Search Results

Companies are gradually developing: 1) complex and/or highly integrated systems including vehicles (as satellites, airplanes, cars, etc.) or equipment (as computers, cell phones, no breaks, etc.) to use under 2) increasingly varied or inhospitable environments, and to survive under 3) increasingly long life cycles and unavoidable changes in staff & facilities & technologies. The overall decision to use (by time, cost, quality, of functions, services, etc.) such end systems under 2 require 4) high Dependability (Reliability, Maintainability, Availability, Correction, Safety, Security, etc.) of them. The overall survival in use (by health monitoring, housekeeping, retrofit, upgrade, etc.) of such end systems under 3 require 5) high Suportability (Maintainability, Adaptability, Availability, Robustness, etc.) of them coupled with the support systems.

Currently, aerospace and automotive industries are developing complexand/or highly integrated systems, whose services require greater confidence to meet a set of specifications that are increasingly demanding, such as successfully operating a communications satellite, a commercial airplane, an automatic automobile, and so on. To meet these requirements and expectations, there is a growing need for fault treatment, up to predict faults and monitor the health of the components, equipment, subsystems or systems used. In the last decades, the approaches of 1) Fault Prevention, 2) Fault Detection/Tolerance and 3) Fault Detection/Correction have been widely studied and explored.

The increasing use of embedded electronics in aerospace and automotive vehicles increases the designers' concern regarding the reliability of the components as well as the reliability of their interconnections. The discussion about the most appropriate method for assessing the reliability of solder joints for a given application is an ever-present theme in the literature. Several methods of prediction have been developed for assessing the reliability of solder joints. The standard method established by the industries for assessing reliability of solder joints is the thermal cycling. However, when the thermal distributions in real applications are studied, particularly in some electronic components used in on-board electronics of space systems, the thermal cycling does not represent what actually happens in practice in the packaging.

Modeling and Simulation (M&S) of dynamic systems based on computers is a multidisciplinary field that involves several knowledge areas and tools, and is broadly used in all development areas of space industry such as rocket and satellite design and construction. Once space systems are divided into several subsystems for ease of engineering, their models are divided the same way for the same reason. Such models may be done using different computational tools that are based on either physical flows, informational flows, or hybrid flows, depending on the subsystem nature. This is specially true for a satellite propulsion subsystem, and its physical (volume, mass, energy, enthalpy, entropy, linear momentum, etc.) flows. This paper presents the modeling and simulation of a satellite propulsion subsystem by physical and signal flows. To accomplish this task, two different computational tools were used: AMESim and MatLab.

Real-time critical systems are those whose failures may cause loss of transactions/data, missions/batches, vehicles/properties, or even people/human life. Accordingly, some regulations prescribe their maximum acceptable probability of failures to range from about 10−4 to 10−10 failures per hour. Examples of such systems are the ones involving nuclear plants, aircrafts, satellites, automobiles, or traffic controls. They are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754A Standard. Those systems include, most of the time, real time critical software that must be specified, designed, implemented, validated, verified and accredited (VVA). To do that, models, specially the V-Model, are frequently adopted, together with methods and tools which perform software VVA to ensure compliance (of correctness, reliability, robustness, etc.) of software to several specific standards such as DO178-B/DO-178C (aviation) or IEC 26262 (automotive) among others.

Current systems such as: satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754 Standard. Such systems and their control systems use many modes of operation and many forms of redundancy to achieve high levels of performance and high levels of reliability under changing environments and phases of their lifecycle. The environment disturbances, environment variability, plant non-linear dynamics, plant wear, plant faults, or the non-symmetric plant operation may cause de-synchronization in phase or time among: 1) simultaneous units in the same normal mode of operation; 2) successive units in successive normal modes of operation; 3) main and spare units from normal to faulty modes of operation. So, techniques to reduce those causes or their effects are becoming important aspects to consider in the design of such systems.

The architecture is a concept very broad and important that is directly connected to the realization of a system. It defines what the system is capable of doing, how it accomplishes its mission and how the system is. Currently, the development of system architectures is considered a domain of knowledge where science meets art. In some specific areas, the methods on the development of system architectures are already well formalized. However, when analyzing the evaluation of system architectures such as those for multi-domain control systems, it is clear that there is still much room for rationalization. In these cases, the search for new methods for the evaluation of system architectures is currently in the state of art. In this work we discuss methods used in the verification and validation of control systems architectures of cyber-physical systems based on models and systems metrics.

In this work we discuss current trends driving the aerospace and automotive systems architectures. This includes trends as: 1) pos-globalization and regionalization; 2) the formation of knowledge oligopolies; 3) commonality, standardization and even synergy (of components, tools, development process, certification agents, standards); 4) reuse and scalability; 5) synergy of knowledge and tools convergence; 6) time, cost and quality pressures and innovation speed; 7) environmental and safety issues; and 8) abundance of new technologies versus scarcity of skilled manpower to apply them.

Many control systems switch between control modes according to necessity. That is often simpler than designing a full control to all situations. However, this creates new problems, as determining the composed system stability and the transient during switching. The latter, while temporary, may introduce overshooting that degrade performance and damage the plant. This is particularly true for the MultiMission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other submodes, according to ground command or information coming from the control system, mainly alarms. It can acquire one and three axis stabilization in generic attitudes, with actuators including magnetotorquers, thrusters and reaction wheels.

This paper presents the preliminary results of an "a posteriori" exercise of application of a Requirements Traceability Automation Tool (RT tool) to a set of documents. The documents have been prepared according to established Space System Engineering methodologies and with attention to text quality, but without attention to requirements traceability because the processes and methodologies used during their preparation predates the emergence of the processes and methodologies developed by Requirements Engineering (RE). This study is intended to determine some of the benefits of using a RT tool when compared with the previously used processes and methodologies. The set of documents under scrutiny have been prepared in the frame of the development of the CBERS-3 satellite (China-Brazil Earth Resources Satellite) and is composed of system, subsystem and equipment specification and covering documents related to the Electrical Power Subsystem (EPS) of the satellite.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well-fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics that must be considered at the design time of a control system. This work, still in development, focuses on a worst case formula for a communication (TDMA) plus computation (RMS) on a NCS. This formula, in a first instance, agrees with the simulated cases under the hypotheses and conditions when the NCS is composed by 1 actuator - 1 sensor and when is composed by 2 actuators - 2 sensors. In the future, we intend to generalize this formula and extend this study to NCS that uses other communication protocols or others computer schedulers.

On several engineering applications high Reliability is one of the most wanted features. The aspects of Reliability play a key role in design projects of aircraft, spacecraft, automotive, medical, bank systems, and so, avoiding loss of life, property, or costly recalls. The highly reliable systems are designed to work continuously, even upon external threats and internal Failures. Very convenient is the fact that the term 'Failure' may have its meaning tailored to the context of interesting, as its general definition refers to it as "any deviation from the specified behavior of a system". The above-mentioned 'deviation' may refer to: performance degradation, operational misbehavior, deviation of environmental qualification levels, Safety hazards, etc. Nevertheless, Reliability is not the only requirement for a modern system. Other features as Availability, Integrity, Security and Safety are always part of the same technical specification, in a same level of importance.

This work presents the analysis, design and simulation of the reconfigurable control architecture for the contingency mode of the MultiMission Platform (MMP). The MMP is a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other Sub-Modes, according to ground command or information coming from the control system, mainly alarms. The implementation followed the specifications when they were found, otherwise it was designed. They cover operations from detumbling after launcher separation and solar acquisition, to achieving payload nominal attitude and orbital corrections maneuvers. The manager block of the control system was implemented as a finite state machine. The tests are based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission, be it during modes or transitions between modes and submodes.

This paper aims at discussing the use of dissimilar hardware architecture to mitigate DESIGN ERRORS in a flight control system application, as one of the possible design techniques that, combined with the usage of development processes, will satisfy the safety objectives for airborne systems. To accomplish its purpose, the paper starts by understanding the origins of DESIGN ERRORS in micro-coded devices and the concerns of airworthiness certification authorities (or simply certification authorities from now on). After that, an overview of the aeronautical industry efforts in terms of development processes and certification requirements to mitigate DESIGN ERRORS will be presented. At this point, the dissimilar architecture is proposed as an effective mean to mitigate the problem of DESIGN ERRORS. Finally, a Flight Control System application using dissimilar architecture is proposed as a case study.

This work presents the first part of the analysis, design and simulation of the reconfigurable control architecture for the Multi-Mission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation. The implementation followed the specifications when they were found, otherwise it was designed. The manager block of the control system was implemented as a finite state machine. The tests were based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission.

In this work we discuss some types of simulation architectures and standards, their characteristics and applications to the simulation and control of aerospace vehicles. This includes: the basic definitions, types and characteristics of simulators and simulations (physical, computational, hybrid, etc.; discrete events, discrete time, continuous time, etc; deterministic, stochastic, etc.) their basic compromise (simplicity x fidelity), their man-machine interfaces and interactions (virtual, constructive, live, etc.), their evolution law (time, events, mixed, etc.), their architectures (“stand-alone”, PIL, HIL, MIL, DIS, HLA, etc.), their standards (OMBA, SIMNET, ALSP, DIS, HLA 1.3, HLA 1516, ASIA, AP2633, etc.) and their applications to the simulation and control of aerospace vehicles. This is illustrated by some examples driven from the aerospace industry

This work presents the distributed simulation of the longitudinal mode of an aircraft by using the DoD High Level Architecture (HLA). The HLA is a general-purpose architecture for simulation reuse and interoperability. This architecture was developed under the leadership of the Defense Modeling and Simulation Office (DMSO) to support reuse and interoperability across the large numbers of different types of simulations developed and maintained by the DoD. To do this, the transfer function of the longitudinal mode of a hypothetical aircraft was implemented by means of a SystemBuild/MATRIXx model. The output of this model was connected to a Run-Time Infrastructure (RTI) and monitored on a remote computer. The connection between the model and the RTI was implemented by using a wrapper which was developed in C++. The HLA RTI implementation used in this work was the poRTIco.

Computer systems aboard aerospace vehicles have become more and more distributed in an attempt to solve “real-life” problems such as commonality and longevity of components and subsystems. On the other hand, distributed systems pose a much bigger challenge in system design than traditional, “monolithic” systems, whereby functions are performed by a single component combining hardware and software. “Determinism” (predictability in the occurrence of events), “causality” (temporal ordination of occurrence of events) and “synchronism” (simultaneousness in the occurrence of events) can be pointed out as major challenges in system design. This paper shall survey methods of analyzing determinism in network communications in distributed computer systems aboard aerospace vehicles in different network topologies using a representative model.

Nowadays, given the shrinking budgets and deadlines of the aerospace and automotive industries, the importance and need of the requirements engineering is becoming more and more evident. This means that progressively more users face a difficult task on the different environments of project development: 1) to write better requirements; and 2) to do it faster than ever. It would be nice if they had some tools to help them and abbreviate such a difficult task. This work summarizes the development of a new tool that does exactly that. Its wizard guides the user through the steps necessary to create good requirements when writting a requirements document, depending on the kind of requirements document desired. For example: there are significant differences between user requirements and system requirements documents. The wizard script is composed by a serie of questions related to the parts of the scheme to build a complete and effective requirement.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics (sharing bus, delays, jitter,etc) to be considered at design time of a control system. This work focuses on the effect of sharing bus between the control system and the other devices connected to the bus foreigner to control. These last devices are called interferences. We intented to show, through simulations, the influence of sharing bus on real time control systems performance. To compare effects, we choose the CanBus protocol where the medium access control is event driven; and the TTP protocol where the medium access control is time driven.