Power-Killing Software Glitch Found in Boeing Dreamliner

Simulation reveals failure mode without risk to aircraft

The Boeing 787 Dreamliner has generated a lot of press recently due to overheating issues with its lithium-ion batteries. A recent FAA airworthiness directive points to another electrical issue with Boeing’s new jet. According to the AD, if the 787’s power control units are operated for eight months (248 days) continuously, a software glitch can shut down the entire aircraft’s electrical system, which can result in a complete loss of aircraft power. This could even happen mid-flight.

Luckily, the Boeing systems problems only occurred in laboratory computer simulations. The AD is to adjust something that has never happened in the field. It’s also unusual that it would require eight months of continuous operation.

Normally, you would expect, in the process of regular aircraft maintenance, that someone would shut the system off and restart it. Either way, the problem is there and it needs to be addressed.

What’s really interesting about the 787 is the way its electrical system works. Unlike conventional aircraft, the 787 uses a hybrid voltage system with 235 volts AC, 115 volts AC, 28 volts DC and 270 volts DC.

The 115 volts AC and the 28 volts DC are conventional aircraft practice, but the other two levels are something new.

The 235 ACV feed is the result of “no-bleed” technology. This means that Boeing has tried to reserve all of the engine’s power output to propelling the aircraft forward, using as little energy as possible to do things like pressurize the cabin.

They do this by controlling engine-driven generators, which operate at variable speed. These are direct-coupled, meaning there’s no constant speed drive required. Each generator in turn has a control unit, with six generators all together; two in each engine and two on the EPU in the tail of the aircraft.

However, if the main power generators all failed, the plane’s lithium-ion battery would supply power to the flight deck for around six seconds. This should be enough time to deploy the RAM air turbine, a small pinwheel-like emergency generator, which springs out the side of the aircraft. The ram air turbine generates enough power in the air stream to reboot the electrical systems of the aircraft and can provide enough electrical power to ensure a safe landing.

The plane maker also says that if the power shuts down in an aircraft during regular service, it would be possible for the pilot to reboot the system.

Boeing says they are currently working on a software update, which should be ready by the fourth quarter.

It’s unlikely this will ever amount to a safety issue in an actual aircraft flight, but what fascinates me is that the problem was determined by simulation – not by a failure in actual practice.

For an old test technician like myself, this is unfortunate news. We now live in a software-driven world where we may no longer be able to enjoy actually cycling equipment until it fails and make corrections based on that. Instead, we’ll be finding problems before they occur by simulating them inside a computer rather than actually breaking hardware. It’s a good thing, but I can’t help but enjoy frying something real on the bench.

Let us know your thoughts in the comments below.

Written by

James Anderton

Jim Anderton is the Director of Content for ENGINEERING.com. Mr. Anderton was formerly editor of Canadian Metalworking Magazine and has contributed to a wide range of print and on-line publications, including Design Engineering, Canadian Plastics, Service Station and Garage Management, Autovision, and the National Post. He also brings prior industry experience in quality and part design for a Tier One automotive supplier.