Tag: Systems

Safety in numbers. Part 2

Previously, we walked on a path through some simple statistics as they relate to aircraft systems. Not wishing to sound like the next episode of a popular drama, the only recap needed is, that by making a few assumptions we showed that: where P is the probability of failure and n is the number of similar concurrently operating systems:

A total failure occurs at probability Pn

A single failure occurs at probability n x P

It’s as well to distinguish between the total system and the sub-systems of which it comprises. For example, we can have one aircraft normally operating with four engines. Here we can call each individual engine a sub-system. The word “simple” can best be applied for highly reliable sub-systems where there’s only a few and n is a low number.

Aviation is going through a period of great change. A big part of that change is electrification. Today, there are numerous Quadcopter designs. The name gives it away. Here we are dealing with 4 electric motors connected to rotors. Some new aircraft designs go much further with as many as 18 electric motors. That’s 18 similar sub-systems all contributing to the safe flight and landing of an aircraft.

Superficially, it would be easy to say that if n equals 18 then the chances of the failure of all propulsion simultaneously is astronomically low. That’s true but only if considering the reliability of the electric motors providing propulsion in isolation. Each electric motor makes a partial contribution to the safe performance of the aircraft.

Just as we have with fuel systems in conventional aircraft, in an electric aircraft, each of these sub-systems are dependent upon a source of power being provided. If the source of that power disappears the aircraft’s motor count becomes irrelevant. This is referred to as the consideration of common-mode failures. The electric motors maybe independent in operation but they are all dependent upon the reliable supply of electrical power.

Before a discussion of common-mode failures, let’s go back to the earlier maths. We can see that the loss of one electric motor, amongst 18 occurs with a probability of 18 x P. Unfortunately, in these cases the possible combinations of multiple failures increases.

Given that this subject is so much easier to discuss when dealing with small numbers, let’s consider the Quadcopter. Here there are 4 electric motors and 4 groups of distinct failure condition: 1 motor failed, 2 motors failed, 3 motors failed, and 4 motors failed. For the sake of argument let’s say they perform the same function and call them motors A, B, C and D.

Except for the case where all 4 motors fail, 3 cases produce an outcome with a reduced aircraft capability. We have the way of calculating the probability of total failure and a single failure so it’s the double failure and triple failure cases that are of interest.

Let’s step through the combination of double failures that can occur. Here they are A and B, B and C, C and D, D and A, A and C, B and D. There are 6 unique combinations that make up double failures.

Let’s step through the combination of triple failures that can occur. Here they are A and B and C, B and C and D, C and D and A. D and A and B. There are 4 unique combinations that make up triple failures. We can tabulate these findings for our Quadcopter motor failures thus:

SingleDoubleTripleTotal
4P6P24P3P4

There’s a nice pattern in this table of probabilities. The number of possible combinations of multiple failures grows as n grows.  

Now, we get more into the subject of combinations and permutations. The word “combination” is more often in common usage. When we use that word, it really doesn’t matter what order that any failures occur. Often combinations are like other combinations and so each may not be entirely unique in its impact on the flight of an aircraft. Hence the doubles and triples above.

With 4 electric motors there are 24 possible combinations. This is calculated thus:

n! = n × (n – 1) × (n – 2) × (n – 3)

This is pronounced “n factorial”. So, for n = 18 this gets big. In fact, it’s 6,402,373,705,728,000. 

However, as we have seen from the Quadcopter discussion it’s the grouping of failure conditions that we are often most interested in. Afterall, for safe flight and landing of an aircraft we need to manage those failure conditions that can be managed. At the same time reducing the probability of occurrence of the failure conditions that can’t be managed.

That’s a lot of work. It may explain the drive to develop autonomous aircraft systems. The case could be made that managing flight is impossible when subject to the vast array of potential combinations and permutation of failure conditions that can exist within a multi rotor systems, where n is large.

[Do you agree?]

Tea or Coffee

I’ll grab a newspaper and flick through the pages. I can almost guarantee in all the thousands of words use to describe the events of the week nowhere will you see the word “determinism”. Now, that shouldn’t surprise anyone. Or at least anyone who doesn’t spend their days in the systems engineering world. Yet, the basic idea of determinism is ingrained in everyday thinking.

Yesterday, I bought a new kettle. It works well. I can take cold fresh water from my kitchen tap, fill it to the two-cup line and press the button with confidence that within a couple of minutes I’ll have boiling water. Cause-and-effect are truly well connected. I pay my electricity bill and expect current to flow when the switch is thrown. I’d be really annoyed if my new kettle didn’t do what it said it would do on the box it was packaged in. My cup of tea is assured.

Now, let’s step into an imaginary future. Well, a future that not as imaginary as might first be thought. I’ll set aside my morning tea drinking habit and brew a coffee instead. I haven’t got one, but they are certainly being advertised. That’s a coffee machine that’s connected to the INTERNET[1]. It can be given voice commands to brew my favourite brew. It has an app where I can set-up my preferences. It’s a whizzy way to get an espresso.

I don’t say this function exists, only that as soon as the connection is made to an external service what happens next becomes just a little less predictable. A coffee machine with an integrated voice activation system will do as it’s told. At least we assume it will do as it’s told. Thus, cause-and-effect remain connected. Stand back. The door has now been opened. Let’s say, after I acquired the coffee maker the anxious manufacture changes the algorithm that runs the machine. They want me to drink the maximum number of their wonderful coffees but without going to the dark side.

Next time, I go for a smart espresso the machine talks back: “Are you sure? You’ve had 5 coffees already this afternoon.” I have no knowledge of, or control over the algorithm that’s coming up with this talk back. The question might be fair, sensible, and looking after my health but, in that moment, I have no ability to predict what the machine will do next. Will it let me carry on regardless? Or will it say: “No, you’ve had enough. Come back and talk to me in an hour.” The simple cause-and-effect relationship I have with my new kettle is no more. Without being warned, I’ve strayed into the world of non-determinism.

I think you can now appreciate the purpose of this short article. It’s to point out that our quaint classical deterministic world is going to go through a shakeup. Think of the scenario above for a car or an aeroplane. It’s not inevitably bad. In fact, non-deterministic systems offer huge potential benefits. My message is that we’d better be ready for all aspects of this transition.

I’ve made the contrast between either one or the other. In realty, there will be a fuzzy zone between what’s deterministic and what’s non-deterministic. The tea or coffee drinker may have a choice in different places at different times for different reasons.

[1] https://www.lavazza.co.uk/en/landing/voicy.html