Future architecture of flight control systems

The development of fault tolerant embedded control systems such as flight control systems (FCS) are currently highly specialized and time-consuming. We introduce a conceptual architecture for the next decade control system where all control and logic are distributed to a number of computer nodes locally linked to actuators and connected via a communication network. In this way, we substantially reduce the life-cycle cost of embedded systems and attain scalable fault tolerance. All fault tolerance is based on redundancy. Our philosophy is to cover permanent faults with hardware replication and handle all error processing caused by both permanent and transient faults with software techniques. With intelligent nodes and use of inherent redundancy we introduce a robust and simple fault tolerant system that utilizes minimum hardware and has bandwidth requirements of less than 300 kbits/s, which can be met with an electrical bus. The study is based on an FCS for JAS 39 Gripen, a multi-role combat aircraft that is statically unstable at subsonic speed.     

Software implemented transient fault detection in space computer

Computer systems operating in space environment are subject to different radiation phenomena, whose effects are often called “Soft Error”. Generally, these systems employ hardware techniques to address soft-errors, however, software techniques can provide a lower-cost and more flexible alternative. This paper presents a novel, software-only, transient-fault-detection technique, which is based on a new control flow checking scheme combined with software redundancy. The distinctive advantage of our approach over other fault tolerance techniques is the lower performance overhead with the higher fault coverage. It is able to cope with transient faults affecting data and the program control flow. By applying the proposed technique on several benchmark applications, we evaluate the error detection capabilities by means of several fault injection campaigns. Experimental results show that the proposed approach can detect more than 98% of the injected bit-flip faults with a mean execution time increase of 153%.     

FC环形通信网络双余度容错的设计与实现

随着航电系统的发展,传统的通信网络传输速率已经不能满足发展需要,因此,FC协议作为新一代的高性能网络通信协议被引入到航电系统中.如何基于FC协议设计出满足航电系统应用需求的通信网络成为FC技术研究的关键.本文介绍了一种面向航电系统应用的基于FC通信协议的双余度环网的设计与实现方案,着重从软硬件两个方面对系统的容错设计给出了说明,最后对系统的容错能力进行了全面的验证.     

可模拟绕组内部故障的双馈风力发电半实物实时仿真平台

双馈风力发电机(DFIG)系统控制复杂,离线仿真与传统全实物的故障试验存在一定局限性。在控制功能强大的MATLAB/Simulink环境下构建基于dSPACE1007系统的双馈风力发电系统半实物实时仿真平台,解决可模拟绕组内部故障的实物电机、dSPACE与Simulink软件三方联调时的数据接口与控制问题。试验结果表明,该平台在DFIG定、转子匝间短路故障工况下,通过Control Desk界面可灵活改变控制参数及算法,实现电机绕组内部故障状态下的容错运行,为DFIG故障检测和容错控制研究提供硬件平台。     

面向雷达天线平台的容错纠错策略及其FPGA实现

 针对雷达天线平台可能出现的传感器故障,提出了一种容错纠错策略。如果雷达天线平台周围的3条驱动腿中的某一个传感器发生故障,则可根据空间闭链机构约束,由其他正常工作驱动腿的传感器和中间从动腿的冗余传感器的测量值计算出故障传感器的应测值。推导了对应的位移传感器故障的容错重构算法,研究了基于现场可编程门阵列（FPGA）的上述容错策略的硬件实现方法。通过引入坐标旋转数字计算（CORDIC）算法使得FPGA运算中只需进行基本的移位和加/减操作;设计了基于FPGA的循环高速流水线处理器结构,使得重构算法的在线计算速度大大提高。仿真模拟了突变型传感器故障,结果表明,所提容错纠错方案能有效地保证雷达天线平台运行的安全性和可靠性。     

Design by extrapolation: an evaluation of fault tolerant avionics

Over the past 30 years, safety-critical avionics systems such as Fly-By-Wire (FBW) flight controls, full-authority digital engine controls, and other systems have been introduced on many commercial and military airplanes and spacecraft. Early FBW systems, such as on the F-16 and Airbus A320, were considered revolutionary and introduced with extreme caution. These early systems and their successors all make use of redundant and fault-tolerant avionics to provide the required dependability and safety, but have used significantly different architectures. This paper examines the different levels of criticality and fault tolerance required by different types of avionics systems, establishes architectural categories of fault-tolerant architectures, and identifies the discriminating features of the varied approaches. Examples of discriminators include the level of redundancy, methods of engaging backup systems, protection from software errors, and the use of dissimilar hardware and software. The strengths and weaknesses of the approaches will be identified. The paper concludes with some speculation on trends for future systems based on this evaluation of previous systems     

Fault self-repair strategy based on evolvable hardware and reparation balance technology

In the face of harsh natural environment applications such as earth-orbiting and deep space satellites, underwater sea vehicles, strong electromagnetic interference and temperature stress,the circuits faults appear easily. Circuit faults will inevitably lead to serious losses of availability or impeded mission success without self-repair over the mission duration. Traditional fault-repair methods based on redundant fault-tolerant technique are straightforward to implement, yet their area, power and weight cost can be excessive. Moreover they utilize all plug-in or component level circuits to realize redundant backup, such that their applicability is limited. Hence, a novel selfrepair technology based on evolvable hardware（EHW） and reparation balance technology（RBT） is proposed. Its cost is low, and fault self-repair of various circuits and devices can be realized through dynamic configuration. Making full use of the fault signals, correcting circuit can be found through EHW technique to realize the balance and compensation of the fault output-signals. In this paper, the self-repair model was analyzed which based on EHW and RBT technique, the specific self-repair strategy was studied, the corresponding self-repair circuit fault system was designed, and the typical faults were simulated and analyzed which combined with the actual electronic devices. Simulation results demonstrated that the proposed fault self-repair strategy was feasible. Compared to traditional techniques, fault self-repair based on EHW consumes fewer hardware resources, and the scope of fault self-repair was expanded significantly.     

Reliability and safety analysis of redundant vehicle management computer system

Redundant techniques are widely adopted in vehicle management computer （VMC） to ensure that VMC has high reliability and safety. At the same time, it makes VMC have special characteristics, e.g., failure correlation, event simultaneity, and failure self-recovery. Accordingly, the reliability and safety analysis to redundant VMC system （RVMCS） becomes more difficult. Aimed at the difficulties in RVMCS reliability modeling, this paper adopts generalized stochastic Petri nets to establish the reliability and safety models of RVMCS. Then this paper analyzes RVMCS oper- ating states and potential threats to flight control system. It is verified by simulation that the reli- ability of VMC is not the product of hardware reliability and software reliability, and the interactions between hardware and software faults can reduce the real reliability of VMC obviously. Furthermore, the failure undetected states and false alarming states inevitably exist in RVMCS due to the influences of limited fault monitoring coverage and false alarming probability of fault mon- itoring devices （FMD）. RVMCS operating in some failure undetected states will produce fatal threats to the safety of flight control system. RVMCS operating in some false alarming states will reduce utility of RVMCS obviously. The results abstracted in this paper can guide reliable VMC and efficient FMD designs. The methods adopted in this paper can also be used to analyze other intelligent systems＇ reliability.     

基于交互多模估计策略的故障检诊方法

针对多模自适应（ＭＭＡＥ）故障检诊（ＦＤＤ）方法的局限性,提出了一种基于交互多模（ＩＭＭ）估计策略的动态系统中多重故障的检诊方法。交互多模估计是针对包含有结构以及参数的系统的一种效率较好的自适应估计技术,它提供了故障检测、诊断和状态估计的集中框架。通过对在传感器和作动器中含有多个故障飞机的仿真。结果表明,所提供的方法比其它方法能够更快、更可靠地检测和隔离出多重故障。     

Detection and diagnosis of sensor and actuator failures using IMMestimator

An approach to detection and diagnosis of multiple failures in a dynamic system is proposed. It is based on the interacting multiple-model (IMM) estimation algorithm, which is one of the most cost-effective adaptive estimation techniques for systems involving structural as well as parametric changes. The proposed approach provides an integrated framework for fault detection, diagnosis, and state estimation. It is able to detect and isolate multiple faults substantially more quickly and more reliably than many existing approaches. Its superiority is illustrated in two aircraft examples for single and double faults of both sensors and actuators, in the forms of “total”, “partial”, and simultaneous failures. Both deterministic and random fault scenarios are designed and used for testing and comparing the performance fairly. Some new performance indices are presented. The robustness of the proposed approach to the design of model transition probabilities, fault modeling errors, and the uncertainties of noise statistics are also evaluated     

Automated Learning Applied to Fault Diagnosis

Automated learning methods can be used to design fault diagnosis procedures. When the characteristics of the measurements that distinguish the various faults are unknown, they can be ``learned' from example measurements on faulty systems. A learning algorithm is presented for determining which of several possible faults exists in a system. The procedure is demonstrated on a system where the test conditions preclude the use of traditional diagnosis procedures. When applied to actual hardware, the experimental results show good agreement with the theoretical limit of diagnosability. The resulting diagnosis is faster, simpler, and requires fewer measurements than other methods.     

临近空间艇载计算机余度管理策略研究

平流层飞艇是可靠性要求很高的系统,需要由具有容错能力的艇载计算机来进行控制和管理。针对艇载计算机采用的余度结构进行了软件管理策略的研究和设计,提出了基于异构总线的握手机制节点故障检测方法、基于“看门狗”与“心跳”相结合的 CPU 故障检测方法、基于节点健康矩阵的互援式总线重构方法及基于有限状态机的多 CPU 并行处理系统自适应重构方法。故障注入试验表明,艇载计算机在遇到故障时能实时检测出故障,诊断故障类型,并对故障进行处理,实现系统重构,保证了平流层飞艇长期驻空时的安全飞行。     

Next generation functional test program development system

While superior-quality functional board test has been a goal for most high reliability electronics manufacturers, the time and effort for generating such test programs using today's tools and processes makes this difficult to achieve in a cost effective manner. This paper will introduce a revolutionary approach to functional board test program development that combines the comprehensiveness of software-based simulation with the speed and simplicity of hardware emulation. The result is a functional Test Program Set development system that can produce high fault coverage, diagnostic test programs in a fraction of the time it takes using traditional techniques, and at a lower unit cost. In this paper we will first provide a brief background on the strengths and weaknesses of current software and hardware TPS development techniques-simulation hot mock-up. Next, the new approach is described in detail and contrasted against the existing techniques. Finally, actual experience to date using a prototyped system is presented     

Optimal design of RTCs in digital circuit fault self-repair based on global signal optimization

Since digital circuits have been widely and thoroughly applied in various fields, electronic systems are increasingly more complicated and require greater reliability. Faults may occur in elec-tronic systems in complicated environments. If immediate field repairs are not made on the faults, elec-tronic systems will not run normally, and this will lead to serious losses. The traditional method for improving system reliability based on redundant fault-tolerant technique has been unable to meet the requirements. Therefore, on the basis of (evolvable hardware)-based and (reparation balance technology)-based electronic circuit fault self-repair strategy proposed in our preliminary work, the optimal design of rectification circuits (RTCs) in electronic circuit fault self-repair based on global sig-nal optimization is deeply researched in this paper. First of all, the basic theory of RTC optimal design based on global signal optimization is proposed. Secondly, relevant considerations and suitable ranges are analyzed. Then, the basic flow of RTC optimal design is researched. Eventually, a typical circuit is selected for simulation verification, and detailed simulated analysis is made on five circumstances that occur during RTC evolution. The simulation results prove that compared with the conventional design method based RTC, the global signal optimization design method based RTC is lower in hardware cost, faster in circuit evolution, higher in convergent precision, and higher in circuit evolution success rate. Therefore, the global signal optimization based RTC optimal design method applied in the elec-tronic circuit fault self-repair technology is proven to be feasible, effective, and advantageous.     

Flight-critical distributed systems: design considerations [avionics]

With the proliferation of so-called "smart" components and the availability of small, low-cost, and high-speed data networks, avionics that have traditionally been centralized are becoming distributed. A distributed approach offers many potential benefits, such as reduced development time and cost, simplified system installation, increased flexibility for system expansion or modifications, and greater reuse of proven components. The distributed approach can also reduce the risk associated with design errors by splitting complex hardware and software into more manageable components. However, distributed systems also introduce new challenges in meeting real-time deadlines and providing fault tolerance. This paper examines the many design considerations and identifies the strengths and weaknesses of each. Emerging automotive drive-by-wire alternatives are compared for application to aerospace systems. This paper is based on a Draper Laboratory-sponsored effort to look at flight-critical distributed systems and to evaluate emerging hardware and software for building them.     

Reducing the risks of using Ada onboard the Space Station

The Ada programming language was chosen by NASA as the primary computer programming language for the development of new software for the US Space Station. Ada was selected based on the results of investigations coordinated through Johnson Space Center (JSC) and that resulted in the identification of a set of problems and risks associated with using software developed in Ada. Some of the specific solutions to problems identified through these investigations are described. Three areas in which Ada's use poses risks are discussed: real-time process control; the testing and verification of flight software for man-rated systems; and software error detection, identification, and recovery required in safety-critical systems     

An Engineering Approach to Software Configuration Management

Increasingly, digital computers are being incorporated as major hard-ware subsystems in today's large support and operational systems. As a result, computer programs and complex operational procedures, software, are also becoming major system elements. Contrary to much current practice, software must be managed, engineered, and controlled in the same manner as hardware if past pitfalls are to be avoided. NASA's NPC 500-1 and the USAF 375 series establish a basis for an effective hardware/software systems development methodology that must be adopted by both hardware and software engineers and managers.     

一种小型化高性能综合处理系统的设计与实现

针对直升机、无人机等中小型航空飞行器控制成本以数量取胜的要求以及重量、环境散热的限制,设计了一种用于中小型航空飞行器航空电子系统的小型化高性能综合处理系统。分析了中小航电系统处理需求,讨论了综合处理机系统硬件组成和软件配置,介绍了功能模块标准化设计、高密度低功耗设计以及多级容错设计等关键技术,实现了原型系统并获得了其性能测试结果。     

基于改进Q学习的IMA系统重构蓝图生成方法

重构蓝图定义了故障状态下系统软硬件资源的重新配置方案,是实现综合模块化航空电子系统重构容错的关键。提出了一种基于改进Q学习的重构蓝图生成方法,综合考虑负载均衡、重构影响、重构时间、重构降级等多优化目标,并应用模拟退火框架改进探索策略,提高了传统Q学习算法的收敛性能。实验结果表明,与模拟退火算法、差分进化算法、传统Q学习算法相比,本文提出的改进Q学习算法效率更高,所生成重构蓝图质量更高。     

基于自组织神经网络的软件功能测试数据自动生成

针对面向软件功能的测试数据自动生成问题,提出了一种动态自组织特征映射方法,用于生成揭示软件功能故障的测试数据(简称故障数据)。该方法主要有两部分组成,①采用具有全局多峰搜索特性的小生境遗传算法,在输入空间内搜索功能测试数据,生成少量的初始故障数据;②由初始故障数据,采用具有联想和分类能力的可变结构自组织特征映射,不断迭代生成大量相近而不同的故障数据,以便给开发者提供引发这些软件故障的信息,从而确定软件故障行为的模式或假设。用某型空空导弹发射控制软件进行了实验,运行结果表明了方法的有效性,故障数据生成效率高于遗传算法和随机法。