Search Results

Real-time critical systems are those whose failures may cause loss of transactions/data, missions/batches, vehicles/properties, or even people/human life. Accordingly, some regulations prescribe their maximum acceptable probability of failures to range from about 10−4 to 10−10 failures per hour. Examples of such systems are the ones involving nuclear plants, aircrafts, satellites, automobiles, or traffic controls. They are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754A Standard. Those systems include, most of the time, real time critical software that must be specified, designed, implemented, validated, verified and accredited (VVA). To do that, models, specially the V-Model, are frequently adopted, together with methods and tools which perform software VVA to ensure compliance (of correctness, reliability, robustness, etc.) of software to several specific standards such as DO178-B/DO-178C (aviation) or IEC 26262 (automotive) among others.

The aerospace and automotive electronic systems are getting more complex and/or highly integrated, as defined by ARP 4754A, making extensive use of microelectronics and digital memories which, in turn, operates in higher frequencies and lower voltages. In addition, the aircraft are flying in higher altitudes, and polar routes are getting more frequent. These factors raise the probability of occurrence of hazardous effects like the Single Event Upsets in their embedded electronic systems. These must be designed in a way to tolerate and assure the immunity to the Single Event Upsets, based upon criteria such as reliability, availability and criticality. This paper proposes an overview of an assurance process of immunity of embedded electronic systems to Single Event Upsets caused by ionizing particles by means of a review of literature and an analysis of standards as ECSS-E-ST-10-1, NASA Single Event Effects Criticality Analysis and IEC TS 62396-1.

Systems such as satellites, airplanes, cars and air traffic controls are becoming more complex and/or highly integrated. These systems integrate several technologies inside themselves, and must be able to work in very demanding environments, sometimes with few or none maintenance services due to their severe conditions of work. To survive such severe work conditions, the systems must present high levels of reliability, which are achieved through different approaches, processes, etc. These unfold in many: levels of aggregation (systems, subsystems, equipments, components, etc.), phases of their lifecycles (conception, design, manufacturing, assembly, integration, tests, operation, etc.), environments (land, sea, air, space, etc.), types of components/applications/experiences/technological communities (nuclear, aerospace, military, automotive, medical, commercial, etc.), leaded by the widespread use of semiconductors.

This work presents the analysis, design and simulation of the reconfigurable control architecture for the contingency mode of the MultiMission Platform (MMP). The MMP is a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other Sub-Modes, according to ground command or information coming from the control system, mainly alarms. The implementation followed the specifications when they were found, otherwise it was designed. They cover operations from detumbling after launcher separation and solar acquisition, to achieving payload nominal attitude and orbital corrections maneuvers. The manager block of the control system was implemented as a finite state machine. The tests are based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission, be it during modes or transitions between modes and submodes.

This work presents the first part of the analysis, design and simulation of the reconfigurable control architecture for the Multi-Mission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation. The implementation followed the specifications when they were found, otherwise it was designed. The manager block of the control system was implemented as a finite state machine. The tests were based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission.

The Multimission Platform (MMP) is a generic service module currently in Project at INPE. In the 2001 version, its control system can be switched between nine main Operation Modes and other submodes, according to information from satellite sensors and ground commands. The Nominal Mode stabilizes the MMP in three axes and takes it to a nominal attitude, using three reaction wheels. Each wheel has coarse and fine acquisition submodes. The use of multiple modes of control for specific situations frequently is simpler than projecting a single controller for all cases. However, besides being harder to warrant its general stability, the mere switching between these submodes generates bumps, which can reduce the performance and even damage the actuator or plant. In this work, we present an application of diverse methods to smooth the transition between control submodes of the Nominal Mode of the MMP.

This paper presents the automatic code generation process of the academic design of an Attitude Control System (ACS) for the Multi-Mission Platform (MMP). The MMP is a three axis stabilized artificial satellite now under development at the National Institute for Space Research (INPE). Such design applied some software engineering concepts as: 1)visual modeling; 2)automatic code generation; 3)automatic code migration; 4)soft real time simulation; and 5)hard real time simulation. A block diagram based modeling and a virtual time simulation of the MMP ACS in its nominal operational mode were built in the MatrixX 7.1 environment satisfying the three axis pointing and stabilization requirements. After that, its AutoCode module was used to generate C ANSI code representing the block diagram model. Four operating systems were used for code migration: 1)Windows 2000; 2)Mandrake Linux 10.1; 3)RedHawk Linux 2.1; and 4)RTEMS 4.6.2.

A constant challenge for the mobility engineering is to build correctly, the right product at the right time, cost and quality. This challenge gives opportunities to adopt new paradigms in system development, especially in generation, migration and tests of controller codes. This work presents the automatic generation, migration, and tests of real time code to an embedded controller. This is part of the Attitude and Orbit Control System (AOCS) for the Multi-Mission Platform (MMP) of the National Institute for Space Research (INPE). The modeling and simulation paradigm associated with automatic code generation makes possible the migration of a real time embedded controller code to a wide variety of target processors and/or Real Time Operating Systems (RTOS) using the same controller model. The MATRIXx (XMath/SystemBuild/AutoCode/DocumentIt) modeling and simulation environment was used to analyze and design the controller and generate its real time code.

Many control systems switch between control modes according to necessity. That is often simpler than designing a full control to all situations. However, this creates new problems, as determining the composed system stability and the transient during switching. The latter, while temporary, may introduce overshooting that degrade performance and damage the plant. This is particularly true for the MultiMission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other submodes, according to ground command or information coming from the control system, mainly alarms. It can acquire one and three axis stabilization in generic attitudes, with actuators including magnetotorquers, thrusters and reaction wheels.

Internet of Things (IoT) for real-time applications are demanding more and more high performance, precision, accuracy, modularity, integration, dependability and other attributes in a complex and/or highly integrated environment. Such systems need to provide coordination among the integrated components (e.g. sensors, computer, controller and networks) for enabling the application to take real-time measurements and to translate into controllable, observable and smart actions with strict timing requirements. Therefore, coordination and synchronization are required to ensure the controllable, observable and smart actions of real-time IoT systems. This paper shows the design issues about the coordination and synchronization in the internet of things applied to real-time applications. We also show the current coordination and synchronization techniques and their design issues when applied to IoT systems.

In this work we discuss current trends driving the aerospace and automotive systems architectures. This includes trends as: 1) pos-globalization and regionalization; 2) the formation of knowledge oligopolies; 3) commonality, standardization and even synergy (of components, tools, development process, certification agents, standards); 4) reuse and scalability; 5) synergy of knowledge and tools convergence; 6) time, cost and quality pressures and innovation speed; 7) environmental and safety issues; and 8) abundance of new technologies versus scarcity of skilled manpower to apply them.

This paper presents the first of four parts of the academic design of an Attitude Control System (ACS) for the Multi-Mission Platform (MMP) and its migration to a Real Time Operating System. The MMP is a three axis stabilized artificial satellite now under development at the National Institute for Space Research (INPE). Such design applied some software engineering concepts as: 1)visual modeling; 2)automatic code generation; 3)automatic code migration; 4)soft real time simulation; and 5)hard real time simulation. A block diagram based modeling and a virtual time simulation of the MMP ACS in its nominal operational mode were built in the MatrixX 7.1 environment satisfying the three axis pointing and stabilization requirements. After that, its AutoCode module was used to generate C ANSI code representing the block diagram model. Time characteristics were added to the ACS generated code to make it the real time control software of MMP nominal operational mode.

This work presents the distributed simulation of the longitudinal mode of an aircraft by using the DoD High Level Architecture (HLA). The HLA is a general-purpose architecture for simulation reuse and interoperability. This architecture was developed under the leadership of the Defense Modeling and Simulation Office (DMSO) to support reuse and interoperability across the large numbers of different types of simulations developed and maintained by the DoD. To do this, the transfer function of the longitudinal mode of a hypothetical aircraft was implemented by means of a SystemBuild/MATRIXx model. The output of this model was connected to a Run-Time Infrastructure (RTI) and monitored on a remote computer. The connection between the model and the RTI was implemented by using a wrapper which was developed in C++. The HLA RTI implementation used in this work was the poRTIco.

Eigenstructure techniques allow to detect and isolate faulty components in a dynamic process, such as sensor biases, actuator malfunctions, changes in dynamic parameters due to leaks and deterioration. Fault detection is the first step to achieve fault tolerance, but for this the redundancy has to be included in the system. This redundancy can be either by hardware or by software. In situations in which it is not possible to use hardware redundancy only the software redundancy can be used. Therefore using eigenstructure techniques, for the fault detection and isolation, the tests can be done through the angle between the residue vector direction and the fault direction vector. By this way, we can reduce false alarm and the alarm loss rates due to the noise and changes in system parameters.

The purpose of this work is Fault Detection and Diagnosis (FDD) on a Knock Sensor because some of the modern petrol engines operate on the efficient four-stroke cycle, where each cylinder of the engine contains an intake and exhaust poppet valve that is operated at the appropriate time. The ECM (Engine Control Module) uses the Knock Sensor signal to control timing. The Knock Sensor detects engine knock and sends voltage signal to the ECM. These signals can be sufficient to detect abnormal combustion, like ‘spark knock’ and ‘surface ignition’. Engine knock occurs within a specified range. The Knock Sensor, located in the engine block, cylinder head, or intake manifold is tuned to detect that frequency, which motivates the use of signal models for detection. But this sensor is a wide-band accelerometer of the piezoelectric type too. Analogy with a general seismic mass system is possible since it is a general damped second order vibrating system which is forced into oscillatory motion.

This works presents the generation and customization of real time code for embedded controllers using a modeling and simulation environment. When the controller model is considered satisfactory, the developers can use a code generation tool to build a real time source code capable to be migrated to an embedded target processor. The code generation tool used is capable to generate real time code in ANSI C or ADA 95 languages. This process can be customized to adequate to a target processor and/or a Real Time Operating System (RTOS). The code customization can be achieved using a specific Template Programming Language (TPL) that specifies how the code will be generated. This technique makes it possible the instantiation of real time embedded controllers code using the same controller model to a wide variety of target processors and/or RTOSs.

The measure of time intervals with relatively high accuracy (of 1 milisecond, at least) in PC computers is a relatively hard task to solve. But this is essential for the digital simulation, with sensors in the loop, of fast control systems. This work allows the reading of the programmable internal timer 8253 present in a typical PC, reaching 1 ms resolution, at least, through a C high level language routine. The determination of the angular velocity of a 53M2-30H Contraves 3-axis dynamic simulator used in that simulation was improved by the use of this work, allowing the acquisition of consecutive measures of angles and angular velocities with a time interval smaller than 10 ms in some cases. Using this routine and other simulator control and monitoring softwares we estimated the angular velocity faster (100 ms × 210 ms)and better than the simulator Rate Readout Module, and used it in a fast real time control simulation.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics (sharing bus, delays, jitter,etc) to be considered at design time of a control system. This work focuses on the effect of sharing bus between the control system and the other devices connected to the bus foreigner to control. These last devices are called interferences. We intented to show, through simulations, the influence of sharing bus on real time control systems performance. To compare effects, we choose the CanBus protocol where the medium access control is event driven; and the TTP protocol where the medium access control is time driven.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well fitted architecture adopted by this trend is the Common Bus Network Architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics (sharing bus, delays, jitter etc.) to be considered at design time of a control system. This work focuses on the influences of data bus protocols on an aircraft Fly-By-Wire (FBW) networked control system. We intent to show, through simulations, the influences of sharing bus on a real time control system. To compare effects, we choose the CAN Bus protocol where the medium access control is event driven; and the TTP protocol where the medium access control is time driven.

Control systems that can switch between control or plant modes have the advantage of being simpler to design than an equivalent system with a single mode. However, the transition between these modes can introduce steps or overshootings in the state variables, and this can degrade the performance or even damage the system. This is can be of extreme importance in fields such as aerospace and automobilistic, as the switching between manual and autopilot modes or the switching of gears In this work, we will use integral criteria in original ways, to determine a coefficient on the system which should optimize the trajectory of the control signal, during the switching between two modes. Effectively, each transition will be done by a subsystem specific for it, according to the selected criterion. The simulations will be made in MATRIXx, MatLab or both, using models chosen from aerospace or automobilistic fields.