In this chapter, there has been presented destruction estimation models of construction elements of aircraft in different cases of the state of readiness. The following cases have been examined: when a diagnostic parameter indicating the state of readiness exceeds critical point; when unexpected failure occurs as a result of overload impulse; when a diagnostic parameter increases and as a result premature failure occurs; when damage can be indicated with a diagnostic parameter and an unexpected failure may occur. Differential calculus of Fokker-Planck type has been used in creating the model. Second part of the chapter includes a method of probability and risk evaluation of technical damage to functional-relief (redundant) systems using the Poisson model. The chapter raised the problem of diagnosis errors and erroneous usability evaluation, and describes the example of a real event of an aircraft landing without the released landing gear as a consequence of an erroneous diagnostics. The rescue process in a situation of an aviation accident hazard was described briefly.
- protective systems
In this chapter, the concept of a hazard in transport systems will be restricted and limited to the aviation technology. It is also assumed that these threats will be related to the possibility of the occurrence of catastrophic and signalled damage due to technical reasons caused by destructive processes, which appear during the aircraft operation. The current aircraft is characterised by a high level of reliability and durability. The reliability and durability tests of aviation technology are carried out in two different ways. The first way involves station tests of the selected units of objects and construction systems under simulated loads and operating conditions, while diagnosing the technical condition and recording data on the course of destruction processes.
The second way is to use an external central computerised system of monitoring and analysing the operation process of the entire set of objects, including a system of recording operational events and an information processing system. The system of recording information obtained during diagnostic checks and detected damage divided by types, symptoms, causes and effects is of particular importance. The recorded data are used for determination of the reliability and safety characteristics, and provide the opportunity to estimate a functioning resource.
2. Safety hazard due to sudden and developing damage in transport systems
Despite many efforts in the processes of designing and implementation of new aircraft constructions, the occurrence of not signalled (sudden) damage, the effects of which are serious, took place. They may occur in the process of operation for many reasons, and mostly due to the lack of complete recognition of many processes that take place during the aviation equipment operation. So far, there has been also a lack of methodology for optimal shaping of construction elements based on destruction models, which would take into account all possible types of their loads and assessment of the environmental impact effects in the long-term operation.
For example, it is possible to distinguish some causes of sudden (catastrophic) damage. They are as follows :
The loss of the volume strength of the element, which can be damaged as a result of the occurrence of excessive permanent deformations, the occurrence of an ad hoc crack, or a fatigue crack, which exceeded the critical value.
The loss in material properties in the construction elements as a result of functioning of ageing processes.
The loss of the element’s usability as a result of the surface wear or the inclusions of foreign matters between the cooperating elements.
The random increase in the concentration of vapours of chemicals and the occurrence of circumstances conductive to uncontrolled explosions.
The random shortcuts in the electronic circuits.
All the causes leading to catastrophic damage are the subject of numerous experimental and theoretical considerations.
The occurrence of catastrophic damage to the aircraft equipment usually results in serious failures or catastrophes and large losses. Therefore, it is necessary to estimate the risk of incurring these losses.
The term of risk is understood as the probability of the occurrence of critical damage or an adverse event in case of the occurrence of losses. In our case, a negative phenomenon will include the occurrence of catastrophic damage to aircraft. The level of the accepted risk of negative events is determined by the frequency of their occurrence and costs. In Figure 1, a method for determination of the accepted risk range is presented.
where R(t)—probability of failure to the catastrophic damage occurrence.
E[O]—expected value of the cost of developing the construction and reliability test (in order to eliminate catastrophic damage).
E[S]—expected value of the risk resulting from the frequency of the failure and losses as a result of the occurrence of catastrophic damage in the operation process.
E[K]—expected value of the total cost E[K] = E[O] + E[S].
Figure 1 shows the possibility of moving from the zero-risk policy of a threat to the ‘acceptable’ risk policy based on the principle ‘as low the risk, as it is reasonably achievable’.
The basis for estimating the risk of threat is a forecast of the occurrence of negative phenomena during operation resulting in catastrophic damage.
In this chapter, the selected models, which can be used for estimating the reliability and risk of the occurrence of catastrophic damage in the accepted time period of the device operation, will be presented.
3. Types of damage causing threats and models for assessing the probability of their occurrence
3.1. Classification of construction systems and wear processes
By assumption, the aviation technology has high reliability requirements, which, in practice, are implemented through special inspection procedures and appropriate design solutions involving the introduction of excesses of structure, strength, power, information, etc. The structural excess is characterised by elements or functional systems, basic and reserve-protective ones. After damage to the basic system, the protection systems start functioning. It ensures a high safety level of aircraft flights, which is one of the most important issues in the air transport. Despite these protections and great efforts of technical services, the failures that cause accidents occur.
The protecting systems constituting the reserve of basic systems significantly increase the production costs and reduce the overall performance, such as capacity, range, fuel consumption, etc. They also require special treatment in the operation of aircraft, so that they have very high probability of correct functioning at the very low probability of use.
The accuracy of continuous or periodic identification of the state of usability is an important issue. The person stating the state of usability of basic and reserve technical systems can make two types of errors:
an error of the first type consists of qualifying the usable device as unfit;
an error of the second type consists of qualifying the unfit device as usable;
The result of the erroneous statement on the system activating the emergency release of the landing gear was the emergency landing of PLL LOT plane,
The wear and ageing processes of various elements are correlated with time or the functioning duration, or with calendar time in a varying degree. Generally, the construction elements and functional systems may be classified into three types:
Elements having strongly correlated parameters determining the state of usability with the functioning duration or time, which can be identified with the existence of the memory related to the past.
Elements having poorly correlated parameters of the state of usability with the functioning duration or time, which imply weak relationships of operating time with the technical condition change, wear and damage.
Elements without correlation with the operating time, number of activation, or other measure of the functioning duration, with randomly occurring damage.
3.2. Elements strongly correlated with functioning time
In case of elements of the first group, it is possible to create the technical condition trajectory and to expect a moment of time, in which the limit state will occur. It is also possible to predict a moment of the element or unit secure taking out of service. In this case, a process of damage can be described with a suitably selected model for normal distribution, even with a small variance . The suitable quantile of the random variable of functioning duration between damage can be a basis for developing a programme of diagnosing, maintenance and repairs. This group of elements can include slide bearings, gears, tyre treads of gear wheels, etc. A good model describing the time of the correct operation is normal distribution.
3.2.1. Normal distribution
The normal distribution sometimes constitutes limit distribution, to which many other types of distribution asymptotically approach in the operational processes of devices, together with an increase in the number of experiments. Based on operational tests, it can be concluded that the normal distribution provides an approximate (asymptotic) description of the random variable of T time of proper operation of the device’s element to damage, and it can be used when the element’s wear and ageing parameters create a continuous random process to achieve the limit state.
The random variable of T life time of tested objects has normal distribution, if its probability density is given by the following formula:
where m = E(T)—expected value and —variance of the random variable are the distribution parameters.
The shape of f(t) density function curve of normal distribution characterises the population of objects in terms of homogeneity. The homogeneity of the population of the same elements of devices in terms of their durability in operation is represented by the coefficient of variation v = σ/m (Figure 2).
For v small values, it is possible to accurately predict the moment of time for achieving the limit state in the operating time interval (0, t),
The reliability function value is calculated as follows:
In order to simplify the calculations in practice, the so-called standardised variable is adopted:
it indicates a number of average (standard) deviation in terms of which the random variable Tt being the implementation of life time of the particular i element differs from its expected value m = E(T).
With t = m + σu, taking into account that dt = σdu, the above formula is as follows:
However, the formula for the reliability function is as follows:
Due to the fact that the integral
and the function
are called the Laplace function (integral), the final form of the equation of the reliability function will be as follows:
The above presented formulas for normal distribution of life time of the aircraft elements provide the right accuracy of calculations at a high degree of homogeneity of a feature and tested objects, which is characterised by small deviation values and the standard one, that is, when the expected value E(T) = m, where , is practically accepted.
In these cases, for which , it is recommended to use truncated normal distribution with the parameters of m, σ, for which the probability density function is as follows:
where m means the average life time of the object to damage, t means a current variable, means a variance, while σ > 0 and t > 0, and a constant is determined on the basis of the following formula:
The use of the truncated normal distribution in the reliability tests of technical objects has the following practical sense. The equation for the density function of the normal distribution applies for all t values, from to . In the operational reliability tests of cars and their elements, there is always the relationship that t > 0, for which the density function is given by the above formula
however, R(t) reliability function is provided by the following formula:
substituting these figures, it is possible to obtain:
The solution of the above integral includes the expression:
3.3. Elements poorly correlated with functioning time
The second group includes elements and structures operating in the variable conditions that are subject to the material fatigue, vibration, corrosion, etc. The process of damage to the other group’s elements can be described by the models with variable parameters and high dispersion, such as: gamma, log-normal, Weibull and others . The selection of operating programmes is very difficult, especially in cases of aviation technology, where the failure of a function of the object’s construction system threatens the safety of people, the environment or causes significant material losses. In this case, it is important to apply the density of services, matching them to the damage threatening the safety or the most common ones.
With the development of the construction, it is important to mount the diagnosing systems for tracing (monitoring) the technical condition and signalling the pre-failure states in the units and functional systems. A certain way out of the situation involves monitoring of the course of induced forces with the use of a system of recorders adapted to record all relevant operational events, especially those threatening the safety of use. With the diagnosing and IT system for monitoring the state and the process of damage, it is possible to determine the area, in which the technical condition trajectory is placed, or to identify the durability resource.
3.3.1. Gamma distribution
In this distribution, it is assumed that for randomly selected moments of t time in the object, the energy with the same value of individually operating induced forces (external loads) is cumulated, and that after putting k number of induced forces, the object is damaged.
The density function of this probability is as follows:
k—number of events enforcing the ageing process, the cumulated effects of which cause the occurrence of damage in the object,
—gamma function is determined by the following formula:
For total k, there is the relationship:
and the gamma distribution is called the Erlang distribution.
In this case, F(t) distribution function has the following form:
In Figure 3, the gamma distribution density for various values k and λ was presented. At the same time, it is characteristic that the individual induced force (load) action results in the aircraft ageing (or increase of the energy cumulated in it in a stepped manner). The individual increase of effects of such an induced force has a constant value. Furthermore, the probability of the occurrence of the aircraft ageing increases in the time interval (t, t + Δt):
does not depend on the number of such increases, which occurred in time preceding t moment. In other words, the condition ‘without consequences’ that is significant for the simple Poisson’s stream of damage is assumed. The above assumptions remain valid also for the normal distribution.
In case of the assumption that SG is a maximum permissible level of cumulation of n(t) stimuli, which result in ageing of a tested element of the aircraft and that for the number of stimuli
this object becomes unfit for further correct operation in the system, k number of induced forces, the cumulated energy of which is necessary for causing its damage, is calculated from the following relationship:
where y means the value, by which the ageing takes place (e.g., wear) of the element in a stepped manner under the impact of a single stimulus. However, λ magnitude is characterised by the average intensity of the aircraft ageing:
By using the formula for the function of F(t) cumulated density of damage and R(t) = 1 − F(t) relationship, the element’s reliability function for the Erlang distribution will be expressed by the following formula:
The expected value E(T), D2(T) variance and v(T) coefficient of variation for this distribution is as follows:
3.4. Elements without correlation with operating time
The elements of the third group are subject to the exponential reliability law, in which the constant intensity of damage is assumed. The damage have a random nature and most often come from:
manufacture errors (material and technological errors);
overloads of a different nature;
non-compliance with the instructions for use or operation technology.
The elements of the third group include bodies, glass housings and covers made of plastic, electronics components, etc.
3.4.1. Exponential distribution
If (T) time of correct operation to damage is recorded in a continuous manner and the intensity of damage is constant and does not depend on time in the entire interval (0, t), that is,
the exponential distribution is used.
The F(t) distribution function of this distribution of (T) time of the correct operation in the interval (0,t) is calculated on the basis of the following relationship:
and f(t) function of distribution density for t > 0 is calculated on the basis of the relationship:
—means the distribution parameter (intensity of damage).
Moments of the exponential distribution are given by the following formula:
The equality is true only for those elements of the device, for which the intensity of damage in the entire range of operation (0, t) is constant, and therefore, it does not increase or does not decrease with time of operation. The value of parameter affects the shape of the exponential distribution density curve presented in Figure 4.
When t < 0, the function is f(t) = 0,
When (Tk) time of proper operation to damage is treated discretely  (e.g., by K−1 number of activating the object without damage to the moment of K activation, during which the failure will occur). Then, the geometric distribution is used. The F(t) distribution function of (Tk) time for proper operation is calculated in the following way:
p—means the probability of damage to the unit at K activation, it can be also calculated from the relationship providing the approximate values:
—expected value of time of proper operation to damage.
Therefore, for the purposes of operation, it is possible to use the following formula:
In relation to the fact that F(t) distribution function is the complement to the reliability function unity:
then, R(t) for the geometric distribution is:
and for the exponential distribution, R(t) is:
In Figure 5, the reliability functions of the geometric distribution and the exponential distribution were presented. In the first case, the graph constitutes a step curve. However, the second graph constitutes a continuous curve. It was assumed that the parameters p and of both functions are the same, and their value is p = = 0.1.
Another way, which makes it possible to estimate the probability values of the occurrence of catastrophic damage in the aircraft devices, can include the use of models, including the limit state.
4. Estimation of the average number of the aircraft failure within a given period
A quantitative description and probability evaluation of damage to the basic and protection systems of the aircraft can be carried out in accordance with the postulates of the Poisson process .
probability of damage is directly proportional to the length of the concerned time period and the number of operated aircraft;
proportionality factor identifying the risk of damage is constant;
The following system of equations is right:
—probability of non-occurrence of damage to basic and protection systems in the time interval of ;
, (i = 1,…n)—probability of the occurrence of ‘i’ number of damage in the time interval of ;
—number of operated aircraft, in which the considered damage may occur;
—proportionality factor that represents the damage risk;
—adopted time interval of aircraft operation (or the aircraft’s flying time length).
By dividing Eq. (37) by and going to the border with , it is possible to obtain the following system of equations:
For the system of equations (38), the initial conditions are as follows:
Equation (38) is a linear differential equation and it is solved recursively. First, is found. By having the knowledge of , then, is determined, and so on.
The solution of the system of equations (39) takes the form of:
The probability that n damage requiring the launch of protection systems will occur in the time interval (0,t) is described with the Poisson distribution, whereas the role of the expression ‘’ is replaced with the following magnitude due to the low frequency of the occurrence of this type of damage in the process of the aircraft operation.
The integral can be replaced with the following total:
N—number of aircraft operated within the considered time;
—flying time of the aircraft within the considered time.
For a single aircraft, the probability of the damage occurrence during the considered t flying time will be:
q1—probability of damage in one aircraft;
t—aircraft’s flying time.
Since λ risk of damage to both systems (basic and protection) that causes the failure is low, the expression can be expanded into a power series.
With the relationship (44), it is possible to estimate the probability of the failure occurrence in a single aircraft.
The probability of correct aircraft functioning is expressed by the following relationship:
In order to estimate the average number of failures during a given period for the operated aircraft park, the following relationship can be used:
ti—flying time within a given period of i aircraft
N—number of operated aircraft.
We are often interested not only in the probability that n damage will occur for given flying time, but in the magnitude of λ coefficient characterising the intensity (risk) of the damage occurrence. In order to determine the estimator of λ parameter, a maximum likelihood method will be used. It should be supposed that we observed and recorded the occurrence of damage in several separate time intervals, when the aircraft’s flying time was: t1, t2,…, ti. As a result of the observation, the following was obtained:
in the interval (0, t1), n1 of damage occurred;
in the interval (t1, t2), n2 of damage occurred;
in the interval (ti−1, ti), ni of damage occurred;
The probability of the occurrence of the said number of damage, that is, n1+ n2 +…+ ni during operation with the intensity of their occurrence of λ is expressed by the relationship:
The above recorded probability, considered as a function of λ variable, at defined is called the likelihood. Currently, such a value of λ, for which L likelihood adopts the greatest value, is found. For this purpose, relationship (47) is subjected to logarithms and a derivative in relation to λ, which is equated to zero, is calculated. By solving the obtained equation in this manner, it is possible to find the relationship for λ.
With the help of the relationship (49), the estimator of λ coefficient with the use of the maximum likelihood method is determined.
Hence, relationship (47) takes the following form:
t—aircraft’s flying time within the year.
Relationship (50) makes it possible to estimate the probability of the damage occurrence in a single aircraft within a given time interval.
5. Catastrophic damage model of the device including the limit state
These models can be used for determination of the probability of the occurrence of various negative events in the devices for the following cases:
when the parameter, specifying their state, will exceed the limit state;
when a chance of the catastrophic damage occurrence is constant along the increasing parameter, which evaluates its state;
when a chance of the catastrophic damage occurrence increases together with an increase in the parameter, which evaluates its state;
when the parameters determining a chance of the damage occurrence constitute random variables.
It is assumed that:
The device’s technical condition is determined by one dominant diagnostic parameter. Its current value is determined by .
A change in the diagnostic parameter value occurs only during the aircraft flight:
The parameter is non-decreasing.
May mean the probability that in the moment of , the diagnostic parameter value will be equal to . For example, it can be assumed that may mean, for example, the crack length or the surface wear value.
In order to describe an increase in the parameter value in the random basis, the following differential equation was adopted:
—increase in the diagnostic parameter value during one flight of the aircraft;
—probability of the aircraft flight in the time interval of , whereas ;
—intensity of the aircraft flights.
Eq. (51) in the function notation adopts the following form:
—density function of the diagnostic parameter at the time of .
After taking into account the physics of the diagnostic parameter increase and appropriate transformation, the Fokker-Planck differential equation is obtained from Eq. (52). As a result of solving this equation, the following density function is obtained:
—average increase in the diagnostic parameter per time unit;
—average increase square of the diagnostic parameter per time unit;
The probability of the catastrophic damage occurrence with the use of the relationship (53) can be presented in the following way:
—diagnostic parameter value specifying the limit state.
6. Assessment of a chance of the catastrophic damage occurrence with the constant level along the increasing diagnostic parameter value
In point 5, a case of the device operation, when the catastrophic damage occurred only after exceeding the limit state by the diagnostic parameter value, was considered. Currently, the next case is considered, when the opportunity of additional one (the second type of catastrophic damage), possible to be implemented in every moment of the aircraft operation, is added to the previous one.
Additionally, the intensity of the occurrence of this type of additional damage will be introduced:
—probability of the occurrence of this type of damage in a single aircraft flight;
—time interval, in which the flight is to take place;
—additional damage intensity.
Other necessary parameters and magnitudes in this point will be the same as in point 4. The differential equation, in order to describe an increase in the value of the diagnostic parameter changes, adopts the following form (in the function notation):
From Eq. (58) after transformation, the following partial differential equation is obtained:
—average increase in the diagnostic parameter per time unit;
—average increase in the diagnostic parameter’s current value per time unit;
—increase in the diagnostic parameter value during one flight (determined with the use of accuracy of changes in this parameter).
By using relationship (62), it is possible to determine the additional catastrophic damage occurrence within the range of .
Hence, it is possible to write the relationship for the total probability of the occurrence of both types of catastrophic damage in the time interval :
The formula for the aircraft reliability adopts the following form:
7. Model outline of the catastrophic damage occurrence with the increasing chance of its occurrence together with the diagnostic parameter increase
In order to solve the problem, The Yule’s process will be used by carrying out its modification. The method of this modification is provided in Ref. . In this case, it is necessary to perform the diagnostic parameter value discretisation. The discretisation method is provided in Figure 6.
—diagnostic parameter value states.
—probability of the aircraft flight, as result of which a change in the state may occur.
—probability of the development process interruption (i.e., state changes). This probability depends on the state.
—average value of the diagnostic parameter increase in time (one flight).
May mean the probability that in the moment of , the diagnostic parameter value achieved the state (where ).
For these arrangements, it is possible to arrange the following system of the infinite number of equations:
After division of both sides of equation by and transition to the border at , the following system of equations is obtained:
The initial condition for each of these equations is as follows:
The system of Eq. (70) is solved recursively. Having the results of the solved system of equations, it is possible to determine the probability (reliability) that in the time interval , the catastrophic damage will not occur. This relationship can be determined by adding up the obtained relationships . Hence
The probability of the fact that to the moment of , the catastrophic damage will occur, can be specified by the following relationship:
After the adding up operation performance, the following form of the solution is obtained :
Hence, the time distribution density to the moment of the catastrophic damage occurrence.
8. Outline of the aircraft reliability assessment method taking into account signalled and catastrophic damage
8.1. Description of operation conditions and adoption of assumptions
It is assumed that the aircraft operation is done in such a way that the following arrangements and assumptions are correct:
In order to assess the technical condition, n diagnostic parameters are used. So the technical condition vector adopts the following form :E76
Instead of the diagnostic parameter values in the reliability assessment, the following deviations are used:
xi—i diagnostic parameter.
xi nom—nominal value of i parameter.
Deviation values zi (i = 1, 2,…, n) are positive.
The deviation limit values are . If , the aircraft is operational. When at least one deviation exceeds the limit value, the aircraft is considered to be unfit for operation.
It is assumed that deviations are independent random variables, that is, a change in the value of one deviation does not change the value of other deviation.
The change in zi deviation values occurs as a result of the aircraft operation, which is during the aircraft flight.
The speed of changes in the deviation values can be described with the use of the following relationship:
zi—diagnostic parameter deviation;
ci—indicators characterising the local operating conditions of elements, which the increase in the diagnostic parameter’s deviation value depends on;
N—number of aircraft flights.
By using relationship (78), it is possible to determine the deviation value during one flight:
The intensity of the aircraft flights λ is determined by the following relationship:
Δt—is the time interval, in which the aircraft flight will take place with P probability. The time interval of Δt should be properly selected (depending on functioning of the aircraft operating system), for .
By using the intensity of flights λ, it is possible to determine the number of performed flights of the aircraft to the moment of t in accordance with the following relationship:
It is assumed that the aircraft is operated. The task of the technical service is, among others, not to allow for the occurrence of signalled damage and to maximally limit the possibility of the occurrence of catastrophic damage, which is the cause of the aircraft failures and crashes.
It is assumed that the sets of signalled and catastrophic damage to the aircraft are separate. Hence, the aircraft reliability in this case can be written in the following form:
—probability of the fact that to the moment t there will be no catastrophic (sudden) damage in the aircraft.
—probability of the fact that to the moment t there will be no damage signalled in the aircraft.
Despite the attempts and great effort of technical services, currently, it is impossible to completely eliminate the risk of the catastrophic damage occurrence.
It is adopted that in case of a single flight of the aircraft, the probability determining the possibility of the catastrophic damage occurrence is Q. The progressive technical service of the aircraft is to prevent this probability increase together with an increase in operating time.
8.2. Aircraft reliability determination including signalled and catastrophic damage
Under the adopted probabilistic assumptions, a description of the deviation increase of diagnostic parameters in the function of the aircraft operating time can be considered separately for each diagnostic parameter. In view of the above, it is assumed that the process of deviation changes of i diagnostic parameter is considered.
May mean the probability of the fact that in the moment t, the deviation of i parameter is zi.
For the adopted arrangements, the dynamics of changes (increase) of i deviation can be characterised with the use of the following differential equation :
—probability of the fact that in the time interval of Δt, the aircraft flight will not take place;
—probability of the aircraft flight in the time interval of Δt.
Eq. (83) expresses the following sense. The probability of the fact that in the moment of , the deviation value of i diagnostic parameter will be zi, if in t moment, it had this value and did not increase because of the lack of the aircraft flight or, in t moment, it had value and in the time interval of Δt, Δzi increased, because the flight did not take place.
Differential Eq. (83), in the function notation, adopts the following form:
—deviation density function of i diagnostic parameter from the nominal value.
Differential Eq. (84) can be transformed to the partial differential equation, with the use of the following approximation:
Hence, after simplification, the following is obtained:
By dividing two sides of (87) equation by Δt, the following is obtained:
—means the average increase of i deviation of the diagnostic parameter from the normal value per time unit;
—means the average increase square of i deviation from the normal value per time unit;
—is determined by relationship (79) for ΔN = 1.
The solution of the specific Eq. (88), which meets the following conditions, is searched for:
when , the equation is convergent to the Dirac function, that is, but in a way that the integral of u function is equal to the unity for t > 0.
For such an adopted condition, the equation solution (88) adopts the form:
By using relationship (89), the reliability in the aspect of the damage signalled for i diagnostic parameter can be written in the following form:
By taking into account all the diagnostic parameters and adopted assumptions, the reliability formula adopts the following form:
Now the relationship for the second component of R1(t) aircraft reliability is determined due to the catastrophic damage.
The catastrophic (sudden) damage is caused by incomplete control and knowledge of the aircraft technical condition.
It results from the aircraft operation that a group of damage occurs as a result of sudden changes in measurable and non-measurable parameters due to the inability to observe the changes of their values. The exceeding of the applicable limits also affects an increase in the risk of the aircraft catastrophic damage occurrence.
The damage intensity plays a basic role in the probabilistic description of the occurrence of this type of damage.
The intensity of damage is expressed by the following relationship:
T—time random variable to the catastrophic damage occurrence;
t—aircraft operation time;
P(⋅)—contingent event probability.
From relationship (94), after transformation, it is possible to obtain the following differential equation:
Eq. (95), for the initial condition , has the following solution:
In order to use relationship (95), it is important to estimate χ parameter. Based on the observations of operation of a specific type of aircraft, it is possible to obtain the times of the occurrence of this type of damage tk, where k = 1, 2,…, ω.
Time tk is time for the occurrence of the first of this type of damage in k aircraft calculated from the beginning of operation.
In order to estimate χ parameter, a method of moments will be used. The comparison of the expected value of operating time calculated from the theoretical relationship, with the average value determined on the basis of the observation, will be made.
The theoretical average time of given operation to the moment of the catastrophic damage occurrence is:
The average value of the aircraft operating time (from the moment of the catastrophic damage occurrence) calculated on the basis of the observation will be:
If the probability of the sudden damage occurrence during one flight is known, the intensity of this type of damage can be estimated by the following relationship:
The relationship for estimation of R1(t) reliability will be:
8.3. Modification of the applied method for the aircraft reliability determination including sudden and signalled damage
By starting the modification of the applied method in point ‘8.2’, the following additional assumptions are adopted:
The aircraft catastrophic damage causes its withdrawal from operation;
It is assumed that there is one dominant parameter among diagnostic parameters. Its dynamics of changes is the greatest, and due to its causes, the signalled damage is formed in the quickest manner.
The probabilities associated with the aircraft flight frequency and the possibility of its withdrawal from operation constitutes separate, independent sets of events.
For such specified probabilities, the following equation is right:
The description of deviation changes in the dominant diagnostic parameter currently marked with z will be started. The variable z has the same meaning as zi used in point ‘7.2’ and the regularities of its increase are the same as zi.
May Uz,t mean the probability that in the moment t, the dominant diagnostic parameter deviation is z.
Eq. (109) in the function notation adopts the following form:
For greater transparency, u(z,t) is added to and subtracted from the right side of Eq. (111).
After completing these operations, the following is obtained:
Finally, the following partial differential equation is obtained:
χ—intensity of the withdrawal of a specific type of aircraft due to the catastrophic damage occurrence:
b(t)—average increase in the dominant parameter deviation per time unit:
a(t)—average increase square of the dominant parameter deviation per time unit:
Δz—specified by relationship (79).
Eq. (114) has an additional element ‘-χu(z,t)’.
In order to present the equation solution (114), the equation solution (88) will be used. If the equation solution (88) constitutes the relationship (89), then, the equation solution (114) constitutes the following function:
A derivative after the relationship time (118) is calculated.
Function (114) has the density function characteristics, because:
By using relationship (118), the aircraft unreliability is determined
Thus, it is possible to write that:
—unreliability caused by the aircraft catastrophic damage;
—unreliability caused by the deviation increase of the dominant parameter above the limit value.
—aircraft reliability referring to the catastrophic damage;
—aircraft reliability referring to the dominant parameter;
Thus, the aircraft reliability will be:
Thus, the aircraft reliability formula will be:
The above method applies to the cases, in which the effects of action of destructive processes cumulate, that are correlated with the aircraft operating time and this process is disrupted by the possibility of the occurrence of the sudden damage caused by, for example, overload pulses, hard landings, etc.
This method may allow to estimate durability, due to individual diagnostic parameters. The data obtained in this way can be used in order to improve the technical service. The sequence of diagnostic controls adequately spread over operating time allows to prevent the signalled damage occurrence.
Therefore, it can be assumed that:
The aircraft reliability, including the technical service, can be estimated by the following relationship:
The presented methods for determining the relationships for the aircraft reliability are conditioned by the adopted assumptions. They can be modified in accordance with the assumptions. The more accurately the adopted assumptions will reflect the actual conditions, the more precisely the aircraft reliability will be estimated. The methods can be adapted to specific cases for determination of the catastrophic damage probability values, including the physics of occurring phenomena and operating conditions. The aircraft reliability forecasts can be used for consideration of specific problems with the reliability assessment and durability of elements, units and devices.
9. Reliability incorrect assessment results in air systems
9.1. Analysis of errors of diagnosing and stating the usability state of technical systems
The reliability of diagnostic equipment and the ergonomics of technical systems affect the errors made by the operator. The chapter raised the problem of diagnosis errors and erroneous usability evaluation and describes the example of a real event of the aircraft landing without the released landing gear, as a consequence of erroneous diagnosing. The rescue process in a situation of an aviation accident hazard was briefly described in this chapter. A person equipped with diagnostic equipment can make two types of errors, whose measurements are the occurrence probabilities marked with symbols and .
—means an error of the first type, which consists of qualifying the usable device as unfit;
—means an error of the second type, which consists of qualifying the unfit device as usable.
Making the first type error in the identification process of the aircraft’s usability may cause losses due to unplanned downtime and repeated inspection. In case of making the second type error, more dangerous consequences with the possibility of an aviation accident are often caused;
Three factors determining identification errors can be mentioned:
monitoring susceptibility of the object: it shows the extent, to which the object is adapted to the inspection, and a way in which the inspection procedures identify the actual state, as well the percentage of features not subject to the inspection;
technical equipment of the operator inspecting the state of the object and procedures of interpreting the results
predispositions of the operator, his or her qualifications, personal characteristics;
circumstances of the inspection, climatic conditions, time stress, information stress, etc.
As it results from the above considerations, the identification error is a parameter of the systemic nature. The object designer, the designer of diagnostic equipment, the operator equipped with diagnostic equipment of sufficient quality and the training of the operator conducting identification are responsible for the object state identification error. Despite the fact that the identification error depends on many factors, it is the person conducting the identification who is legally and morally responsible for the effects resulting from the identification error. The removal of responsibility from the operator follows the specified tests conducted by the specially appointed expert teams. These teams often include also experts from scientific and research institutions. These teams determine the causes of the erroneous qualification of the object condition. It results in a stressful situation for the operator, who does not always understand the essence of various sources of misidentification, blaming himself or herself for adverse events. The problem of the first and second type errors during the identification of the usability state has a legal-moral, economic and technical aspect.
The source of the error is sometimes unreliability of diagnosing units equipped with the necessary equipment and procedures of stating the usability state. With regard to the object, on which the condition is identified, it can be said that there are the following events on it:
—The event involving the fact that the object is in the state of usability and it will keep this state during the identification. The probability of such an event is marked with .
—The event involving the occurrence of damage detected in the identification process in the object until or during identification. The probability of such an event is .
—The event involving the occurrence of damage not detected during the identification in the object until or during the identification process. The probability of such an event is marked with .
These probabilities meet the condition:
The diagnosis process may include the following events:
—The event involving the fact that the diagnosis is correctly carried out and the object state statement is flawless. The probability of such an event is .
—The event involving the fact that the object was considered unfit regardless of its state. The probability of such an event is .
—The event involving the fact that the object was considered usable regardless of its state. The probability of such an event is .
—The event involving the fact that the object was considered unfit, whereas, in fact, it is usable, and the object was considered usable, whereas, in fact, it is unfit. The probability of such an event is marked with .
These probabilities meet the condition:
The probability of an event involving the fact that the object considered unfit, in fact, is usable, that is, making the first type error is given by the following formula:
The probability of an event involving the fact that the object will be considered usable, whereas it is, in fact, unfit, that is, making the second type error is given by the following formula:
The impact of possible events is the process of diagnosis on the values of the first and second type errors results from the provided formulas.
9.2. Shaping of the first and second type errors by the operator teaching method
Figure 7 shows the course of function of reducing the error of the first type as a result of m repetition of action performed by the operator or diagnosing team for different values of the experimentally determined coefficient .
These errors in the function of the number of m tests are given by the following formulas:
The intensity of learning has a significant impact on the reduction of the first and second type errors. As a result of the training, the operator learns using the controls, reading instrument indications and interpretation of symptoms of the object’s usability and unfitness. For the purposes of teaching the operator, the specific states are modelled. As a result of conducted research and analyses, coefficients characterising the quantitative progress of the training and the intensity of reducing the first and second type errors are determined.
9.3. Example result of erroneous diagnosing
The fact of a certain error in diagnosing can be stated on the example of the above-mentioned emergency landing of the PLL LOT plane, Boeing 767-300ER, on November 1, 2011 at Warsaw Chopin Airport. It should be reminded that the Boeing 767-300 plane of the Polish airlines LOT departed from the Newark airport (USA) after midnight on November 1, 2011. Thirty minutes after the takeoff from Newark, the crew of the Polish plane signalled a failure of the central hydraulic system. The machine had another system, the emergency and electrical one, which could retract the landing gear. After the departure, the plane was filled with fuel and despite the failure it would not be justified to fly around over the U.S. territory for many hours because only after fuel consumption, it would be possible to check the operation of the system extending the landing gear and to try to land. The captain decided to continue the flight, although he could not be sure as to the emergency system usability, and he intended to verify the operation in the territory of Poland. Over Warsaw, it occurred that the usability of the entire landing gear control system was evaluated erroneously because its extension failed, although the flaps had extended. Then, the decision on emergency landing was made. The result of the incorrect evaluation of the situation described above was the plane failure, which is a rare event in the aircraft operation.
The members of the government committee investigating the circumstance of the emergency landing showed that the emergency system was efficient but the aircraft crew did not use it because one of the key fuses, which secured several aircraft’s systems, including the emergency landing gear extension system, was disabled. If the fuse had been enabled, the dramatic landing at the Warsaw’s Okęcie would not have happened.
9.4. Rescue process of the critical situation
In the considered flight, an event involving consideration of the activating element as usable, regardless of its state, occurred, and it was not subject to diagnosing . The unaware classification of the unfit device as usable without diagnosing is a systemic error of the second type.
In the model representing the situation of the emergency landing on November 1, 2011, it is possible to distinguish the following elements (Figure 8): protected object—landing gear extension system, protecting object—emergency landing gear extension system and the activating element.
In Figure 8, the probabilistic characteristics of the implementation time of the security task and available time were marked.
—random variable of the security task implementation time,
—distribution function of the random variable of the security task implementation time,
—random variable implementation: time of the flight over the airport and search for the solution,
—random variable of available time: time of the flight limited by fuel residues,
—distribution function of the random variable of available time,
—implementation of the random variable of available time: maximum time of the flight limited by fuel residues.
The available time determines the reasonable time necessary to prevent a dangerous situation. In general, this time may be determined by, for example, a fuel resource, a resource of an active substance or any other type of energy extending the system operation.
The analysis of the situation and taking activities at available time can be described as follows:
receiving information about the hydraulic system leak;
making the decision to continue the flight;
initiation of the landing procedure;
receiving information about a faulty protection system (electrical system);
analysis of the obtained information and search for a solution;
making the decision about the emergency landing on the aircraft fabric covering;
implementation of the made decision;
inspection of the made decision.
After receiving the information about a defective protection system (electrical system) and inability to release the landing gear, there was the search for solutions, which had to take place at the available time—TD. After recognition of the erroneous evaluation of the emergency system, the only solution left was the use of a different emergency protection system in the form of the fuselage designed for this purpose. Owing to the pilot’s wise action, great skills and precise operation, the implementation of the made decision on the emergency landing was successful. This type of situation can be described with the salvage equation, which designates the probability of the danger defuse at the available time through the convolution of distribution functions of random variables of the available time and implementation time of the rescue task.
The probability distribution of the available time depends on the type of event. For example, for a survivor at sea, it will be the time of survival dependent on circumstances (temperature of the water and his or her own equipment); for the aircraft, the remained flight persistence; for a parachutist, remaining height, etc. The probability distribution of the implementation time of an intervention task also depends on many factors—the type of the task, the degree of the rescue team or system’s readiness, action efficiency.
In the cited example, making the right decision and the precise landing proved to be the right action preventing from crash. The implementation of random variables in the considered event in the relationship, (tOB < tD) fulfilled the salvage condition.
The presented analysis of the diagnosis errors and the rescue process model were presented in a shortened version due to the limited scope of the chapter.