Aircraft engineered with failure in mind may last longer

June 15, 2012 by Jennifer Chu, Massachusetts Institute of Technology
Aero/Astro professor Olivier de Weck surveys aircraft blueprints in MIT's Neumann Hangar. With de Weck's new new approach, engineers may design airplanes to fly in the face of likely failures. Photo: Dominick Reuter

Complex systems inhabit a "gray world" of partial failures, MIT’s Olivier de Weck says: While a system may continue to operate as a whole, bits and pieces inevitably degrade. Over time, these small failures can add up to a single catastrophic failure, incapacitating the system.

“Think about your car,” says de Weck, an associate professor of aeronautics and astronautics and engineering systems. “Most of the things are working, but maybe your right rearview mirror is cracked, and maybe one of the cylinders in your isn’t working well, and your left taillight is out. The reality is that many, many real-world systems have partial failures.”

This is no less the case for . De Weck says it’s not uncommon that, from time to time, a plane’s sensors may short-circuit, or its rudders may fail to respond: “And then the question is, in that partially failed state, how will the system perform?”

The answer to that question is often unclear — partly because of how systems are initially designed. When deciding on the configuration of aircraft, engineers typically design for the optimal condition: a scenario in which all components are working perfectly. However, de Weck notes that much of a plane’s lifetime is spent in a partially failed state. What if, he reasoned, aircraft and other could be designed from the outset to operate not in the optimal scenario, but for suboptimal conditions?

De Weck and his colleagues at MIT and the Draper Laboratory have created a design approach that tailors planes to fly in the face of likely failures. The method, which the authors call a “multistate design approach,” determines the likelihood of various failures over an airplane’s lifetime. Through simulations, the researchers changed a plane’s geometry — for example, making its tail higher, or its rudder smaller — and then observed its performance under various failure scenarios. De Weck says engineers may use the approach to design safer, longer-lasting aerial vehicles. The group will publish a paper describing its approach in the Journal of Aircraft.

“If you admit ahead of time that the system will spend most of its life in a degraded state, you make different design decisions,” de Weck says. “You can end up with airplanes that look quite different, because you’re really emphasizing robustness over optimality.”

De Weck collaborated with Jeremy Agte, formerly at Draper Laboratory and now an assistant professor of aeronautics and astronautics at the Air Force Institute of Technology, and Nicholas Borer, a systems design engineer at MIT. Agte says making design changes based on likely failures may be particularly useful for vehicles engineered for long-duration missions.

“As our systems operate for longer and longer periods of time, these changes translate to significantly improved mission completion rates,” Agte says. “For instance, an Air Force unmanned aerial vehicle that experiences a failure would have inherent stability and control designed to ensure adequate performance for continued mission operation, rather than having to turn around and come home.”

The weight of failure

As a case study, the group analyzed the performance of a military twin-engine turboprop plane — a small, 12-seater aircraft that has been well-studied in the past. The researchers set about doing what de Weck calls “guided brainstorming”: essentially drawing up a list of potential failures, starting from perfect condition and branching out to consider various possible malfunctions.

“It looks kind of like a tree where initially everything is working perfectly, and then as the tree opens up, different failure trajectories can happen,” de Weck says.

The group then used an open-source flight simulator to model how the plane would fly — following certain branches of the tree, as it were. The researchers modified the simulator to change the shape of the plane under different failure conditions, and analyzed the plane’s resulting performance. They found that for certain scenarios, changing the geometry of the plane significantly improved its safety, or robustness, following a failure.

For example, the group studied the plane’s operation during a maneuver called the “Dutch roll,” in which the plane rocks from side to side, its wingtips rolling in a figure-eight motion. The potentially dangerous motion is much more pronounced when a plane’s rudder is faulty, or one of its engines isn’t responding. Using their design approach, the group found that in such partially failed conditions, if the plane’s tail was larger, it could damp the motion, and steady the aircraft.

Of course, a plane’s shape can’t morph in midflight to accommodate an engine sputter or a rudder malfunction. To arrive at a plane’s final shape — a geometry that can withstand potential failures — de Weck and his researchers weighed the likelihood of each partial failure, using that data to inform their decisions on how to change the plane’s shape in a way that would address the likeliest failures.

Beyond perfection

De Weck says that while the group’s focus on failure represents a completely new approach to design, there is also a psychological element with which engineers may have to grapple.

“Many engineers are perfectionists, so deliberately designing something that’s not going to be fully functional is hard,” de Weck says. “But we’re showing that by acknowledging imperfection, you can actually make the system better.”

Jaroslaw Sobieski, a distinguished research associate at NASA Langley Research Center, views the new design approach as a potential improvement in the overall safety of aircraft. He says engineering future systems with failure in mind will ensure that “even if failure occurs, the flight operation will continue” — albeit with some loss in performance — “but sufficient to at least [achieve] a safe landing. In practice, that alternative may actually increase the safety level and reduce the aircraft cost,” when compared with other design approaches.

The team is using its approach to evaluate the performance of an unmanned aerial vehicle (UAV) that flies over Antarctica continuously for six months at a time, at high altitudes, to map its ice sheets. This vehicle must fly, even in the face of inevitable failures: It’s on a remote mission, and grounding the UAV for repairs is impossible. Using their method, de Weck and his colleagues are finding that the vehicle’s shape plays a crucial role in its long-term performance.

In addition to lengthy UAV missions, de Weck says the group’s approach may be used to design other systems that operate remotely, without access to regular maintenance — such as undersea sensor networks and possible colonies in space.

“If we look at the space station, the air-handling system, the water-recycling system, those systems are really important, but their components also tend to fail,” de Weck says. “So applying this [approach] to the design of habitats, and even long-term planetary colonies, is something we want to look at.”

Explore further: Using a phone to fly a drone (w/ video)

Related Stories

Using a phone to fly a drone (w/ video)

November 8, 2011

Imagine controlling an airplane in flight just by holding your iPhone out in front of you: tilting it in the direction you want the plane to travel, or raising it to make the plane fly higher. Or tapping a point on a map ...

3 Questions: John Hansman on the Qantas A380 engine blowout

November 15, 2010

Last week, a Qantas Airbus 380 superjumbo jetliner made an emergency landing in Singapore following the mid-flight explosion of one of its engines that is manufactured by Rolls-Royce. All flights of Qantas’s A380 aircraft, ...

Clearing the decks

August 3, 2011

On the deck of an aircraft carrier, where up to 60 aircraft are crammed into 4.5 acres (1.8 hectares), real estate is at a premium. While aircraft directors wave fighter jets out of the landing strip, maintenance crews work ...

Stealth unmanned combat vehicle makes first flight

May 4, 2011

Looking like something straight from a 1950’s science fiction magazine, the stealthy Phantom Ray unmanned airborne system (UAS) successfully completed its first flight on April 27, 2011 at NASA’s Dryden Flight Research ...

Former astronaut criticizes NASA's current course

May 15, 2012

Former NASA astronaut Story Musgrave is neither happy nor excited about the current state of the space administration or about the commercial COTS (Commercial Orbital Transportation Services) program. He’s not happy, ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

2 / 5 (5) Jun 15, 2012
Helloo? Planes are currently being designed with failure in mind. 2 engines vs 1 big engine. Multiple hydraulics/wire systems. Lighting strike protection. Etc...
In military world: loosing 1 unit does not compromise a mission. Army of 2.
5 / 5 (1) Jun 15, 2012
infinite -

Yes thats true that plane have redundant systems. However what they are describing now is more than just fault tolerance, it is fault bypassing. If a rudder works well, up until you have a weird combination of hydraulic and engine failure, then they need to design the rudder to work with this odd but possible failure scenario. Basically they are taking redundancy to the next level.
1 / 5 (1) Jun 15, 2012
If a rudder works well, up until you have a weird combination of hydraulic and engine failure, then they need to design the rudder to work with this odd but possible failure scenario. Basically they are taking redundancy to the next level.

The currently available planes live for some 70000 compression-decompression cycles. Most of other components have longer lives.
There is this thing called metal fatigue that killed the Comet.
The fact that drones have only one engine proves that engine failure is a very remote event.
3 / 5 (2) Jun 15, 2012
You got to trust technology. When was the last time you heard/read about a free-falling defect elevator?
Most airplanes will break if extreme maneuvers are performed with them.
Lex Talonis
1 / 5 (1) Jun 17, 2012
It's very clever, creating branches of predictable failures and combinations of them, in different circumstances, to root out "the odd stray nasties" in the matrix.

1 / 5 (1) Jun 18, 2012
Have you heard of the wonderful one-horse shay,
That was built in such a logical way
It ran a hundred years to a day,
And then, of a sudden...
Oliver Wendell Holmes

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.