Thirty lines of computer code might have saved Air France flight 447, and 228 passengers and crew aboard, from plunging into the Atlantic Ocean on June 1, 2009, according to new research by Carlos Varela, associate professor of computer science. Varela and his research group have developed a computer system that detects and corrects faulty airspeed readings, such as those that contributed to the AF447 crash. Their approach to detecting errors could be applicable in many systems that rely on sensor readings.
“During this flight, important sensors failed, and reported erroneous data. But the autopilot didn’t know that, and it acted as if the data were correct,” said Varela. “We have computers that can beat the best human Jeopardy! players, and yet we rely on these relatively weak autopilot systems to safeguard hundreds of people on each flight. Why don’t we add more intelligence to autopilot systems?”
Varela’s research, aimed at developing “active data,” was funded by the Air Force Office of Scientific Research under the Dynamic Data Driven Application Systems program. The goal of the grant is to develop mathematical and programming elements that enable otherwise passive data systems to search for patterns and relationships, and discover knowledge in data streams. Varela, who is himself a pilot, recognized that robust “active data” systems could have prevented the crash of flight AF447. Shigeru Imai, a computer science graduate student, originally presented their research and results at the second International Conference on Big Data Science and Engineering in December 2013.
AF447 crashed into the Atlantic Ocean more than 400 miles off Brazil’s northeastern coast. When recovered, the “black box” flight recorders revealed a chain of events beginning with erroneous readings from the pitot tubes—instruments that use air pressure to calculate airspeed. The pitot tubes, presumably blocked by ice, reported a drop in airspeed from 461 to 182 knots. The autopilot, unaware of the error, lowered the nose of the airplane in an attempt to increase airspeed. Unable to maintain altitude, the autopilot disengaged, at which point three human pilots were not able to correct for the error.
Varela and his research group focused on failure of the airspeed sensors. In the event of a pitot tube failure, airspeed can be accurately calculated using groundspeed and wind speed data gathered from onboard instruments that monitor GPS satellites, and weather forecasting information obtained prior to the flight. The relationship between the three data streams provided the group with an opportunity.
“If we can capture the mathematical relationship between the data streams, we can look at the patterns that arise upon known failures, which we call ‘error signatures,’” Varela said. “Then we can say, ‘Oh, this anomaly in the data corresponds to a known hardware failure. We know what is happening.’”
The group created a programming language called the “ProgrammIng Language for spatiO-Temporal data Streaming applications,” or “PILOTS,” and used it to write a program that examines the three data streams and searches for an error signature. If a signature is detected, the system corrects the error using data from the other two streams. In test runs, the PILOTS program—which uses about 30 lines of high-level code to govern a constant analysis of the data—prevented the AF447 crash.
We have computers that can beat the best human Jeopardy! players, and yet we rely on these relatively weak autopilot systems to safeguard hundreds of people on each flight. Why don’t we add more intelligence to autopilot systems?”—Carlos Varela
“We put the data from the black box of this Air France flight in our model, and in five seconds we were able to detect that the pitot tubes had iced, and we were able to compute the correct airspeed,” said Varela. “During the actual flight, the pitot tubes were only iced for 40 seconds, but by the time they were functioning properly again, the plane was descending at about 10,000 feet per minute.”
Varela said the approach has many other applications. In the context of autopilot systems, Varela said active data could potentially prevent errors like those behind the 2005 crash of Tuninter Flight 1153, in which pilots trusted a faulty fuel indicator, and could aid pilots in situations like the 2009 controlled ditch of US Airways Flight 1549 into the Hudson River.
Varela said the concept could also be helpful in other applications that rely on sensors, such as health care, where sensors used to collect data from patients could detect early signs of seizures or heart attacks based on patterns in the data.