Search Results

This paper aims at discussing the use of dissimilar hardware architecture to mitigate DESIGN ERRORS in a flight control system application, as one of the possible design techniques that, combined with the usage of development processes, will satisfy the safety objectives for airborne systems. To accomplish its purpose, the paper starts by understanding the origins of DESIGN ERRORS in micro-coded devices and the concerns of airworthiness certification authorities (or simply certification authorities from now on). After that, an overview of the aeronautical industry efforts in terms of development processes and certification requirements to mitigate DESIGN ERRORS will be presented. At this point, the dissimilar architecture is proposed as an effective mean to mitigate the problem of DESIGN ERRORS. Finally, a Flight Control System application using dissimilar architecture is proposed as a case study.

Systems such as satellites, airplanes, cars and air traffic controls are becoming more and more complex and/or highly integrated. These systems integrate several technologies inside themselves, and must be able to work in very demanding environments, sometimes with few, or none, maintenance services, because of their severe conditions of work. To survive to such severe work conditions, the systems must present high levels of reliability, which are achieved through different approaches and processes. Therefore, it is necessary that the processes of decision analysis and making are progressively improved, taking into account experiences collected before by several technological communities, and then propose efficient modifications in the local processes. These experiences influence the proposition and improvement of several Reliability Standards Series taken by four different approaches and several technological communities.

On several engineering applications high Reliability is one of the most wanted features. The aspects of Reliability play a key role in design projects of aircraft, spacecraft, automotive, medical, bank systems, and so, avoiding loss of life, property, or costly recalls. The highly reliable systems are designed to work continuously, even upon external threats and internal Failures. Very convenient is the fact that the term 'Failure' may have its meaning tailored to the context of interesting, as its general definition refers to it as "any deviation from the specified behavior of a system". The above-mentioned 'deviation' may refer to: performance degradation, operational misbehavior, deviation of environmental qualification levels, Safety hazards, etc. Nevertheless, Reliability is not the only requirement for a modern system. Other features as Availability, Integrity, Security and Safety are always part of the same technical specification, in a same level of importance.

This paper presents an analytical and simulation study of the stabilization and improvement of the active vibration damping of a system modeled by a simple analog harmonic oscillator driven by discrete time control. Initially, this control is the Bilinear (or Tustin) s-z mapping equivalent of a continuous-time asymptotically stable Proportional plus Derivative (PD) control. It is tested with high values of the sampling period. It is shown that all classical mappings (Tustin, Schneider, etc.) tested may instabilize the system. To circumvent this, we propose and use a new (ST1) mapping that behaves better than the classical ones tested under the same conditions. We also model an active discrete control of a suspension of a vehicle, and compare the performance between the PD controllers designed by Bilinear and by the new (ST1) S-Z mappings, for this example.

In this work we discuss some types of simulators and simulations, their characteristics and applications to the simulation and control of aerospace vehicles. This includes: the basic definitions, types and characteristics of simulators and simulations (physical, computational, hybrid, etc.; discrete events, discrete time, continuous time, etc; deterministic, stochastic, etc.) their basic compromise (simplicity × fidelity), their man-machine interfaces and interactions (virtual, constructive, live, etc.), their evolution law (time, events, mixed, etc.), their architectures (“standalone”, PIL, HIL, MIL, DIS, HLA, etc.), their environments (discrete, continuous, hybrid, etc.) and their applications to the simulation and control of aerospace vehicles. This is illustrated by some examples driven from the aerospace industry

In this work we discuss some types of simulation environments and laboratories, their characteristics and applications to the simulation and control of aerospace vehicles. This includes: the basic definitions, types and characteristics of simulators and simulations (physical, computational, hybrid, etc.; discrete events, discrete time, continuous time, etc; deterministic, stochastic, etc.) their basic compromise (simplicity × fidelity), their man-machine interfaces and interactions (virtual, constructive, live, etc.), their evolution law (time, events, mixed, etc.), their architectures (“stand-alone”, PIL, HIL, MIL, DIS, HLA, etc.), and especially, their environments (discrete, continuous, hybrid, etc.) and laboratories (physical, computational, hybrid, etc.), and their applications to the simulation and control of aerospace vehicles. This is illustrated by some examples driven from the aerospace industry.

In this work we discuss some types of simulation architectures and standards, their characteristics and applications to the simulation and control of aerospace vehicles. This includes: the basic definitions, types and characteristics of simulators and simulations (physical, computational, hybrid, etc.; discrete events, discrete time, continuous time, etc; deterministic, stochastic, etc.) their basic compromise (simplicity x fidelity), their man-machine interfaces and interactions (virtual, constructive, live, etc.), their evolution law (time, events, mixed, etc.), their architectures (“stand-alone”, PIL, HIL, MIL, DIS, HLA, etc.), their standards (OMBA, SIMNET, ALSP, DIS, HLA 1.3, HLA 1516, ASIA, AP2633, etc.) and their applications to the simulation and control of aerospace vehicles. This is illustrated by some examples driven from the aerospace industry

Computer systems aboard aerospace vehicles have become more and more distributed in an attempt to solve “real-life” problems such as commonality and longevity of components and subsystems. On the other hand, distributed systems pose a much bigger challenge in system design than traditional, “monolithic” systems, whereby functions are performed by a single component combining hardware and software. “Determinism” (predictability in the occurrence of events), “causality” (temporal ordination of occurrence of events) and “synchronism” (simultaneousness in the occurrence of events) can be pointed out as major challenges in system design. This paper shall survey methods of analyzing determinism in network communications in distributed computer systems aboard aerospace vehicles in different network topologies using a representative model.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics (sharing bus, delays, jitter,etc) to be considered at design time of a control system. This work focuses on the effect of sharing bus between the control system and the other devices connected to the bus foreigner to control. These last devices are called interferences. We intented to show, through simulations, the influence of sharing bus on real time control systems performance. To compare effects, we choose the CanBus protocol where the medium access control is event driven; and the TTP protocol where the medium access control is time driven.

This work presents the distributed simulation of the longitudinal mode of an aircraft by using the DoD High Level Architecture (HLA). The HLA is a general-purpose architecture for simulation reuse and interoperability. This architecture was developed under the leadership of the Defense Modeling and Simulation Office (DMSO) to support reuse and interoperability across the large numbers of different types of simulations developed and maintained by the DoD. To do this, the transfer function of the longitudinal mode of a hypothetical aircraft was implemented by means of a SystemBuild/MATRIXx model. The output of this model was connected to a Run-Time Infrastructure (RTI) and monitored on a remote computer. The connection between the model and the RTI was implemented by using a wrapper which was developed in C++. The HLA RTI implementation used in this work was the poRTIco.

In this work we discuss current trends driving the aerospace and automotive systems architectures. This includes trends as: 1) pos-globalization and regionalization; 2) the formation of knowledge oligopolies; 3) commonality, standardization and even synergy (of components, tools, development process, certification agents, standards); 4) reuse and scalability; 5) synergy of knowledge and tools convergence; 6) time, cost and quality pressures and innovation speed; 7) environmental and safety issues; and 8) abundance of new technologies versus scarcity of skilled manpower to apply them.

Many control systems switch between control modes according to necessity. That is often simpler than designing a full control to all situations. However, this creates new problems, as determining the composed system stability and the transient during switching. The latter, while temporary, may introduce overshooting that degrade performance and damage the plant. This is particularly true for the MultiMission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other submodes, according to ground command or information coming from the control system, mainly alarms. It can acquire one and three axis stabilization in generic attitudes, with actuators including magnetotorquers, thrusters and reaction wheels.

This work presents the first part of the analysis, design and simulation of the reconfigurable control architecture for the Multi-Mission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation. The implementation followed the specifications when they were found, otherwise it was designed. The manager block of the control system was implemented as a finite state machine. The tests were based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission.

This work presents the analysis, design and simulation of the reconfigurable control architecture for the contingency mode of the MultiMission Platform (MMP). The MMP is a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other Sub-Modes, according to ground command or information coming from the control system, mainly alarms. The implementation followed the specifications when they were found, otherwise it was designed. They cover operations from detumbling after launcher separation and solar acquisition, to achieving payload nominal attitude and orbital corrections maneuvers. The manager block of the control system was implemented as a finite state machine. The tests are based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission, be it during modes or transitions between modes and submodes.

Systems such as satellites, airplanes, cars and air traffic controls are becoming more complex and/or highly integrated. These systems integrate several technologies inside themselves, and must be able to work in very demanding environments, sometimes with few or none maintenance services due to their severe conditions of work. To survive such severe work conditions, the systems must present high levels of reliability, which are achieved through different approaches, processes, etc. These unfold in many: levels of aggregation (systems, subsystems, equipments, components, etc.), phases of their lifecycles (conception, design, manufacturing, assembly, integration, tests, operation, etc.), environments (land, sea, air, space, etc.), types of components/applications/experiences/technological communities (nuclear, aerospace, military, automotive, medical, commercial, etc.), leaded by the widespread use of semiconductors.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well-fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics that must be considered at the design time of a control system. This work, still in development, focuses on a worst case formula for a communication (TDMA) plus computation (RMS) on a NCS. This formula, in a first instance, agrees with the simulated cases under the hypotheses and conditions when the NCS is composed by 1 actuator - 1 sensor and when is composed by 2 actuators - 2 sensors. In the future, we intend to generalize this formula and extend this study to NCS that uses other communication protocols or others computer schedulers.

Complex systems such as satellites, aircrafts, automobiles and air traffic controls are becoming increasingly complex and highly integrated as prescribed by the SAE ARP 4754 Standard. They integrate many technologies and they work in very demanding environments sometimes with little or no maintenance due to the severe conditions of operation. To survive such harsh operating conditions, they require very high levels of reliability, to be reached by a diversity of approaches, processes, components, etc. By their turn, the processes of analysis and decision making shall be improved progressively, as experience accumulates and suggests modifications and adaptations. According to this philosophy, in this work, we discuss a proposal for improving the results of the Reliability Analysis and FMEA/FMECA of the CBERS Satellite Program, conducted at the National Institute for Space Research-INPE, since 1987.

Systems such as satellites, aircrafts, automobiles and air traffic controls are becoming increasingly complex and highly integrated, as prescribed by the SAE ARP 4754 Standard. They integrate many technologies and they work in very demanding environments, sometimes with little or no maintenance, due to the severe conditions of operation. To survive such harsh operating conditions, they require very high levels of reliability, to be reached by a diversity of approaches, processes, components, etc. By their turn, the processes of analysis and decision making shall be improved progressively, as experience accumulates and suggests modifications. Most of this can be translated in models. According to this philosophy, in this work, we discuss the use of Model Based Reliability for improving the results of the Reliability Analysis and FMEA/FMECA of a satellite program, as those conducted at the National Institute for Space Research-INPE, since 1979.

Systems such as satellites, aircrafts, automobiles and air traffic controls are becoming increasingly complex and/or highly integrated, as prescribed by the standard SAE-ARP 4754A Standard. They integrate many technologies and they work in very demanding environments, sometimes with little or no maintenance, due to the severe conditions of operation. To survive such harsh operating conditions, they require very high levels of dependability, to be reached by a diversity of approaches, processes, components, etc. Some are suggested by the SAE-ARP-4754A as one of the highest level standards to be met. So, it is important to know it and its consequences for product and staff deeply. The aim of this paper is to present: a discussion on the standard SAE-ARP-4754A and a proposal for using it in product certification and qualification of staff.

Avionics Systems are increasingly used to perform safety-critical functions at high altitudes. But their increasing capacity and concentration of memory and logics leads to more frequent occurrences of single event upsets, especially in high altitudes. In this work we discuss the process of eliciting and validating requirements to handle single events upsets in avionic systems. To do that we initially summarize and update the concepts of radiation environment of the atmosphere, radiation induced errors, single event upsets, etc. presented in a previous paper. Then, we discuss some of their effects on avionic systems and ways of mitigation, reported in the literature. Finally, we discuss provisions to demand the adoption of such mitigation measures, and their sufficiency by transforming them into requirements, according to recommendations of compliance described in standards as SAE ARP 4754A and RTCA DO-254.