Search Results

This paper aims at discussing the use of dissimilar hardware architecture to mitigate DESIGN ERRORS in a flight control system application, as one of the possible design techniques that, combined with the usage of development processes, will satisfy the safety objectives for airborne systems. To accomplish its purpose, the paper starts by understanding the origins of DESIGN ERRORS in micro-coded devices and the concerns of airworthiness certification authorities (or simply certification authorities from now on). After that, an overview of the aeronautical industry efforts in terms of development processes and certification requirements to mitigate DESIGN ERRORS will be presented. At this point, the dissimilar architecture is proposed as an effective mean to mitigate the problem of DESIGN ERRORS. Finally, a Flight Control System application using dissimilar architecture is proposed as a case study.

Current systems such as satellites, aircrafts, automobiles, turbines, wind power generators and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754 Standard. Such systems frequently require accurate generation, distribution and time or phase synchronization of signals with different frequencies that may be based on one reference signal and frequency. But the environment fluctuations or the non-linear dynamics of these operations cause uncertainties (skew and jitter) in the phase or time of the reference signal and its derived signals. So, techniques to reduce those causes or their effects are becoming important aspects to consider in the design of such systems. The PLL techniques are useful for establishing coherent phase or time references, jitter reduction, skew suppression, frequency synthesis, and clock recovery in numerous systems such as communication, wireless systems, digital circuits, rotors, and others.

On several engineering applications high Reliability is one of the most wanted features. The aspects of Reliability play a key role in design projects of aircraft, spacecraft, automotive, medical, bank systems, and so, avoiding loss of life, property, or costly recalls. The highly reliable systems are designed to work continuously, even upon external threats and internal Failures. Very convenient is the fact that the term 'Failure' may have its meaning tailored to the context of interesting, as its general definition refers to it as "any deviation from the specified behavior of a system". The above-mentioned 'deviation' may refer to: performance degradation, operational misbehavior, deviation of environmental qualification levels, Safety hazards, etc. Nevertheless, Reliability is not the only requirement for a modern system. Other features as Availability, Integrity, Security and Safety are always part of the same technical specification, in a same level of importance.

Currently, the use of Global Navigation Satellite Systems-GNSS has been widely disseminated for the most different applications, from the aeronautical navigation to the car traffic, being the Global Positioning System-GPS the most used system for such objectives. New applications have presented challenges in terms of the main requirements associated to such systems, namely: precision, reliability, availability, continuity and integrity. It is because proposed solutions, such as satellite or ground-based augmentation systems, depend on signals provided by the GNSS satellite constellation. It constitutes a limitation for using such systems for position and velocity estimations. On other hand, Inertial Navigation Systems-INS, being independent of external signals, have a big potential to be applied on these circumstances; furthermore, they present characteristics that may be considered complementary to the GNSS.

Currently, the use of Global Navigation Satellite Systems-GNSS has been widely disseminated for the most different applications, from the aeronautical navigation to the car traffic system, being the Global Positioning System-GPS the most used system for such objectives. New applications of such systems have presented more demanding requirements in terms of precision for the position and velocity provided by these systems. Some solutions, as the precision augmentation systems based on satellite or ground improve the precision of the position and velocity estimates. However, the sampling rate of these systems is not substantially improved. Therefore, it constitutes a major limitation of such systems for the position and velocity estimates during high acceleration transients. On other hand, Inertial Navigation Systems- INSs present superior performance under these circumstances.

The realization of modern systems subjected to automatic control, such as aircraft, automobiles, satellites, rocket launchers, cargo and military ships, and so forth; increasingly assume, within its very set of requirements, the task of providing better dependability, i.e.: safety, reliability, and availability altogether. Towards this demand, fault-tolerant control greatly meets such growing demand of dependability, by its ability of recognizing the occurrence of potentially hazardous/hazardous faults within the overall (closed-loop) system, and by taking remedial action whenever necessary/mandatory. The process of fault tolerance can be segregated into two fundamental steps: (1) that of fault diagnosis, comprising fault detection-isolation-identification, and, (2) control adjustment/reconfiguration. This paper focuses on the second step, of control adjustment/reconfiguration.

One challenge that the space, aeronautical and automotive industries are facing today is the fast growing number of vehicles versus the slowly growing number of useful orbits, routes, and speedways. Furthermore, the adoption of “free-flight”, “speed-drive”, etc. policies in the near future will only aggravate it. All these factors increase the risk of collisions and the frequency of deviation maneuvers to avoid them. But they also create the opportunity to devise policies to mitigate such problems, including algorithms to propagate the uncertainties in vehicle motions and to predict the risk of their collisions. This work discusses the development and simulation of an algorithm for the propagation of navigation uncertainties in the trajectory of aerospace vehicles, to minimize the risk of collisions. The scenario of Satellites Formation Flying shall be used for the simulations, with focus on the prediction of the collision probability.

Control systems that can switch between control or plant modes have the advantage of being simpler to design than an equivalent system with a single mode. However, the transition between these modes can introduce steps or overshootings in the state variables, and this can degrade the performance or even damage the system. This is can be of extreme importance in fields such as aerospace and automobilistic, as the switching between manual and autopilot modes or the switching of gears In this work, we will use integral criteria in original ways, to determine a coefficient on the system which should optimize the trajectory of the control signal, during the switching between two modes. Effectively, each transition will be done by a subsystem specific for it, according to the selected criterion. The simulations will be made in MATRIXx, MatLab or both, using models chosen from aerospace or automobilistic fields.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well fitted architecture adopted by this trend is the Common Bus Network Architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics (sharing bus, delays, jitter etc.) to be considered at design time of a control system. This work focuses on the influences of data bus protocols on an aircraft Fly-By-Wire (FBW) networked control system. We intent to show, through simulations, the influences of sharing bus on a real time control system. To compare effects, we choose the CAN Bus protocol where the medium access control is event driven; and the TTP protocol where the medium access control is time driven.

This work presents the identification of the longitudinal mode of an aircraft by using time and frequency response methods. To do this, the transfer function was identified based on the sampled response to a step input. The transfer function was validated comparing the model step response with the original system step response. The identification of the system transfer function was performed by using the Fast Fourier Transform (FFT) and Bode Graphs methods. The model validation quantification was performed by means of the mean quadratic-error method applied to the step response difference. Based on that, the identified model was considered to be quite representative, thus proving the suitability of the applied methods.

This works presents the generation and customization of real time code for embedded controllers using a modeling and simulation environment. When the controller model is considered satisfactory, the developers can use a code generation tool to build a real time source code capable to be migrated to an embedded target processor. The code generation tool used is capable to generate real time code in ANSI C or ADA 95 languages. This process can be customized to adequate to a target processor and/or a Real Time Operating System (RTOS). The code customization can be achieved using a specific Template Programming Language (TPL) that specifies how the code will be generated. This technique makes it possible the instantiation of real time embedded controllers code using the same controller model to a wide variety of target processors and/or RTOSs.

This work presents the distributed simulation of the longitudinal mode of an aircraft by using the DoD High Level Architecture (HLA). The HLA is a general-purpose architecture for simulation reuse and interoperability. This architecture was developed under the leadership of the Defense Modeling and Simulation Office (DMSO) to support reuse and interoperability across the large numbers of different types of simulations developed and maintained by the DoD. To do this, the transfer function of the longitudinal mode of a hypothetical aircraft was implemented by means of a SystemBuild/MATRIXx model. The output of this model was connected to a Run-Time Infrastructure (RTI) and monitored on a remote computer. The connection between the model and the RTI was implemented by using a wrapper which was developed in C++. The HLA RTI implementation used in this work was the poRTIco.

This paper presents the first of four parts of the academic design of an Attitude Control System (ACS) for the Multi-Mission Platform (MMP) and its migration to a Real Time Operating System. The MMP is a three axis stabilized artificial satellite now under development at the National Institute for Space Research (INPE). Such design applied some software engineering concepts as: 1)visual modeling; 2)automatic code generation; 3)automatic code migration; 4)soft real time simulation; and 5)hard real time simulation. A block diagram based modeling and a virtual time simulation of the MMP ACS in its nominal operational mode were built in the MatrixX 7.1 environment satisfying the three axis pointing and stabilization requirements. After that, its AutoCode module was used to generate C ANSI code representing the block diagram model. Time characteristics were added to the ACS generated code to make it the real time control software of MMP nominal operational mode.

Internet of Things (IoT) for real-time applications are demanding more and more high performance, precision, accuracy, modularity, integration, dependability and other attributes in a complex and/or highly integrated environment. Such systems need to provide coordination among the integrated components (e.g. sensors, computer, controller and networks) for enabling the application to take real-time measurements and to translate into controllable, observable and smart actions with strict timing requirements. Therefore, coordination and synchronization are required to ensure the controllable, observable and smart actions of real-time IoT systems. This paper shows the design issues about the coordination and synchronization in the internet of things applied to real-time applications. We also show the current coordination and synchronization techniques and their design issues when applied to IoT systems.

This paper presents the automatic code generation process of the academic design of an Attitude Control System (ACS) for the Multi-Mission Platform (MMP). The MMP is a three axis stabilized artificial satellite now under development at the National Institute for Space Research (INPE). Such design applied some software engineering concepts as: 1)visual modeling; 2)automatic code generation; 3)automatic code migration; 4)soft real time simulation; and 5)hard real time simulation. A block diagram based modeling and a virtual time simulation of the MMP ACS in its nominal operational mode were built in the MatrixX 7.1 environment satisfying the three axis pointing and stabilization requirements. After that, its AutoCode module was used to generate C ANSI code representing the block diagram model. Four operating systems were used for code migration: 1)Windows 2000; 2)Mandrake Linux 10.1; 3)RedHawk Linux 2.1; and 4)RTEMS 4.6.2.

The aerospace and automotive electronic systems are getting more complex and/or highly integrated, as defined by ARP 4754A, making extensive use of microelectronics and digital memories which, in turn, operates in higher frequencies and lower voltages. In addition, the aircraft are flying in higher altitudes, and polar routes are getting more frequent. These factors raise the probability of occurrence of hazardous effects like the Single Event Upsets in their embedded electronic systems. These must be designed in a way to tolerate and assure the immunity to the Single Event Upsets, based upon criteria such as reliability, availability and criticality. This paper proposes an overview of an assurance process of immunity of embedded electronic systems to Single Event Upsets caused by ionizing particles by means of a review of literature and an analysis of standards as ECSS-E-ST-10-1, NASA Single Event Effects Criticality Analysis and IEC TS 62396-1.

Real-time critical systems are those whose failures may cause loss of transactions/data, missions/batches, vehicles/properties, or even people/human life. Accordingly, some regulations prescribe their maximum acceptable probability of failures to range from about 10−4 to 10−10 failures per hour. Examples of such systems are the ones involving nuclear plants, aircrafts, satellites, automobiles, or traffic controls. They are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754A Standard. Those systems include, most of the time, real time critical software that must be specified, designed, implemented, validated, verified and accredited (VVA). To do that, models, specially the V-Model, are frequently adopted, together with methods and tools which perform software VVA to ensure compliance (of correctness, reliability, robustness, etc.) of software to several specific standards such as DO178-B/DO-178C (aviation) or IEC 26262 (automotive) among others.

The increasing development of Unmanned Aerial Vehicle (UAV) technologies has allowed greater use of UAVs as remote sensing platforms to enhance satellite and manned aerial vehicle remote sensing surveillance and environmental management systems. Particularly, the Brazilian National Institute for Space Research - INPE has an Environmental Data Collection System (SCD) since 1993. Recently, the MCTI (Ministry of Science, Technology and Innovation) opened the National Center for Monitoring and Early Warning of Natural Disasters (CEMADEN). Both may need additional resources for their expansions in the near future as offered by UAV technologies. These needs illustrate the potential of UAV technologies as complement to existing or future systems. This paper presents an overview of data transmission used in UAVs for remote sensing surveillance and environmental management systems.

Current systems such as satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754a Standard. Such systems operate in a real time distributed environment which frequently requires a common knowledge of time among different devices, levels and granularities. So, temporal correctness is mostly needed, besides logical correctness. It can be achieved by hardware clocks and devices, software clocks and algorithms, or both, to avoid or tolerate, within appropriate margins, the time faults or failures that may occur in aerospace and automotive systems. This paper presents an overview of clock synchronization algorithms and their uses in aerospace and automotive systems. It is based on a review of the literature, discussion and comparison of some clock synchronization algorithms with different policies.

Current systems such as: satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754 Standard. Such systems and their control systems use many modes of operation and many forms of redundancy to achieve high levels of performance and high levels of reliability under changing environments and phases of their lifecycle. The environment disturbances, environment variability, plant non-linear dynamics, plant wear, plant faults, or the non-symmetric plant operation may cause de-synchronization in phase or time among: 1) simultaneous units in the same normal mode of operation; 2) successive units in successive normal modes of operation; 3) main and spare units from normal to faulty modes of operation. So, techniques to reduce those causes or their effects are becoming important aspects to consider in the design of such systems.