Newsgroups: comp.risks
X-issue: 1.37
Date: Thu, 9 Jan 86 12:14:34 PST
From: ihnp4!utzoo!
Subject: Multiple redundancy

Advocates of multiple redundancy through independently-written software
doing the same job might be interested in an incident involving complete
failure of such a scheme.

During the development of the De Havilland Victor jet bomber, roughly a
contemporary of the B-52, the designers were concerned about possible
problems with the unusual tailplane design.  They were particularly
worried about "flutter" -- a positive feedback loop between slightly-flexible
structures and the airflow around them, dangerous when the frequency of the
resulting oscillation matches a resonant frequency of the structure.  So
they tested for tailplane flutter very carefully:

	1. A specially-built wind-tunnel model was used to investigate the
	flutter behavior.  (Because one cannot scale down the fluid properties
	of the atmosphere, a simple scale model of the aircraft isn't good
	enough to check on subtle problems -- the model must be carefully
	built to answer a specific question.)

	2. Resonance tests were run on the first prototype before it flew,
	with the results cranked into aerodynamic equations.

	3. Early flight tests included some tests whose results could be
	extrapolated to reveal flutter behavior.  (Flutter is sensitive to
	speed, so low-speed tests could be run safely.)

All three methods produced similar answers, agreeing that there was no
flutter problem in the tailplane at any speed the aircraft could reach.

Somewhat later, when the first prototype was doing high-speed low-altitude
passes over an airbase for instrument calibration, the tailplane broke off.
The aircraft crashed instantly, killing the entire crew.  A long investigation
finally discovered what happened:

	1. The stiffness of a crucial part in the wind-tunnel flutter model
	was wrong.

	2. One term in the aerodynamic equations had been put in wrongly.

	3. The flight-test results involved some tricky problems of data
	interpretation, and the engineers had been misled.

And by sheer bad luck, all three wrong answers were roughly the same number.

Reference:  Bill Gunston, "Bombers of the West", Ian Allen 1977(?).

				Henry Spencer @ U of Toronto Zoology

Newsgroups: comp.risks
X-issue: 1.40
Date: Mon, 13 Jan 86 19:49:18 PST
From: ihnp4!utzoo!
Subject: Re: Multiple redundancy

A correction and an addendum to my earlier contribution about multiple

Correction:  It was not the "De Havilland Victor" but the "Handley Page
Victor".  Blush.  That's like calling Boeing "McDonnell Douglas".

Addendum:  The full reference is  Bill Gunston, "Bombers of the West",
Ian Allan, London 1973, page 92.

				Henry Spencer @ U of Toronto Zoology

