SIFT: Design and analysis of a fault-tolerant computer for aircraft control (original) (raw)
Related papers
Design of Fault Tolerant Control Systems: a Flight Simulator Experiment
IFAC Proceedings Volumes, 2009
This paper discusses a method for developing fault tolerant flight control systems. The ultimate goal is to increase aircraft safety and autonomy. The research work draws expertise from actions undertaken within European Flight Mechanics Action Group (FM-AG(16)) on Fault Tolerant Control (FTC), which develops a collaborative effort in Europe to create new FTC technologies that significantly advance the goals of the aviation safety. The methodology is developed within the H ∞ setting and is applied to a Trimmable Horizontal Stabilizer (THS) runaway fault. Fault compensability properties are discussed and in order to show the efficiency of the proposed method, a flight test campaign which was carried out within the FM-AG(16) project is presented. A key feature of the proposed strategy is that the design of the fault tolerant control loop is done without removing the validated and certified nominal flight control system (FCS).
Fault-tolerant computing concepts for aerospace applications—a survey
Proceedings of the Indian Academy of Sciences Section C: Engineering Sciences
A fault-tolerant computing system performs its intended functions irrespective of the occurrence of certain failures. As the system becomes more and more reliable with built-in fanlt-tolerance, its analysis, validation and comparison with another system become formidable tasks. Such a study involves issues such as fault classification, figures of merit, fault-tolerant architectures, coverage estimation and automated methods of reliability evaluation. This paper provides a comprehensive survey of all these topics. The new concept of performability, which combines both the performance and the reliability of a system, and the configuration optimisation of a gracefully degradable computing system are also discussed.
MODELLING AND SIMULATION OF A FAULT-TOLERANT FLIGHT CONTROL SYSTEM
International Journal of Modelling and Simulation, 2006
ABSTRACT This paper describes the results of an attempt to develop a modelling and simulation environment for the closed-loop dynamics of the NASA Intelligent Flight Control System F-15 aircraft. Emphasis was placed on the modelling of fault tolerance capabilities for the aircraft fight control system. Failures of the primary control surfaces are simulated for the most common failure scenarios, which are actuator blockage with and without a missing portion of the control surface. The controller featured in the flight control system has an optimal "feedforward and feedback" architecture to provide desirable handling qualities at nominal flight conditions while retaining good performance at post-failure conditions. The parameters within the control laws are updated using an online real-time parameter identification scheme based on the Fourier Transform Regression method. The desirable performance and utility of the entire scheme are illustrated through numerical simulations in the event of stabilator failure.
Some remarks about aircraft control and navigation system as reliable fault tolerant system
Pomiary, Automatyka, Kontrola, 2011
This paper presents some remarks about making more reliable aircraft control and navigation system. On simple examples the author presents the influence of architecture of a fault tolerant system on its reliability. The proposed description of fault diagnosis procedures and control reconfiguration enables preparation and analysis of a fault tolerant system.
Design of fault tolerant flight control system
WSEAS Transactions on Systems and Control, 2010
The purpose of the paper is to present an approach to detect, isolate and accommodate the sensor or actuator faults using bank of observer and unknown input observers (UIO). Full order observers, reduced order observers, unknown input observers and Kalman Filter are widely used in state estimations . After the estimation of states, fault detection and isolation can be provided by conducting residual analysis. Despite the existence of unknown inputs, fault detection and isolation is implemented for a very large, four-engined, cargo jet aircraft model. Sensor accommodation is realized via switching under redundant sensor existence assumption. Actuator accommodation is provided by gain scheduling. Hence, if a fault occurs in an actuator corresponding to the control surfaces, the remainder (n-1) actuators are used to avoid hazardous flight regime. Sensor or actuator faults are detected by using residuals. Sensor faults are effective on the outputs while actuator faults are effective on the state equations. Fault isolation is implemented by taking into account that each residual is sensitive to all of the other faults but one fault. Fault detection, isolation and accommodation are shown to be functional through the simulations.
Unmanned Aerial Vehicle ( UAV ) : Fault Tolerant Design
2016
There have been increase in the number of Unmanned Aerial Vehicles (UAVs) since the past decade. UAV is a vehicle with no pilot aboard equipped with weapon systems or surveillance systems. These can be controlled by operator, on the ground or fully autonomously, by onboard computers. Just as in other field of aviation, faults and failures are present in the operation of UAV. When faults occur, conventional systems may not be able to adapt resulting in instabilities or even mission failure. Hence there must be a system with capabilities which can withstand faults and failure without making cost of malfunction too great. To withstand these faults and failure, either redundant hardware or intelligent system program can be incorporated in the UAV. Since, Hardware-in-loop will add to more weight and complexity, therefore a fault tolerant program embedded in onboard computer of UAV is preferred. In this study, a software system is presented for the identified faults and failures that can ...
A performance evaluation of the software-implemented fault-tolerancecomputer
Journal of Guidance, Control, and Dynamics, 1986
The results of a performance evaluation of the Software-Implemented Fault-Tolerance (SIFT) computer system conducted in the NASA Avionics Integration Research Laboratory are presented. The essential system functions are described and compared to both earlier design proposals and subsequent design improvements. Using SIFT's specimen task load, the executive tasks, such as reconfiguration, clock synchronization, and interactive consistency, are found to consume significant computing resources. Together with other system overhead (e.g., voting and scheduling), the operating system overhead is in excess of 60%. The authors propose specific design changes that reduce this overhead burden significantly.
Formal Techniques for Synchronized Fault-Tolerant Systems
We present the formal verification of synchronizing aspects of the Reliable Computing Platform (RCP), a fault-tolerant computing system for digital flight control applications. The RCP uses NMR-style redundancy to mask faults and internal majority voting to purge the effects of transient faults. The system design has been formally specified and verified using the Ehdm verification system. Our formalization is based on an extended state machine model incorporating snapshots of local processors' clocks. Key Words -- Clock synchronization, correctness proofs, fault tolerance, formal methods, majority voting, modular redundancy, theorem proving, transient fault recovery. 1 Introduction NASA is engaged in a major research effort towards the development of a practical validation and verification methodology for digital fly-by-wire control systems. Researchers at NASA Langley Research Center (LaRC) are exploring formal verification as a candidate technology for the elimination of desig...
Rigorous development of an embedded fault-tolerant system based on coordinated atomic actions
IEEE Transactions on Computers, 2002
Member, IEEE Computer Society AbstractÐThis paper describes our experience using coordinated atomic (CA) actions as a system structuring tool to design and validate a sophisticated and embedded control system for a complex industrial application that has high reliability and safety requirements. Our study is based on an extended production cell model, the specification and simulator for which were defined and developed by FZI (Forschungszentrum Informatik, Germany). This ªFault-Tolerant Production Cellº represents a manufacturing process involving redundant mechanical devices (provided in order to enable continued production in the presence of machine faults). The challenge posed by the model specification is to design a control system that maintains specified safety and liveness properties even in the presence of a large number and variety of device and sensor failures. Based on an analysis of such failures, we provide in this paper details of: 1) a design for a control program that uses CA actions to deal with both safety-related and fault tolerance concerns and 2) the formal verification of this design based on the use of model-checking. We found that CA action structuring facilitated both the design and verification tasks by enabling the various safety problems (involving possible clashes of moving machinery) to be treated independently. Even complex situations involving the concurrent occurrence of any pairs of the many possible mechanical and sensor failures can be handled simply yet appropriately. The formal verification activity was performed in parallel with the design activity and the interaction between them resulted in a combined exercise in ªdesign for validationº; formal verification was very valuable in identifying some very subtle residual bugs in early versions of our design which would have been difficult to detect otherwise.