|
|
Al Wick <alwick@juno.com> wrote:
Sorry for being so long winded, I have the impression that stuff like
this haven't been discussed before.
Actually, most of the application related part has - at various times. A couple of weeks ago, Leon posted pictures of a 12A front cover designed for two distributors - "Twin Dizzies" (apparently also suitable for twin CAS units). There's been discussion of ways to "stack" dual pickups on a single shaft; and some other on adding a CPS/CAS on either the flexplate or on the crank pulley. We've long acknowledged that an *ideal* system would have true redundancy.
Then again, is this where our inventive efforts would yield the most value, at this time? So far, it seems that the Mazda CAS is one of the _least_ vulnerable of the engine management components. So far, the most fragile parts of the system have turned out to be the intake and fuel systems. So that is where a lot of attention has been, of late.
My $.002 (.02, after 35 years of inflation)
Dale R. (___
COZY MkIV-R13B #1254 |----==(___)==----| Ch's 4, 5, 16 & 23 in progress o/ | \o
From: al p wick <alwick@juno.com>
Date: 2005/06/04 Sat AM 10:43:11 EDT
To: "Rotary motors in aircraft" <flyrotary@lancaironline.net>
Subject: [FlyRotary] Re: Rotary risks
First, let's try to get a perspective. There is no job as creative as that of Design Engineer. This guy is
making hundreds of decisions. How many inputs do I need, what size
resistor, how wide should that track be, how do I isolate that from
vibration, etc etc. It's a very very high risk activity. So easy to
overlook something. Many of the decisions are arbitrary. You are just
making your best guess. The Japanese produce superior products. When we analyzed their success 30
years ago, we found they used certain tools in the design and validation
phase that U.S. designers didn't. One of these is the FMEA (see web
site). They get a group of engineers together and say" Ok, this is our
best guess on how it should be designed, what's going to fail?". They go
thru each characteristic and rate them for risk. Then they find a way to
prove how far from failure each of those items are.
For example, they'll say"Ok, the alternator is going to fail. This will
produce an ac voltage." So then they measure how large the ac voltage can
get before the device dies. Then they take action if there is not a large
safety margin, retest. They end up with numbers that measure their safety
margin.
So I would encourage reviewing all the various failure modes of the ECM.
Deliberately subject it to experiences beyond what it will normally see.
Unplug each sensor, see how it handles it. Apply heat way beyond normal,
apply vibrations beyond normal. There are very simple ways to do this. It
doesn't have to be some long drawn out thing. However, statistically, we know if you have true redundancy in this
particular device, then you get to multiply the probability of failure.
So if the probability of shut down is 1 time in 1000 hours, since we have
two with independent probabilities, our odds plummet to 1 time in 1
million hours. So all you need are two independent circuits. When in doubt, just take a look at what the auto designers have done.
They use more than one sensor to measure each characteristic. They
compare the sensor results to historical data. They instantly recognize
the sensor is providing false data, then warn you, and use tables or
other sensor to keep you plugging along. That's why you don't see
vehicles sitting on the side of the road.
Sorry for being so long winded, I have the impression that stuff like
this haven't been discussed before.
-al wick
Artificial intelligence in cockpit, Cozy IV powered by stock Subaru 2.5
N9032U 200+ hours on engine/airframe from Portland, Oregon
Prop construct, Subaru install, Risk assessment, Glass panel design info:
http://www.maddyhome.com/canardpages/pages/alwick/index.html
|
|