200 likes | 305 Views
Simulating Faults in Integrated Systems and their Impact on the Aircraft. 33 rd Digital Avionics Systems Conference October 5-9, 2014. Aparna Kansal & Amy Pritchett Georgia Institute of Technology, Atlanta, GA This work is funded by NASA Curtis E. Hanson, Technical Monitor.
E N D
Simulating Faults in Integrated Systems and their Impact on the Aircraft 33rd Digital Avionics Systems Conference October 5-9, 2014 Aparna Kansal & Amy Pritchett Georgia Institute of Technology, Atlanta, GA This work is funded by NASA Curtis E. Hanson, Technical Monitor
Complex Integrated Aircraft Systems Fault Management Sensors Adaptive Control Autopilot Control Surfaces Pilots Aparna Kansal | 33rd Digital Avionics Systems Conference
Complex Systems • System Behavior • Cannot be determined just by study of component behavior • Addition of Components • Increases system complexity • Convenience Characteristics of Complex Systems • Safety and Hazards • Difficult to consider all hazards in design • Distributed, no central control • Convenient to develop system components independently • Ease of maintenance and updating • Concept of emergence • Emergence • Dynamic interactions between components can cause unexpected behavior Aparna Kansal | 33rd Digital Avionics Systems Conference
Safety Assessment Process Guidelines & Methods (ARP 4761) Safety Assessment of Aircraft in Commercial Service (DO-178C/ ED-12C) Existing Guidelines for Validating Aircraft Components Intended Aircraft Function Function, Failure & Safety Information System Design Information Aircraft & System Development Processes (ARP 4754/ ED-79) Functional System Guidelines and recommended practices adopted by aircraft regulatory authorities large-scale aircraft systems Their Concerns: • Conventional safety assessment techniques inadequate • Non-deterministic developmental errors • Unavailability of suitable numerical methods for characterizing errors • Large number of test cases required Their Suggestions: • Qualitative approach • Top-down iterative approach from aircraft-level downwards Operation Guidelines for Integrated Modular Avionics (DO-297/ ED-124) • Validation can be streamlined by directing testing around the construct of axioms, i.e., • Assumptions and design considerations, and • System-level interactions due to the violation of these axioms Electronic Hardware Development Life-Cycle (DO-254/ ED-80) Software Development Life-Cycle (DO-178C/ ED-12C) Development Phase In-Service/Operational Phase “Aerospace Recommended Practice 4754 Rev. A: Guidelines for Development of Civil Aircraft and Systems”, 2010. Aparna Kansal | 33rd Digital Avionics Systems Conference
Simulation Framework • System Components • Component functions • Axiomatic set of Conditions • Communication Channels • Aircraft • Aircraft dynamics • Aircraft state variables Simulation Framework Elements • External Agent • Violate axiom • Introduce disturbance/fault • Simulation-based model to identify emergent behavior arising due to interactions between aircraft components in an integrated system, through the violation of their key axiomatic conditions Aparna Kansal | 33rd Digital Avionics Systems Conference
Simulation Execution • Identify component functions • Emulate components as dynamic representations of key functions • Implement in simulation framework • Integrate components, apply aircraft model, set up faults due to axiom violation • Simulate fault introduction and recovery • Apply model in simulation environment, introduce fault and recovery at fixed times Aparna Kansal | 33rd Digital Avionics Systems Conference
Simulation Environment: Work Models that Compute (WMC) Scenario Scripts Work Models Environment Agents Actions Resources Resources Aircraft Components Aparna Kansal | 33rd Digital Avionics Systems Conference
Motivation Adaptive Control Sensors Axiom: No control reversal, sign is always known Introduce Fault Script 6 DOF Aircraft Repair Fault Fault Detection Time Fault Management
Abnormal Condition Axiom: • Servo valve cannot jam/only jam temporarily • Rudder application in opposite direction will cause rudder to move towards neutral position Rudder Reversal USAir Flight 427, Boeing 737-300(September 8, 1994) Conditions Complex System System Behavior Axiom Violation Aparna Kansal | 33rd Digital Avionics Systems Conference
Elevator Reversal: Simulation Configuration in WMC C B D A • Adaptive Control: Adapts to change in dynamics to maintain aircraft stability • Fault Management: Checks aircraft state and reports any fault to adaptive control • Adaptive Control: Direction of pitching moment is known for given elevator input • Fault Management: Detect and notify fault to the adaptive control before loss of control • 6DOF Aircraft in continuous descent for landing from 31000 ft • Aircraft state updated every 0.05 seconds • Monitor elevator angle, altitude, vertical speed and pitch angle • Elevator reversal: Alt 10000 ft, IAS<250 kts, time 1000 sec • Fault detected after certain time, updated to adaptive control • Fault duration is varied • Components • Axioms • Aircraft State • Fault Introduction Aparna Kansal | 33rd Digital Avionics Systems Conference
Elevator Reversal: Study 1 sec 2 sec 5 sec 10 sec 12 sec Onset of Control Reversal Aparna Kansal | 33rd Digital Avionics Systems Conference
Contributions • Outcomes from Case Study • Component failures can be simulated by violating component axioms to identify their impact on the integrated system and the aircraft. • Such simulations can identify requirements for other components • The timing of components executing a task is an important criteria to consider • WMC Simulation Environment • Ability to allow a range of component models • Allows each component to specify its own update time • Using shared format for storing data as resources allows for simple models to be generated quickly • Incorporating simple representations of component models is sufficient to obtain an initial understanding of the effects of violating axioms • Its streamlined form allows for a large number of runs examining a number of test cases in lesser time • As the design and test program progresses, potential also exists to include progressively detailed – and ultimately complete – models of the components Aparna Kansal | 33rd Digital Avionics Systems Conference
Contributions Aparna Kansal | 33rd Digital Avionics Systems Conference Focusing Test Cases on Component Axioms • Helps quickly focus test cases on probable, though unexpected, adverse behaviors • Helps identify possible emergent behavior due to violation of assumptions made for the functioning of the aircraft components • Looks at the effect on the integrated system as a whole when axioms of any component are violated, which is required for validation of complex systems
Acknowledgements Mr. Curtis E. Hanson, NASA Armstrong Flight Research Center, Technical Monitor VELCRO Research Team CEC Lab Members This work is sponsored by: The National Aeronautics and Space Administration Aparna Kansal | 33rd Digital Avionics Systems Conference
References • Johnson, E.N. and Calise, A.J., “Limited Authority Adaptive Flight Control for Reusable Launch Vehicles,” AIAA Journal of Guidance, Control, and Dynamics, Vol. 26, No. 6, pp. 906-913, 2003. • Johnson, E.N. and Pritchett, A.R., “Generic Pilot and Flight Control Model for Use in Simulation Studies,” AIAA Modeling and Simulation Technologies Conference, 2003. • Pritchett, A.R., Feigh, K.M., Kim, S.Y. and Kannan, S., “Work Models that Compute to Support the Design of Multi-Agent Concepts of Operation,” AIAA Journal of Aerospace Information Systems, to appear 2014. Aparna Kansal | 33rd Digital Avionics Systems Conference
Thank You! Questions?