Design-against-Failure
Lecture 1 - Introduction
Merriam Webster Dictionary
• a) omission of occurrence or
performance; specifically: a failing to perform a duty or expected action
• b) a state of inability to perform a normal function
• Mechanical Failure
• “Any change in size, shape or
mechanical properties of a structure,
machine, or components that renders
it incapable of satisfactory performing
its intended function” – J.A. Collins,
Failure of Materials in Mechanical
Design, John Wiley&Sons, 1981
professional misconduct during design and/or construction and/or operation.
new and untested materials that produce
in unexpected and undesirable results
• Type 1: Existing design guidelines and procedures are adequate to avoid failure but for a different reasons are nor
followed.
• Human error
• Criminal behaviour
• Poor manpower
• Insufficient materials
• Poor materials
• Errors in stress analysis
• Mistakes of operators
• All of above
to prevent.
Introduction of design changes:
unexpected results due to
unpredictable or unknown factors of behavior. Examples:
• Welding vs riveting
Use of new materials: advantages but potential criticalities (unknown).
Examples:
• Use of polymers vs aluminum alloys
• Titanic (1912) – RMS Titanic was a British passenger ship hat sunk as a consequence of a collision with an iceberg, during her opening trip from Southampton (UK) to New York (USA), on april 14
th, 1912. RMS Titanic was the largest ship of her time and considered “unsinkable”. In the
disaster more than 1500 people lost their lives.
• Causes. Several factors contributed to the disaster:
• Insufficient number of lifeboats
• Poor hull and rivet materials
• Poor design of the watertight
compartments
• Hindenburg disaster (1937) – LZ 129 Hindenburg was the largest passanger airship (273 m long) designed to route between Europe and Americas. During its 10
thtrip to US, it burst into flames while immediately after landing at Lakehurst Naval Air Station in Manchester Township, New Jersey. 36 lost their lives in the
accident that was filmed live.
• Cause: hydrogen fire probably started by
electrostatic spaks. The disaster caused the
end of an era.
• Tacoma Narrows Bridge collapse (1940) – It was the first suspended bridge in the state of Washington and the 3
rdlongest single span bridge in US. Inaugurated in 1940, it collapsed the same year. The bridge showed unexpected vertical oscillatory
motion under mild wind. On Nov. 7, 1940, the bridge under a wind blowing at 64 km/h collapsed.
• Cause:
• Change in the design to increase bending stiffness which caused the
dynamic instability of the structure as a
result of positive feedback between the
body's deflection and the force exerted
by the fluid flow (flutter)
• Cleveland East Ohio Gas Explosions (1944).
On Oct. 20th, 1944, a tank of liquefied natural gas exploded in the town of
Cleveland causing 130 deaths and damages for millions of dollars.
• Cause: as a result of a leak, the released gas flowed in the city sewer mixing with air and vapors eventually ignited by a spark or a flame.
• As a result of the accident, the norms and
prescriptions for storages of inflammable
gasses were redefined.
• US Navy Liberty class(1943). Liberty class ships were the first to be build in a
production line similarly to cars. Each section was produced separately and
successively joined using welding instead of riveting. Over a global production of 2700 ships, 1500 were subjected to more or less severe brittle fractures. Three broke in two, in a case, while harboring.
• Cause: investigation revealed the deadly
combination of stress, crack like flaws and
temperature on materials with limited crack
resistance.
• Hyatt Regency Hotel passerella Collapse (1981)- On July 7
th, 1981, two suspended walkways at Hyatt Regency, Kansas City,
collapsed on the mail hall killing 114 people.
• Cause: Investigation revealed severe design flaw. The structure as it was designed, could barely sustain its dead load.
• Consequences: Engineers that approved the design, were condemned for misconduct and negligence. Their license was
withdrawn.
• Space Shuttle Challenger avvenuta (1986) On Jan. 28, 1986 the Space Shuttle
Challanged explosed after 73s after lift-off killing all 7 crewmembers.
• Cause: Investigation showed that the
disaster was caused by the failure of O-rings in the a joint of right SRB. The weakness of such critical component was known since many years ahead by NASA and contractor engineers but it instead of redesigning, it was treated as an acceptable risk.
• Consequence: there years stop of NASA
space program, and reorganization of
quality assurance and safety office.
• Chernobyl power plant disaster (1986) – Il On April 26 1986, following a series of stress tests, safety systems were intentionally
turned off. A combination of inherent reactor design flaws and the reactor
operators arranging the core in a manner contrary to the checklist for the test,
eventually resulted in uncontrolled reaction conditions. The explosion of reactor IV
released an enormous quantity of radiation in the atmosphere. The town of Pripyat, where 47.000 people lived, is a ghost town.
The costs of such disaster were estimated in
Concorde Air France 4590 Crash (2000) - On July 25, 2000 Air France Concorde 4590 burst in flame and crashed immediately after take- off and at Paris Charles de Gaulle, killing 113 people. Initially, the age and distributed cracks in the structure was claimed as cause of the accident. Later investigation demonstrated that a series of unfortunate events caused the disaster: a tire debris on the runaway hit the lower surface of the wing, cutting the fuel line.
The accident signed the end of the civil
supersonic transport: 3 years later the
Concorde was dismissed.
Space Shuttle Columbia disastro (2003) – On Feb. 1
st, 2003, Space Shuttle Columbia
disintegrated upon reentering the Earth’
atmosphere. During the launch, a piece of foam insulation broke off from the Space Shuttle external tank and struck the left wing of the orbiter. When Columbia re-entered the atmosphere of Earth, the damage allowed hot atmospheric gases to penetrate the heat
shield and destroy the internal wing structure, which caused the spacecraft to become
unstable and break apart.
Deepwater Horizon Disaster (2010). The Deepwater Horizon oil spill is an industrial disaster that began on 20 April 2010, in the Gulf of Mexico on the BP-operated Macondo Prospect. It is considered to be the largest marine oil spill in the history of the petroleum industry. The U.S. government estimated the total discharge at 780000 m
3. After several failed efforts to contain the flow, the well was declared sealed on 19 Sep. 2010. The
investigation found that managers misread
pressure data and gave their approval for rig
workers to replace drilling fluid in the well
with seawater, which was not heavy enough
to prevent gas that had been leaking into the
well from firing up the pipe to the rig, causing
the explosion.
• FAIL-SAFE
• SAFE-LIFE
• DAMAGE TOLERANCE
• FAIL-SAFE
This type of design philosophy considers the effects of failures and combinations of failures in defining a safe design. The principal idea is to see how a failure or failures could cause a negative effect in the safety of the design.
The fail-safe design concept has two different
meanings, one for structures and another one for the systems.
Fail-Safe for a structure refers to the residual strength after the sustaining of damage, while the Fail-Safe concept for a system refers to the functional
implications when a failure occurs and the possibilities that a failure occurs.
The Fail-Safe for structures is governed by 14 CFR
(Code of Federal Regulation) 25.571 and the methods
of compliance are outlined in the AC 25.571-1C. The
Fail-Safe for systems is specified in the 14 CFR 25.1309
‘In constructing wings, one should make one cord to bear the
Elevators
Elevators are typically designed with special brakes that are held back by the tension of the elevator's cable. If the cable snaps the loss of tension causes the brakes to be applied.
Trains
Railway trains commonly have air brakes that get applied automatically with the failure of the main brake system.
Flight Control
Flight control computers are typically designed with
redundancy so that if one goes down another kicks in. They may also be designed to detect a flight control computer that suffers from "insanity" meaning that it appears to be
dysfunctional due to damage or other factors.
This design philosophy refers to the period of operation of the component or system.
The component or system is designed to not fail in a certain period of time.
The desire with this philosophy is to extend as long as possible the service life time of the component or system.
The design under this philosophy requires a testing
and an analysis to estimate the service life time of a
component, but due to the inability of predict the
specific service time of a component is necessary to
include a conservative safety factor to ensure that a
catastrophic failure will not occur in any case.
This design philosophy is based on the principle that critical components can resist a failure due to some preexistent damage without risking the safe operation of the other components or systems and until the damage can be repaired.
This philosophy is focus in two points with the
assumption that already exist a flaw in the structure:
the first is the possibility to establish the fracture load for a specific crack size; the latter is to predict the period of time for a new flaw to grow to the same size and can cause a fracture in the structure.
Consequently, it is fundamental to implement a
maintenance program that allows detecting all the
damages before they can reduce the strength of the
structure before the acceptable limit.
1. Force and/or temperature induced elastic deformation 2. Yielding
3. Brinneling 4. Ductile rupture 5. Brittle fracture 6. Fatigue
a) HCF b) LCF
c) Thermal fatigue d) Surface fatigue e) Impact fatigue f) Corrosion fatigue g) Fretting fatigue 7. Corrosion
a) Chemical attack b) Galvanic
c) Crevice d) Pitting
e) Intergranular
f) Selective leaching g) Erosion
h) Cavitation
i) Hydrogen damage j) Biological corrosion k) Stress corrosion 8. Wear
a) Adhesive b) Abrasive c) Corrosive d) Surface fatigue e) Deformation f) Impact g) Fretting
10. Impact
a) Impact fracture b) Impact
deformation c) Impact wear d) Impact fretting e) Impact fatigue
9. Fretting
a) Fretting fatigue b) Fretting wear c) Fretting corrosion
11. Creep
12. Thermal relaxation 13. Thermal shock 14. Stress rupture 15. Galling and seizure 16. Spalling
17. Radiation damage 18. Buckling
19. Stress corrosion 20. Corrosion wear 21. Creep fatigue
