Search Results

With the growing complexity and integration of systems as satellites, automobiles, aircrafts, turbines, power controls and traffic controls, as prescribed by SAE-ARP-4754A Standard, the time de-synchronization can cause serious or even catastrophic failures. Time synchronization is a very important aspect to achieve high performance, reliability and determinism in networked control systems. Such systems operate in a real time distributed environment which frequently requires a consistent time view among different devices, levels and granularities. So, to guarantee high performance, reliability and determinism it is required a performance evaluation of time synchronization of the overall system. This time synchronization performance evaluation can be done in different ways, as experiments and/or model and simulation.

In this work, the problem of fault detection, isolation, and reconfiguration (FDIR) for Networked-Control Systems (NCS) of aerospace vehicles is discussed. The concept of fault-tolerance is introduced from a generic structure, and a review on quantitative and qualitative methods (state estimation, parameter estimation, parity space, statistic testing, neural networks, etc.) for FDIR is then performed. Afterwards, the use of networks as loop-closing elements is introduced, followed by a discussion on advantages (flexibility, energy demand, etc.) and challenges (networks effects on performance, closed-loop fault-effects on safety, etc.) represented thereby. Finally, examples of applications on aerospace vehicles illustrate the importance of the discussion herein exposed.

The architecture is a concept very broad and important that is directly connected to the realization of a system. It defines what the system is capable of doing, how it accomplishes its mission and how the system is. Currently, the development of system architectures is considered a domain of knowledge where science meets art. In some specific areas, the methods on the development of system architectures are already well formalized. However, when analyzing the evaluation of system architectures such as those for multi-domain control systems, it is clear that there is still much room for rationalization. In these cases, the search for new methods for the evaluation of system architectures is currently in the state of art. In this work we discuss methods used in the verification and validation of control systems architectures of cyber-physical systems based on models and systems metrics.

Cyber-physical systems are joint instances of growing complexity and high integration of elements in the information and physical domains reaching high levels of difficulty to engineer an operate them. This happens with satellites, aircraft, automobiles, smart grids and others. Current technologies as computation, communication and control integrate those domains to communicate, synchronize and operate together. However, the integration of different domains brings new challenges and adds new issues, mainly in real time distributed control systems, beginning with time synchronization. In this paper, we present a discussion on time synchronization and their effects in distributed cyber-physical control systems. To do that, we review the literature, discuss some time synchronization techniques used in cyber-physical systems, and illustrate them via model and simulation of a system representative of the aerospace area.

The supply of electrical power is one of the most important functions required by the diverse payloads of satellites. A fault in the corresponding subsystem might lead to mission or even vehicle loss. Among the causes of such faults, we highlight the phenomenon of thermal avalanche in batteries. It can be explained as an energetic unbalance where the rate of heat generated in the interior of the system exceeds its capacity to dissipate it. This occurred to the OAO1 of NASA just after its launch on April 8, 1966; and with the CBERS2 of CAST and INPE already in orbit in 2007 and 2009. This work presents a discussion on the causes and effects of thermal avalanches in artificial satellite battery charging and discharging systems.

Avionics Systems are increasingly used to perform safety-critical functions at high altitudes. But their increasing capacity and concentration of memory and logics leads to more frequent occurrences of single event upsets, especially in high altitudes. In this work we discuss the process of eliciting and validating requirements to handle single events upsets in avionic systems. To do that we initially summarize and update the concepts of radiation environment of the atmosphere, radiation induced errors, single event upsets, etc. presented in a previous paper. Then, we discuss some of their effects on avionic systems and ways of mitigation, reported in the literature. Finally, we discuss provisions to demand the adoption of such mitigation measures, and their sufficiency by transforming them into requirements, according to recommendations of compliance described in standards as SAE ARP 4754A and RTCA DO-254.

Switching controls are those that can switch between control or plant modes to perform their functions. They have the advantage of being simpler to design than an equivalent control system with a single mode. However, the transients between those modes can introduce steps or overshootings in the state variables, and this can degrade the performance or even damage the control or the plant. So, the smoothing of such transients is vital for their reliability and mantainability. This is can be of extreme importance in the aerospace and automotive fields, plenty of switchings between manual and autopilot modes via relays, or among gears via clutches, for example. In this work, we present a first strategy for smoothing transients in switching controls of aerospace and automotive systems.

Control systems that can switch between control modes have the advantage of being simpler to design than an equivalent system with a single mode. However, the transition between control modes can introduce steps or overshootings in the state variables, and this can degrade the performance or even damage the system. In this work, we will use integral criteria in an original way, to determine a coefficient on the system which should optimize the trajectory of the control signal, during the switching between two modes. Effectively, each transition will be done by a subsystem specific for it, according to the selected criterion. The simulations will be made in MATRIXx, using as models the system of control of attitude of the Multimission Platform, and a system which keeps the synchrony between two induction motors.

The increasing use of Global Navigation Satellite Systems-GNSS in future Aeronautical Navigation Systems-ANS is a current trend in the aeronautical operation and regulation communities. This trend implies the adoption of elements and interactions of a degree of complexity that is still being discussed around the world. Faced with that, we believe that a requirements based approach is an effective tool to deal with such highly complex and integrated systems. In this work we discuss a requirements based approach to future Aeronautical Navigation Systems based on Global Navigation Satellite Systems. To do that, we first briefly present the concept of Communication, Navigation, Surveillance/Air Traffic Management - CNS/ATM, and the current and potential benefits of the adoption of its paradigms.

In critical real-time computer systems, whether aircraft, automotive and industrial products it is very common the use of a fixed priority scheduler. The fixed priority scheduler has shown a good performance in control applications even in different applications where it was adopted. But nowadays, to go forward with the technology, be it in hardware and software, schedulers with dynamic priority can be a better alternative in certain situations. The present work aims to show that a variable priority scheduler can improve the performance of a control system obtained with a fixed priority scheduler, even when it was bad conditioned. This study is based on a four motor position control system. For this, the study will make use of a specialized simulation tool. In the future, we intend to extend this study to schedulers that use random and sporadic tasks.

A major trend in modern aerospace and automotive systems is to integrate computing, communication and control into different levels of the vehicle and/or its supervision. A well-fitted architecture adopted by this trend is the common bus network architecture. A Networked Control System (NCS) is called when the control loop is closed through a communication network. The presence of this communication network introduces new characteristics that must be considered at the design time of a control system. This work, still in development, focuses on a worst case formula for a communication (TDMA) plus computation (RMS) on a NCS. This formula, in a first instance, agrees with the simulated cases under the hypotheses and conditions when the NCS is composed by 1 actuator - 1 sensor and when is composed by 2 actuators - 2 sensors. In the future, we intend to generalize this formula and extend this study to NCS that uses other communication protocols or others computer schedulers.

Currently, aerospace and automotive industries are developing complexand/or highly integrated systems, whose services require greater confidence to meet a set of specifications that are increasingly demanding, such as successfully operating a communications satellite, a commercial airplane, an automatic automobile, and so on. To meet these requirements and expectations, there is a growing need for fault treatment, up to predict faults and monitor the health of the components, equipment, subsystems or systems used. In the last decades, the approaches of 1) Fault Prevention, 2) Fault Detection/Tolerance and 3) Fault Detection/Correction have been widely studied and explored.

Current systems such as: satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754 Standard. Such systems and their control systems use many modes of operation and many forms of redundancy to achieve high levels of performance and high levels of reliability under changing environments and phases of their lifecycle. The environment disturbances, environment variability, plant non-linear dynamics, plant wear, plant faults, or the non-symmetric plant operation may cause de-synchronization in phase or time among: 1) simultaneous units in the same normal mode of operation; 2) successive units in successive normal modes of operation; 3) main and spare units from normal to faulty modes of operation. So, techniques to reduce those causes or their effects are becoming important aspects to consider in the design of such systems.

Current systems such as satellites, aircrafts, automobiles, turbines, power controls and traffic controls are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754a Standard. Such systems operate in a real time distributed environment which frequently requires a common knowledge of time among different devices, levels and granularities. So, temporal correctness is mostly needed, besides logical correctness. It can be achieved by hardware clocks and devices, software clocks and algorithms, or both, to avoid or tolerate, within appropriate margins, the time faults or failures that may occur in aerospace and automotive systems. This paper presents an overview of clock synchronization algorithms and their uses in aerospace and automotive systems. It is based on a review of the literature, discussion and comparison of some clock synchronization algorithms with different policies.

The increasing development of Unmanned Aerial Vehicle (UAV) technologies has allowed greater use of UAVs as remote sensing platforms to enhance satellite and manned aerial vehicle remote sensing surveillance and environmental management systems. Particularly, the Brazilian National Institute for Space Research - INPE has an Environmental Data Collection System (SCD) since 1993. Recently, the MCTI (Ministry of Science, Technology and Innovation) opened the National Center for Monitoring and Early Warning of Natural Disasters (CEMADEN). Both may need additional resources for their expansions in the near future as offered by UAV technologies. These needs illustrate the potential of UAV technologies as complement to existing or future systems. This paper presents an overview of data transmission used in UAVs for remote sensing surveillance and environmental management systems.

Real-time critical systems are those whose failures may cause loss of transactions/data, missions/batches, vehicles/properties, or even people/human life. Accordingly, some regulations prescribe their maximum acceptable probability of failures to range from about 10−4 to 10−10 failures per hour. Examples of such systems are the ones involving nuclear plants, aircrafts, satellites, automobiles, or traffic controls. They are becoming increasingly complex and/or highly integrated as prescribed by the SAE-ARP-4754A Standard. Those systems include, most of the time, real time critical software that must be specified, designed, implemented, validated, verified and accredited (VVA). To do that, models, specially the V-Model, are frequently adopted, together with methods and tools which perform software VVA to ensure compliance (of correctness, reliability, robustness, etc.) of software to several specific standards such as DO178-B/DO-178C (aviation) or IEC 26262 (automotive) among others.

The aerospace and automotive electronic systems are getting more complex and/or highly integrated, as defined by ARP 4754A, making extensive use of microelectronics and digital memories which, in turn, operates in higher frequencies and lower voltages. In addition, the aircraft are flying in higher altitudes, and polar routes are getting more frequent. These factors raise the probability of occurrence of hazardous effects like the Single Event Upsets in their embedded electronic systems. These must be designed in a way to tolerate and assure the immunity to the Single Event Upsets, based upon criteria such as reliability, availability and criticality. This paper proposes an overview of an assurance process of immunity of embedded electronic systems to Single Event Upsets caused by ionizing particles by means of a review of literature and an analysis of standards as ECSS-E-ST-10-1, NASA Single Event Effects Criticality Analysis and IEC TS 62396-1.

Systems such as satellites, airplanes, cars and air traffic controls are becoming more complex and/or highly integrated. These systems integrate several technologies inside themselves, and must be able to work in very demanding environments, sometimes with few or none maintenance services due to their severe conditions of work. To survive such severe work conditions, the systems must present high levels of reliability, which are achieved through different approaches, processes, etc. These unfold in many: levels of aggregation (systems, subsystems, equipments, components, etc.), phases of their lifecycles (conception, design, manufacturing, assembly, integration, tests, operation, etc.), environments (land, sea, air, space, etc.), types of components/applications/experiences/technological communities (nuclear, aerospace, military, automotive, medical, commercial, etc.), leaded by the widespread use of semiconductors.

This work presents the analysis, design and simulation of the reconfigurable control architecture for the contingency mode of the MultiMission Platform (MMP). The MMP is a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation and other Sub-Modes, according to ground command or information coming from the control system, mainly alarms. The implementation followed the specifications when they were found, otherwise it was designed. They cover operations from detumbling after launcher separation and solar acquisition, to achieving payload nominal attitude and orbital corrections maneuvers. The manager block of the control system was implemented as a finite state machine. The tests are based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission, be it during modes or transitions between modes and submodes.

This work presents the first part of the analysis, design and simulation of the reconfigurable control architecture for the Multi-Mission Platform (MMP), a generic service module currently under design at INPE. Its control system can be switched among nine main Modes of Operation. The implementation followed the specifications when they were found, otherwise it was designed. The manager block of the control system was implemented as a finite state machine. The tests were based in simulations with the MatriX/SystemBuild software. They focused mainly on the worst cases that the satellite is supposed to endure in its mission.