Thursday, May 2, 2019

Analysis of helicopter crash blames "software glitch"


With Boeing's 737 Max variant in the news due to potential software issues that may have caused two fatal crashes, I was interested to read that software issues also caused the crash of the first Lockheed Martin/Sikorsky S-97 Raider prototype in 2017.



Nearly all helicopters have one main set of rotors. The S-97 has two sets of rotors, plus a propeller in the back intended to give it about twice the speed of traditional helicopters. In the 2017 crash, every rotor blade and every propeller blade either was bent or broken after the helicopter rolled more than 60 degrees to one side from a hover, and all parts of the landing gear collapsed when the pilot set it quickly back down.

The new National Transportation Safety Board’s factual report highlights the S-97′s fly-by-wire system, which uses electronic controls. When the helicopter is on the ground, its controls respond one way; when it’s been in the air for more than three seconds, the controls shift to a different mode. When it’s first taking off, controls transition between modes ... “Control-law changes were introduced in late 2015 to improve ground-to-air transitions,” the NTSB reported. “An unintended byproduct of these changes was an increase of the cyclic stick (flight-control) sensitivity by 2.5 times while operating in the in-transition path.”

The pilot began taking off from a runway at Sikorsky’s plant off the Beeline Highway south of Indiantown Road. Nine-tenths of a second after the helicopter detected the weight was off its wheels, the helicopter began rolling a little to the left. The pilot tried rolling a little right, and “helicopter responds with a disproportionately large right roll,” the NTSB said. The pilot corrected left, and the left roll was “disproportionately large.”

Just one second after the pilot first touched the controls to counteract the minor roll, a wheel touched the ground again, resetting the transition to flight mode as the helicopter rolled again to the right. About a second and a half after that, the two sets of rotor blades were whipped enough around by the rolling that they struck each other.

All eight rotor blade tips came off. The pilot used the controls to bring the helicopter back down as fast as possible, and both the front and back landing gear collapsed. Every blade of the rear propeller was bent and showed signs that it had scraped the ground. The helicopter was resting on its belly, the NTSB reported.

There's more at the link.  Bold print is my emphasis.

Apparently the whole incident took less than five seconds from start to finish.  Both pilots emerged from the crash with only minor injuries, and were able to get out of the aircraft and walk away without assistance, so it looks like the crash-protection features built into the fuselage worked as designed.  That's good . . . but it must still have been an "interesting" flight, to put it mildly!

It just goes to show how a software change can produce unintended consequences.  The crashed aircraft was not rebuilt, but another prototype (with improved software!) took up the development process, and the S-97 has gone from strength to strength since then.  It exceeded 200 mph in level flight late last year, a milestone for a helicopter of this size.





The S-97's bigger brother, the Sikorsky-Boeing SB-1 Defiant, recently flew for the first time.  If the coaxial rotor/propeller combination can be perfected, it'll probably become a routine feature of future helicopters, and rival tiltrotor technology for dominance in the market.

Peter

7 comments:

juvat said...

I've flown planes where the computer gets a say in what amount of control is applied. The F-15 for instance. While the computer gets a vote, the pilot gets a veto. The F-16 was the other way around. Not sure I'd want to fly them. Apparently this helicopter is wired in a similar way as the Lawn Dart.

Larry said...

F-22 and Saab Gripen both suffered crashes during development due to software issues. The same sort of feedback error in both crashes, too.

deb harvey said...

software should not operate machinery, people should operate machinery--and anything else which some smarty thinks software would be the coming thing for.

Larry said...

For the most modern fighter planes and the B-2 bomber, computer control is absolutely necessary. They are aerodynamically unstable in order to get the performance needed (whether it's stealthiness or maneuverability or both). There are too many things happening too quickly for a human to have a prayer. It's necessary.

Unknown said...

I had a housemate who worked on flight simulation training systems. With each software update of flight controls for the prototype aircraft, they would implement the same code for the simulator, and on a few occasions he told me of stuff they discovered via testing of the simulator that would have been very dangerous in an aircraft without the movement constraints inherent to the simulator hardware.

urbane legend said...

Software was never meant to fly. :-)

Your Correspondent said...

It bears mention that the Boeing 737M issue isn't really the software. There are indeed problems in that area, but they are downstream from the real problem: the airframe was re-engineered in such a way that a considerable amount of instability was introduced into the design. To gain the increased power and capacity the design parameters called for, the engines were enlarged to the point where their location on the wings had to be raised in order to create sufficient ground clearance. This, along with other modifications to the old and eminently safe 737 design created a situation where the flight controls were also modified to overcome the problem- and it is a problem- created by the larger, mis-placed engines.
Layering the software/training problems only opened the chute for the event cascade that brought down the two crash aircraft.
I regret I can't recall the article from which I learned this, but it was written by an aircraft engineer and pilot.
However, there's no doubt in my mind that this is the only explanation for the crashes that makes any (complete) sense. (While I'm no engineer, I do have some private pilot experience.)
Short version- they made the motors bigger than the design could handle and still fly right.
This, to avoid creating a new airworthiness certificate, i.e., an entirely new aircraft to certify.