Aircraft design philosophies
When building a certified aircraft, the manufacturer follows a defined design philosophy to ensure safety over the operational life. ICAO Annex 8 / EASA CS-23 recognise three main philosophies:
1. Safe Life
Concept: The structure is sized to remain functional for a defined life (number of load cycles / flight hours) without failure — fatigue is prevented by gross overdesign.
Application:
- Structures whose failure would be catastrophic without prior detectable damage.
- Examples: engine shafts, landing-gear main bearings, helicopter rotor head parts.
Procedure:
- Exhaustive fatigue testing (cycle tests) to determine life.
- On reaching the safe-life limit the component is mandatorily replaced — even if it looks intact.
Disadvantage: Conservative life assumptions → early replacement of still-good parts.
2. Fail Safe (Multiple Load Path)
Concept: The structure is designed with redundant load paths. If a single component fails, a parallel component carries the load — the overall system remains safe.
Application:
- Wing spars: main spar + auxiliary spar,
- Fuselage frames: multiple parallel frames,
- Control surfaces with multiple attachment points.
Inspection: Routine inspections look for signs of failure of the primary load path (cracks, deformation) — repair occurs before the secondary path fails.
Advantage: Safety over long periods; damage is usually detected in time.
3. Damage Tolerant
Concept: The structure tolerates small damage (cracks, corrosion, impact marks) and does not fail suddenly — load paths are designed so that crack growth is slow and predictable.
Application:
- Composite structures,
- Modern aluminium structures on large transport aircraft,
- Maintenance programmes based on periodic NDT (non-destructive testing — ultrasound, eddy current, dye penetrant).
Procedure:
- Damage Tolerance Analysis (DTA) sets inspection intervals such that cracks are detected before reaching critical size.
- On finding: repair or replace.
Advantage: Longer life than safe-life since damage is tolerable.
Application to PPL types
Classic PPL trainers (C172, PA-28) of the 1950s–60s were certified primarily under the safe-life philosophy. Later modifications (e.g. PA-28 wing spar inspection since 2018) introduced damage-tolerance concepts for critical components.
Modern types (DA40, Cirrus SR20/22, Diamond DA62) frequently use composite construction with damage-tolerance concepts.
Redundancy as a design principle
Purpose of redundancy:
- Increases availability of the system on component failure.
- Classic applications: dual magnetos (each cylinder has two plugs with independent magnetos), dual pitot-static sources, dual radios, dual lights.
- Structural: Multiple Load Paths (Fail Safe).
- System level: redundant hydraulics, redundant electrical sources.
Loads and stresses
An aircraft structure experiences several types of loads:
Static loads — steady forces:
- Structure self-weight,
- Ground weight on landing gear,
- Furnishings, fuel.
Dynamic loads — short-duration forces:
- Manoeuvre loads (turns, steep turns, rolls),
- Turbulence gusts,
- Landing impacts,
- Braking.
Cyclic loads — repeated, alternating loads:
- Pressure–tension cycles on the wing (during phases of flight),
- Pressure cycles in pressurised cabins (take-off, cruise, descent),
- Fuselage bending in turbulence.
Cyclic loads cause fatigue — the principal mechanism of structural failure over the life of an aircraft.
Load factor (n)
Definition: ratio of aerodynamic force on the aircraft to weight.
Formula: n = L / W (lift / weight)
In 1-g level flight: n = 1. In a 60° banked level turn: n = 1 / cos(60°) = 2. In a 75° banked turn: n = 1 / cos(75°) ≈ 3.86.
Limit Load Factor (n_max) by certification category:
| Category | + n_max | − n_max |
|---|---|---|
| Normal (e.g. PA-28, C172 as Normal Cat) | +3.8 g | −1.52 g |
| Utility (e.g. C172 as Utility Cat) | +4.4 g | −1.76 g |
| Aerobatic (e.g. Extra 300, Pitts) | +6.0 g | −3.0 g |
Ultimate Load Factor = 1.5 × Limit Load Factor — the structure must withstand this without failure, though permanent deformation is allowed.
Exceeding Va in heavy gusts: at speeds above Va (Maneuvering Speed) a strong gust or full control deflection can exceed the limit load — structural damage possible.
Fatigue and corrosion
Fatigue
Fatigue is progressive failure of a structure under repeated load cycles, even when each individual load is below the static strength.
Influencing factors:
- Number of cycles: more cycles → more fatigue.
- Load amplitude: higher amplitudes → faster fatigue.
- Corrosion and history: existing cracks accelerate fatigue.
- Maintenance quality: good inspections find cracks early.
Most critical: main spar structures, control surface bearings, engine mounts.
Corrosion
Corrosion is the chemical destruction of metals by reaction with the environment (mainly oxygen and moisture). Types:
- Surface corrosion: visible (pits, discolouration).
- Crevice corrosion: in cracks or under sealants → hidden.
- Pitting: small, deep holes.
- Stress-corrosion cracking (SCC): corrosion + stress → fast cracking.
Pre-flight inspection: look for pitting, cracks, discolouration, paint flaking — especially at wing roots, landing-gear mounts and control surface bearings.
Maintenance concepts
Hard-time (time-limited / fixed-time):
- Component replaced at fixed intervals (e.g. magneto inspection every 500 h).
- Classical and simple.
On-condition:
- Component remains in service as long as inspections confirm function.
- Example: tyre change after tread wear.
Condition monitoring:
- Continuous monitoring of parameters (vibration, oil analysis, trend monitoring).
- Maintenance follows from data analysis — modern concept, rare in GA but common in engine trend monitoring.
Exceedance of limit load: any load overrun (manoeuvre overload, hard landing, severe turbulence) must be reported and the aircraft inspected — the maintenance organisation performs an overload inspection (visible deformation, crack inspection, NDT if needed).