The concept of failure is central to the design process, and it is by thinking in terms of obviating failure that successful designs are achieved. It has long been practically a truism among practicing engineers and designers that we learn much more from failures than from successes. Indeed, the history of engineering is full of examples of dramatic failures that were once considered confident extrapolations of successful designs; it was the failures that ultimately revealed the latent flaws in design logic that were initially masked by large factors of safety and a design conservatism that became relaxed with time.

Design studies that concentrate only on how successful designs are produced can thus miss some fundamental aspects of the design process, which is difficult enough to articulate as it is. Yet while practicing designers especially are notorious for saying little, if not for consciously avoiding any discussion at all of their own methodology, there have been some notable exceptions (especially, e.g., Glegg, 1973, 1981; Leonhardt, 1984), and when these engineers have reflected on the design process, they have acknowledged the important role that failure plays in it. Although often an implicit and tacit part of the methodology of design, failure considerations and proactive failure analysis are essential for achieving success. And it is precisely when such considerations and analyses are incorrect or incomplete that design errors are introduced and actual failures occur.

The first and most indispensable design tool is judgment. It is engineering and design judgment that not only gets projects started in the right direction but also keeps a critical eye on their progress and execution. Engineering judgment, by whatever name it may be called, is what from the very beginning of a conceptual design identifies the key elements that go to make up an analytical or experimental model for exploration and development. It is judgment that separates the significant from the insignificant details, and it is judgment that catches analysis going astray. Engineering judgment is the quality factor among those countless quantities that have come to dominate design in our postcomputer age. Judgment tells the designer what to check on the back of an envelope and what to measure at the construction site. Judgment, in short, is what avoids mistakes, what catches errors, what detects flaws, and what anticipates and obviates failure. The single most important source of judgment lies in learning from one's mistakes and those of others.

All meaningful improvements in analytical and computational capabilities are at heart improvements in our ability to anticipate and predict failure. Every engineering calculation is really a failure calculation, for a calculated quantity has meaning for engineering only when it is compared with a value representing a design constraint or failure criterion of some kind.

Not all engineering failures take place suddenly and dramatically, accompanied by the crack and crash of steel and the tragic loss of life. Indeed, some classic errors in design have been all but ignored and forgotten in the context of what are generally hailed as tremendously successful projects. Yet these errors can be no less endemic in the design process, and hence case studies elucidating them can be extremely instructive and valuable for the teaching and practice of design. One class of such errors may be described by the rubric of tunnel vision in design, and like other types of errors, it is best introduced through a paradigmatic case history.

One of the most fruitful examples of the role of failure in the history of engineering design was hailed as a tremendous structural success and stood for 120 years as a monument to its engineer. The Britannia Bridge was to carry the Chester and Holyhead Railway across the Menai Strait, a strategic stretch of water with tricky currents between the northwestern coast of Wales and the Isle of Anglesey. On the other side of Anglesey, at the port of Holyhead, trains from London could meet ferry boats to Dublin. Because the Menai Strait was so important to the British Navy, the Admiralty would allow no bridge that would interfere with shipping during or after construction.

Galileo begins the first day of Dialogues Concerning Two New Sciences by relating several stories of contemporary structural failures that were inexplicable within the state of the art of Renaissance engineering. As indicated in the last chapter, several of the stories have to do with the problem of proportionately similar structures behaving differently depending upon whether they are large or small, hence manifesting a scale effect. According to Galileo,

Such generalizations could, of course, be reached by experience alone, and there were no doubt even rules of thumb as to how large an obelisk or column had to be to require special care in its storage or erection. Empirical evidence of failure and rules of thumb were not sufficient to explain why a failure would occur, of course, but they could certainly help avoid failures in situations recognized to be precarious. Indeed, with little more than an empirical understanding of what worked and what could go wrong when the untried was tried, Renaissance designers might have been particularly cautious in their attempts to extrapolate to larger structures and ever attentive to situations that might lead to failure.

Errors can occur at all stages of the design process, but fundamental errors made at the conceptual design stage can be among the most elusive. Indeed, such errors tend to manifest themselves only when a prototype is tested, often with wholly unexpected or disastrous results. These, more than any other design errors, are invariably human errors, because a conceptual design comes only out of the uniquely human creative act of transforming some private concept from the designer's mind to some public concept that can be described to and modified by other humans. The creative act of conceptual design is the result of nonverbal thought (Ferguson, 1977, 1992), and as such often takes its initial public form as a sketch or drawing. If the concept is fundamentally flawed, this may be recognized intuitively at the instant the design is articulated in the mind or in words or drawings on paper, and so the concept can be rejected outright. But if the concept has a basic error that goes undetected, then the error tends to be all the more difficult to catch as the design progresses through evolutionary stages of modification and detailed design.

Whatever classification schemes might be employed or whatever distinctions might be drawn among identifiably different stages of the design process, the creative act of conceptual design is as old as civilization itself, for it can be argued that without such design there would be no civilization.

Among the most crucial assumptions in the solution of any engineering problem, whether it be a problem in engineering science or in engineering design, is the assumption of how any particular mode of failure will occur. Indeed, it is the analyst's or designer's preconceived ideas about failure that drive the analysis or design (which beyond conceptualization necessarily proceeds by some form of analysis), and virtually every theoretical calculation or experimental measurement on an analytical or scale model of a real or projected system is most significant in its relationship to how the system is imagined to fail in theory or practice.

As an illustration of these ideas, a fundamental problem that Galileo (1638) identified as central to determining the strength of materials will be explicated in this chapter. Galileo's famous problem of the cantilever beam may be taken as a paradigm of all engineering design problems, and his flawed analysis may serve as a paradigm of logical error in the solution of such problems. The unassailable genius of Galileo and the undeniable greatness of his many contributions to engineering mechanics make his error all the more suitable as the basis for a paradigm intended to emphasize the ease into which we all can fall into error.

Galileo's Problem of the Cantilever Beam

The several examples of notable failures of Renaissance engineering with which Galileo opens his treatise served for him as counterexamples to the prevailing hypothesis that geometry alone was sufficient to analyze and design structures and machines.

Perhaps no principle in design is so well known and yet so frequently forgotten as the effect of size or scale on performance. Although some of civilization's most proud moments have been immortalized in colossal monuments to the triumph of human design ingenuity over the great forces of nature, some of history's most embarrassing moments have come in the dramatic failures of some of the largest machines, structures, and systems ever attempted. Nowhere does the line between success and failure seem so thin as when the very greatest of our human efforts straddle it.

Some of the earliest recorded thought about design shows an awareness of a scale effect in natural and fabricated things. Among the minor works of Aristotle is a collection of questions and answers known as Mechanical Problems, in which queries about the physical world are posed and solutions offered in the context of fourth-century B.C.E. knowledge of physics, mathematics, and engineering. Although there is some doubt that Mechanical Problems is actually the work of Aristotle himself, rather than of his Peripatetic School, certainly the work fairly represents contemporary thinking and shows that engineers of twenty-four centuries ago wrestled with problems that can still be troublesome today, as indicated by recurring design errors and structural failures. Among the thirty-five mechanical problems posed in Aristotle's time were “Why [are] larger balances … more accurate than smaller ones?”

Except in cases where spectacular public works or loss of life is involved, the details of specific engineering failures are seldom discussed outside the narrow discipline of obvious relevance. Recently, there have been some notable exceptions, of course, including the collapse of the elevated walkways in the Kansas City Hyatt Regency Hotel in 1981 and the explosion of the space shuttle Challenger in 1986. Such colossal failures have been headline news, and few engineers of any discipline are unaware of the most probable causes of the failures, at least in a general sense.

Less spectacular and less recent failures tend to be remembered only within the industry or discipline for which they are perceived to have a continuing relevance, and even then they tend to be relegated to dusty archives as the state of the art appears to eclipse the errant technology that was involved. But a considerable number of failures throughout engineering history have been due to errors in the same timeless design logic and methodology that are used today, and so the root causes of classic failures can and do have a continuing relevance for current designs and design processes of the greatest sophistication and complexity. Furthermore, because lessons drawn from errors in the design process itself necessarily transcend the specific flawed application, failure case histories that are employed as vehicles for conveying the nature of a type of design error have significance for the design process generally and timelessly.

The development of failure-based paradigms can serve to define better the role of failure in the design process. Understanding how error has been introduced into past designs makes it easier to identify and eliminate it in future designs, and demonstrating how error has been consciously avoided by some of the most creative designers of the past provides models of good design for the future. When we understand both the negative and positive aspects of the role of failure in the design process, the process itself can be made to be more understandable, reliable, and productive.

Paradigms such as those presented here can also serve to unify a wealth of past experience of failure and failure avoidance that has generally escaped useful classification schemes. The value of case histories has long been appreciated, but the systematic use of them to benefit the next generation of designs can be elusive. By providing a new structure of paradigms within which case studies can be given broad interpretations across design specialties, a wealth of new experience is made available to design theorists and practitioners alike.

Design has been a notoriously problematic aspect of the engineering curriculum, and paradigmatic case histories provide a means of understanding and teaching the design process that can be structured according to a beneficial scheme. The scheme of paradigms and supporting case studies has the dual advantage not only of laying the foundation for organizing the mass of design experience for theoretical studies but also of providing caveats and models for the student and practitioner of design.

Possibly the greatest tragedy underlying design errors and the resultant failures is that many of them do indeed seem to be avoidable, yet one of the potentially most effective means of improving reliability in engineering appears to be the most neglected. Historical case studies contain a wealth of wisdom about the nature of design and the engineering method, but they are largely absent from engineering curricula, perhaps because the state of the art always seems so clearly advanced beyond that of decades, let alone centuries or millennia, past. However, the state of the art is often only a superficial manifestation, arrived at principally through analytical and calculational tools, of what is understood about the substance and behavior of the products of engineering. Anyone who doubts this assertion need only look to the design errors and failures that occur in the climate of confidence, if not hubris, known as the state of the art.

The fundamental nature of engineering design transcends the state of the art. Thus it follows that historical case studies that illuminate those aspects of conceptualization, judgment, and error that are timeless constants of the design process can be as important and valuable for understanding technology and its objects as are the calculus or the latest computer software. The lessons of the past are not only brimming with caveats about what mistakes should not be repeated but also are full of models of good engineering judgment.

The design prejudices prevailing in the 1920s and 1930s, when the George Washington, Golden Gate, Tacoma Narrows, and other major suspension bridges were on the drawing board, evinced confidence in analytical techniques and a preoccupation with aesthetics. Almost a half-century of relatively successful experience with suspension bridges like the Brooklyn had led designers to focus on extrapolating from that successful experience. Such a focus led in turn to a climate in which some designers forgot or ignored the first principles on which the successful designs originally were based. These principles rested upon criteria that explicitly recognized wind-induced failure modes that in turn drove design decisions. Basing structural extrapolation upon models of success rather than on failure avoidance was to result in such flexible bridges as the Bronx–Whitestone, completed in 1939 over the East River in New York City, and culminate in the collapse of the Tacoma Narrows Bridge in 1940.

It is perhaps a truism that the design climate in which an engineering project is conceived and developed can have a profound effect on whether it succeeds or fails, but the significance of the interaction between success and failure in design can sometimes be so subtle as to escape even the greatest of designers. The context in which suspension bridges were being designed and built in the late 1920s and 1930s in the United States provides a classic example of the phenomenon.

The relationship between success and failure in design constitutes one of the fundamental paradoxes of engineering. The accumulation of successful experience tends to embolden designers to attempt ever more daring and ambitious projects, which seem almost invariably to culminate in a colossal failure that takes everyone by surprise. In the wake of failure, on the other hand, there is generally a renewed conservatism that leads to new and untried design concepts that prove ironically to be eminently successful precisely because the design process proceeds cautiously from fundamentals and takes little for granted. As the new design form evolves and matures, however, the cautions attendant upon its introduction tend to be forgotten, and a new period of optimism and hubris ensues. This cyclic nature of the engineering design climate has been elaborated upon here and elsewhere and is supported by numerous case studies (see Petroski, 1985).

In his thesis on structural accidents and their causes, Sibly (1977) analyzed several large metal bridge failures in a design–historical context and showed that each of them occurred in a design climate characterized by increasing span length, increasing slenderness, increasing confidence in analysis, or decreasing factor of safety (cf. Sibly and Walker, 1977). Generally a combination of such circumstances exists and there are typically warning signs of impending trouble, but they are seldom if ever paid very explicit attention in the evolutionary design process.

CATCHING A TRIM

The process of accurately adjusting the state of a submarine to neutral buoyancy and longitudinal balance is termed ‘catching a trim’. This is an important operation which is carried out when a submarine first dives when going on patrol, having left harbour and started passage on the surface. It provides a datum state for the submarine from which subsequent changes in weight or buoyancy can be easily compensated for, and enabling subsequent checks on trim made regularly during the patrol to be soundly based. The importance of keeping in trim is heightened should a submarine be required to remain quiet for any length of time because the process of catching a trim involves running pumps and so tends to be noisy.

It is desirable that when the submarine first dives at the start of a patrol it should not be grossly out of trim, and this requires that a good approximation to being in trim should be achieved before diving. The first step towards that end should have been taken when the submarine returned to harbour from its previous patrol, because it ought then to have been in good trim. From then on all changes in weight, e.g. due to re-storing, are carefully recorded and adjustments made to the contents of the Trim and Compensation (T & C) Tanks in order to correct for them. A methodical way often used for the purpose is by means of a ‘trim crib’, which has been previously drawn up for the submarine and gives the change in amount of water in the T & C Tanks appropriate to each weight change expected to be made during storing.

TERMINOLOGY: SUBMERSIBLE AND SUBMARINE

2.1 There are fashions in the terms used to describe vessels capable of operating underwater, which are particularly evident when their history is under review. Some are well-established, like the preference for calling these vessels ‘boats’ rather than ‘ships’ even when – as applies to ballistic missile deploying submarines – their displacements are some tens of thousands of tons. Others, like the differentiation sometimes made between submersibles and submarines, are contentious and can be confusing. The argument for differentiating is that it was not until the advent of nuclear propulsion, and the associated atmospheric control capability enabling a boat to operate entirely submerged throughout a patrol of several months duration, that the ‘true’ submarine had arrived. The complementary picture of the submersible is that it describes a boat obliged to operate mainly on or near the sea surface – in order to have access to the atmosphere for oxygen for breathing and for combustion propulsion engines – and which submerges periodically when on patrol for the purposes of concealment, undertaking an attack with torpedoes or avoiding attack on itself.

Our preference is to use the term ‘submarine’ and we do so throughout this book with its primary focus on naval purposes. We prefer to leave use of the term submersible to commercial circumstances – if that is the wish of the workers in that field – in which it might more closely convey the modes of operation in use there. The fact remains that all submarine boats are submersible – used adjectivally – and to imply a sharp differentiation is misleading.

PURPOSE

4.1 We start this relatively brief chapter with an explanation of its purpose, because it is different in character from the other technical considerations involved in submarine design. In some ways it is not especially technical at all, but rather akin in nature to the debates on spatial design which architects indulge in. The issues which arise in consideration of the weight/space relationship for submarines might appear at first sight to be simple – they certainly are very basic – but that is deceptive because they become progressively more complicated as the relationship is explored in greater detail. Although the subject of weight and space and how they are related in submarine design is associated with hydrostatics, it goes beyond what can properly be treated under that heading because of the somewhat intangible nature of the relationship and its consequences in some regards as compared with the more matter of fact nature of hydrostatics.

The chapter is ultimately about ‘what determines the size of a submarine’? In a particular submarine design, does it have to be of a certain size to provide enough buoyancy to support its weight or does it have to be of that size to provide enough space for its contents, so that it then has more than enough buoyancy to support its weight? If the former, there would be some space to spare, so how could the extra space be utilised?