Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | irma-valentine |
View: | 25 times |
Download: | 0 times |
Aparna Kansal & Amy PritchettGeorgia Institute of Technology, Atlanta, GA
This work is funded by NASACurtis E. Hanson, Technical Monitor
Simulating Faults in Integrated Systems and their Impact on the Aircraft
33rd Digital Avionics Systems ConferenceOctober 5-9, 2014
Introduction
2
Aparna Kansal | 33rd Digital Avionics Systems Conference 3
Complex Integrated Aircraft Systems
Autopilot
Pilots
Fault Management
Adaptive Control
Sensors
Control Surfaces
4
Complex Systems
System Behavior
• Cannot be determined just by study of component behavior
Addition of Components • Increases system complexity
Safety and Hazards
• Difficult to consider all hazards in design
Emergence• Dynamic interactions between
components can cause unexpected behavior
Characteristics of Complex
SystemsConvenience
• Distributed, no central control• Convenient to develop system
components independently• Ease of maintenance and updating• Concept of emergence
Aparna Kansal | 33rd Digital Avionics Systems Conference
5Aparna Kansal | 33rd Digital Avionics Systems Conference
“Aerospace Recommended Practice 4754 Rev. A: Guidelines for Development of Civil Aircraft and Systems”, 2010.
Existing Guidelines for Validating Aircraft Components
Their Concerns: Conventional safety assessment
techniques inadequate Non-deterministic developmental
errors Unavailability of suitable numerical
methods for characterizing errors Large number of test cases required
Their Suggestions: Qualitative approach Top-down iterative approach from
aircraft-level downwards
Guidelines and recommended practices adopted by aircraft regulatory authorities large-scale aircraft systems
Functional System
Electronic Hardware Development Life-Cycle
(DO-254/ ED-80)
System Design
Information
Function, Failure & Safety Information
Safety Assessment Process Guidelines & Methods
(ARP 4761)
Aircraft & System Development Processes
(ARP 4754/ ED-79)
Guidelines for Integrated Modular Avionics (DO-297/ ED-124)
Software Development Life-Cycle
(DO-178C/ ED-12C)
Safety Assessment of Aircraft in Commercial Service (DO-178C/ ED-12C)
Operation
Development Phase In-Service/Operational Phase
Intended Aircraft
Function
Validation can be streamlined by directing testing around the construct of axioms, i.e.,• Assumptions and design considerations, and • System-level interactions due to the violation of these axioms
Simulation Approach
6
Aparna Kansal | 33rd Digital Avionics Systems Conference 7
Simulation Framework
Simulation-based model to identify emergent behavior arising due to interactions between aircraft components in an integrated system, through the violation of their key axiomatic conditions
• Component functions• Axiomatic set of
Conditions• Communication
Channels
• Aircraft dynamics• Aircraft state
variables
System Components
Aircraft
External Agent
• Violate axiom• Introduce
disturbance/fault
Simulation Framework Elements
Aparna Kansal | 33rd Digital Avionics Systems Conference 8
Simulation Execution
Identify component functions
Implement in simulation framework
Simulate fault introduction and recovery
• Apply model in simulation environment, introduce fault and recovery at fixed times
• Integrate components, apply aircraft model, set up faults due to axiom violation
• Emulate components as dynamic representations of key functions
Aparna Kansal | 33rd Digital Avionics Systems Conference 9
Scripts
Work Models
Simulation Environment: Work Models that Compute (WMC)
Actions
Agents
Resources
Scenario
Aircraft
Components
Environment
Resources
Case Study
10
Motivation
Script
Fault Management
Axiom:No control
reversal, sign is always known
6 DOF Aircraft
Sensors
Adaptive Control
Introduce Fault
Fault Detection Time
Repair Fault
12Aparna Kansal | 33rd Digital Avionics Systems Conference
Rudder Reversal USAir Flight 427, Boeing 737-300(September 8, 1994)
Rudder pedal/yaw damper input
Hydraulic Power Control Unit Input rod
Servo Valve slide movement
Rudder Panel movement
Wake Turbulence
Sudden yaw damper input rod movement
Servo valve slides jam
Left rudder movement with right input
Abnormal Condition Axiom:• Servo valve cannot jam/only
jam temporarily• Rudder application in
opposite direction will cause rudder to move towards neutral position
Complex System
Conditions
System Behavior
Axiom Violation
Aparna Kansal | 33rd Digital Avionics Systems Conference 13
Elevator Reversal: Simulation Configuration in WMC Co
mpo
nent
s •Adaptive Control: Adapts to change in dynamics to maintain aircraft stability
•Fault Management: Checks aircraft state and reports any fault to adaptive control
Axio
ms •Adaptive Control:
Direction of pitching moment is known for given elevator input
•Fault Management: Detect and notify fault to the adaptive control before loss of control
Airc
raft
Sta
te•6DOF Aircraft in continuous descent for landing from 31000 ft
•Aircraft state updated every 0.05 seconds
•Monitor elevator angle, altitude, vertical speed and pitch angle
Faul
t Int
rodu
ction
•Elevator reversal: Alt 10000 ft, IAS<250 kts, time 1000 sec
•Fault detected after certain time, updated to adaptive control
•Fault duration is varied
ADB C
Aparna Kansal | 33rd Digital Avionics Systems Conference 14
Elevator Reversal: Study
Onset of Control Reversal
1 sec
2 sec
5 sec
10 sec
12 sec
Conclusion
15
Aparna Kansal | 33rd Digital Avionics Systems Conference 16
Contributions
Outcomes from Case Study• Component failures can be simulated by violating component axioms to identify their
impact on the integrated system and the aircraft.• Such simulations can identify requirements for other components• The timing of components executing a task is an important criteria to consider
WMC Simulation Environment• Ability to allow a range of component models• Allows each component to specify its own update time • Using shared format for storing data as resources allows for simple models to be
generated quickly• Incorporating simple representations of component models is sufficient to obtain an
initial understanding of the effects of violating axioms• Its streamlined form allows for a large number of runs examining a number of test
cases in lesser time• As the design and test program progresses, potential also exists to include progressively
detailed – and ultimately complete – models of the components
Aparna Kansal | 33rd Digital Avionics Systems Conference 17
Contributions
Focusing Test Cases on Component Axioms• Helps quickly focus test cases on probable, though unexpected, adverse behaviors• Helps identify possible emergent behavior due to violation of assumptions made for the
functioning of the aircraft components• Looks at the effect on the integrated system as a whole when axioms of any component are
violated, which is required for validation of complex systems
Aparna Kansal | 33rd Digital Avionics Systems Conference 18
Acknowledgements
Mr. Curtis E. Hanson, NASA Armstrong Flight Research Center, Technical Monitor
VELCRO Research Team
CEC Lab Members
This work is sponsored by:The National Aeronautics and Space Administration
Aparna Kansal | 33rd Digital Avionics Systems Conference 19
References
Johnson, E.N. and Calise, A.J., “Limited Authority Adaptive Flight Control for Reusable Launch Vehicles,” AIAA Journal of Guidance, Control, and Dynamics, Vol. 26, No. 6, pp. 906-913, 2003.
Johnson, E.N. and Pritchett, A.R., “Generic Pilot and Flight Control Model for Use in Simulation Studies,” AIAA Modeling and Simulation Technologies Conference, 2003.
Pritchett, A.R., Feigh, K.M., Kim, S.Y. and Kannan, S., “Work Models that Compute to Support the Design of Multi-Agent Concepts of Operation,” AIAA Journal of Aerospace Information Systems, to appear 2014.
Thank You!
Questions?
20