Indranil wrote:Chetak sir,
Are there known ways for the flight computer to identify garbage input from the sensors and enter a failure-recovery mode.
No need for sir, saar
I use saar as a Bangalore/KAR form of address by sheer force of habit.
Usually, valuable platforms (meaning legally liable!!) like commercial ships, commercial aircraft and also many MIL aircraft etc have multiple channels in the FCS/Auto Pilot system. Each channel is independent and separate and also unique in terms of hardware, software, build specs, software language etc to ensure that inherent failure mechanisms in one systems/channel are not duplicated in the other system/channel thereby causing loss of the asset.
This is to guard against common cause failures. Risk analysis for common cause failures is very complex and mistakes are easily made as was painfully realized by the poor japanese after the fukushima disaster.
To address your question, the inputs from multiple systems/channels are compared in real time by a "voting system" or "polling" whereby sensor data from different channels are compared and passed only if they lie within predetermined limits. Any data outside of the set limits are declared as "garbage" and ignored. A majority of channels have to agree if the data is to be accepted as good and passed on for further processing. if a majority of the channels do not agree, then the data is not used.
In Airbus, which has a 4 channel FCS, three out of four systems have to agree before the data is declared as"good". Boeing also has a similar system.
A continuously arriving stream of data is good enough for system stability even if some "corrupted or ignored" data is dropped due to some momentarily present glitch in the sensor(s).
If the sensor(s) is kaput for any reason, depending on the importance of the sensor(s), the flight control law in use will/may automatically degrade to an alternate law with reduced functionality and there are loud audio visual warnings to alert the crew.
Failure protection is simply to ensure that the aircraft remains within the design flight envelope.
If an over speed condition is detected, the engines will be automatically commanded to reduce thrust to maintain the speed within the flight envelope.
If a Boeing / Airbus aircraft enters a stall, the sticks shakes violently and the nose is commanded to pitch down to recover from the stall.
Remaining within the flight envelope ensures that the aircraft does not exceed airframe design loads and other limits at all times appropriate to the flight regime that the aircraft is operating in.
