I don't know about the s/w upgrade, but I do know that both EECs were trying to demand a fuel flow that related to the aircraft inputs. From the engine point of view, they were operating as they should for the amount of fuel that was being delivered from the FMU.

The problem seems to be that there was not enough fuel flow available for the engines to reach the desired thrust. The fuel system from each engine is being checked, but it seems unlikely that two engines would suffer fuel system faults at almost exactly the same time.

I know that there has been talk of possible fuel waxing problems - apparently the flight had passed through some very cold weather (-70degC), and following the decent, this may have affected the properties of the fuel. There are systems in place to prevent this being a problem, I imagine that these are also being looked at......

If the landing gear was still up then it would have been the best thing to delay lowering it. I would be surprised if it had not been down already though, normally the pre-landing checks which includes gear down are completed before descending on the glide path to avoid further distraction during the approach. I somehow doubt that he would have selected the gear back up at 2 miles and then down again since the time for it to travel each way would have been too short with only about 40 seconds to go before touchdown. Selecting flap up from approach flap would have reduced the drag significantly however. It would also mean a higher touchdown speed as well though except that lowering the flaps again to clear the airfield fence was very good thinking. Normal advice for a crash landing is with the gear down as a shock absorber.

As BIJ said-excellent teamwork and flying to save the day.

Les

The same principles of software & hardware independence would apply to a software upgrade, in other words there would be different software on different hardware channels to avoid common mode failure. One of the reasons that safety critical systems cost so much is that they will have separate teams of software engineers, each writing code for the FADEC. Therefore in the unlikely event that a bug finds it's way to an aircraft from one software development team, the bug won't exist in the other software build.

Same is true of any hardware updagrade.

If, as has been reported, it's true that the aircraft experienced exceptionally cold conditions on the run from Beijing (and I mean colder than a 777 has experienced in the last 10 years !) then that could point towards a fuel icing problem.

I don't know when they would usually extend landing gear. The engines were still running so they had sufficient hydraulic power to retract if they wanted to. One consideration nowadays about when to lower the gear is noise, a significant proportion of noise on descent comes from aerodynamic turbulence coming from landing gear.

Is that really true or an urban myth.

Would make first line maintenance a right pain ... "yep, we've got a spare ECU but we can't fit it 'cos it's got the same s/w as the other ECU already fitted"?

When I worked with assuring the safety of flight safety critical software (some years ago I must admit - Tornado TFR and Main Computer and some of the early helicopter FADECs) although there were multiple boxes at each processing point, sometimes with downstream 'majority voting' systems, there was only ever one version of the software.

And do they use completely different hardware as well - by extension, if they do it for software, they should do it for hardware as well as there will be common mode safety critical failures at the hardware level.

Any safety critical software development will have to follow D0178-B or later standards. There is more than one way to achieve independence of software development, but completely independent software development groups is what was used on Eurofighter. As for the FADEC hardware, there will be one part number but internally there will be completely independent hardware channels, so there is no extra maintenance overhead.

Working in Osterley, next to the approach path, I can confirm that aircraft coming in are dangling the dunlops at around 5 miles/1500'

SB

Regarding the EEC software & hardware - exactly the same standard is used for each channel. In fact, some of the pressure sensors fitted as part of the EEC are common to both channels (HP compressor delivery air, for one). The software is exactly the same in each channel, and the EEC would probably struggle to operate properly if different s/w standards were uploaded, because of the amount of cross-checking between the two lanes. Incidentally, the s/w for the early Trent engines (700, 800 and 500) easily fits onto a single 1.44MB floppy disc!

The base software is verified as part of the engine certification programme, although minor tweeks are added during the life of the engine, mainly to prevent nuicance maintenance messages flagging. Any recoding of the control software would require an engine test. As well as engine testing, there is also a large amount of static testing using simulators - it is because of this extensive checking of the code that only one team is required to write it.

The hardware is common to both channels and is generally low-tech, using descrete components to ensure reliability (the Trent 500 uses a 386 core processor for example). However, both channels are physically separated by a firewall within the EEC box and have different power supplies.

Also, when the EEC is powered-up, the lane that is in control alternates, so that Lane A will control one flight, Lane B the next, then Lane A again the following flight - this ensures both channels are fully operational in the event one should suffer a problem in flight. (ie; both channels have full authority, there is no 'back-up' channel.)

Well there you go - clear as mud ;)

Could even have been some kind of RF interference perhaps. I know that a Tornado lost its control systems due to a transmission from the Radio Free Europe mast. I would expect it to be adequately shielded of course but RF energy can do funny things sometimes. Could even have been a passenger's mobile phone!!!

Les

:eek: Good job Saddam did not have any of those the last time we were over there :eek:

The control system was operating as designed:- the aircraft output for more thrust was read by the EECs, and the EECs demanded more fuel. It seems that there was not enough fuel available to make the engines increase thrust.

I read an article which Mrs Leslie has chucked away, but it reported that there have been something like half a dozen or so failures of demanded fuel flow on the 777 to date and they saw no reason to ground the aircraft. I thought that they discovered early on that there was plenty of fuel in the tanks, so I wonder why it was not able to reach the engines. I would find that a bit of a worry myself!

Incidentally if the Tornado computed control system gets knocked out, the system will revert to straight mechanical control of the hydraulic units for the individual flying controls. It feels a bit twitchy, but perfectly flyable.

Les

<Cue Boeing Engineer Posting on "Boeing-Net" asking about fuel surge>

;)

yeah, its the left handers you have to watch for :lol1:

That was the GE90 engines Les , not the RR ones fitted to this aircraft.

Would it matter which engines? If there was a problem supplying fuel, surely it wouldn't matter which engines didn't get it?

I think this theory has been offered up already by Les...

He might have a point.

Thanks-did not realise that.

Les :)

It was someone else who made that point but yes I agree that something like that could have happened but also if there was an actual interruption of the fuel flow the engines would be likely to flame out relying on the auto ignition to get them going if the fuel started to flow again in sufficient quantity before the RPM reduced by too much. That would be pretty unnerving too!

I hope they publish a report soon so that we know what really happened anyway.

Les

In that case, Nokia are gonna have to re-think their motto, from:

"Connecting people"

TO

"Disconnecting engines!" ;) :D

Really gets on my goat when people don't adhere to requests not to use a mobile or try and get around the no-smoking rule: the height of pig-headed selfishness in my view!!