be thoroughly independent, so one failure won't propagate to the 
other. But criminy, who'd have thought birds would be sucked into *both* 
engines at the same time?


> My father was an airline pilot, who had participated in crash investigations.

How ironic, my dad was a military pilot who also did crash investigations!


> PS: it turned out that the DC-10 can be flown without flight controls. 
> Since the three engines make a triangle (as looked at from the front), 
> one can control the plane enough. The engine controls were not drawn 
> next to the cargo door.

The Sioux City crash, which was a DC-10, amply demonstrated that it was 
possible even with only 2 of the 3 engines working! The tail engine 
failed and took out the hydraulics and the flight controls - another 
coupling point it shouldn't have had.

There's a case of an L10-11 that lost all flight controls (ice) and 
landed the thing by manipulating engine thrust.

After the S.C. crash, controlling the airplane via the engines was added 
to the autopilot, I believe, as then the pilot could just use the 
joystick and the autopilot would translate that to engine throttle changes.

Related to this is the idea of checklists. Checklists dominate flying, 
and they have a well-proven efficacy in improving safety. Recent trials 
in hospitals with checklists have shown dramatic improvements in results.



More information about the Digitalmars-d mailing list