Fault Mode Probability Factor Based Fault-Tolerant Control for Dissimilar Redundant Actuation System

This paper presents a Fault Mode Probability Factor (FMPF) based Fault-Tolerant Control (FTC) strategy for multiple faults of Dissimilar Redundant Actuation System (DRAS) composed of Hydraulic Actuator (HA) and Electro-Hydrostatic Actuator (EHA). The long-term service and severe working conditions can result in multiple gradual faults which can ultimately degrade the system performance, resulting in the system model drift into the fault state characterized with parameter uncertainty. The paper proposes to address this problem by using the historical statistics of the multiple gradual faults and the proposed FMPF to amend the system model with parameter uncertainty. To balance the system model precision and computation time, a Moving Window (MW) method is used to determine the applied historical statistics. The FMPF based FTC strategy is developed for the amended system model where the system estimation and Linear Quadratic Regulator (LQR) are updated at the end of system sampling period. The simulations of DRAS system subjected to multiple faults have been performed and the results indicate the effectiveness of the proposed approach

Advanced flight control system study

The architecture, requirements, and system elements of an ultrareliable, advanced flight control system are described. The basic criteria are functional reliability of 10 to the minus 10 power/hour of flight and only 6 month scheduled maintenance. A distributed system architecture is described, including a multiplexed communication system, reliable bus controller, the use of skewed sensor arrays, and actuator interfaces. Test bed and flight evaluation program are proposed

Technology review of flight crucial flight controls

The results of a technology survey in flight crucial flight controls conducted as a data base for planning future research and technology programs are provided. Free world countries were surveyed with primary emphasis on the United States and Western Europe because that is where the most advanced technology resides. The survey includes major contemporary systems on operational aircraft, R&D flight programs, advanced aircraft developments, and major research and technology programs. The survey was not intended to be an in-depth treatment of the technology elements, but rather a study of major trends in systems level technology. The information was collected from open literature, personal communications and a tour of several companies, government organizations and research laboratories in the United States, United Kingdom, France, and the Federal Republic of Germany

High-speed civil transport flight- and propulsion-control technological issues

Technology advances required in the flight and propulsion control system disciplines to develop a high speed civil transport (HSCT) are identified. The mission and requirements of the transport and major flight and propulsion control technology issues are discussed. Each issue is ranked and, for each issue, a plan for technology readiness is given. Certain features are unique and dominate control system design. These features include the high temperature environment, large flexible aircraft, control-configured empennage, minimizing control margins, and high availability and excellent maintainability. The failure to resolve most high-priority issues can prevent the transport from achieving its goals. The flow-time for hardware may require stimulus, since market forces may be insufficient to ensure timely production. Flight and propulsion control technology will contribute to takeoff gross weight reduction. Similar technology advances are necessary also to ensure flight safety for the transport. The certification basis of the HSCT must be negotiated between airplane manufacturers and government regulators. Efficient, quality design of the transport will require an integrated set of design tools that support the entire engineering design team

Fault-tolerant pitch-rate control augmentation system design for asymmetric elevator failures in a combat plane

summary:Combat planes are designed in a structured relaxed static stability to meet maneuver requirements. These planes are unstable in the longitudinal axis and require continuous active control systems with elevator control. Therefore, failures in the elevator can have vital consequences for flight safety. In this work, the performance of classical control approach against asymmetric elevator failures is investigated and it is shown that this approach is insufficient in the case of such a failure. Then, a fault-tolerant control system is proposed to cope with these failures and it is shown that this controller can successfully deal with such failures. The F-16 aircraft is taken as an example case. A detailed nonlinear dynamic model of this aircraft is presented first. In the F-16 aircraft, the elevator surfaces are in two parts, right and left, and can move independently. Therefore, to obtain a more realistic and difficult failure scenario, it is assumed that the elevator is asymmetrically defective. Two types of failures commonly observed on the elevator surfaces (freezing and floating) are aerodynamically modeled and it is shown that the pitch-rate control augmentation systems in the conventional structure cannot cope with these elevator failures. In order to overcome this problem, a fault-tolerant control system is proposed. It is shown that this controller can successfully cope with the aforementioned failures without any degradation in flight safety

Performance Degradation Based on Importance Change and Application in Dissimilar Redundancy Actuation System

The importance measure is a crucial method to identify and evaluate the system weak link. It is widely used in the optimization design and maintenance decision of aviation, aerospace, nuclear energy and other systems. The dissimilar redundancy actuation system (DRAS) is a key aircraft control subsystem which performs aircraft attitude and flight trajectory control. Its performance and reliability directly affect the aircraft flight quality and flight safety. This paper considers the influence of the Birnbaum importance measure (BIM) and integrated importance measure (IIM) on the reliability changes of key components in DRAS. The differences of physical fault characteristics of different components due to performance degradation and power mismatch, are first considered. The reliability of each component in the system is then estimated by assuming that the stochastic degradation process of the DRAS components follows an inverse Gaussian (IG) process. Finally, the weak links of the system are identified using BIM and IIM, so that the resources can be reasonably allocated to the weak links during the maintenance period. The proposed method can provide a technical support for personnel maintenance, in order to improve the system reliability with a minimal lifecycle cost

Trends in vehicle motion control for automated driving on public roads

In this paper, we describe how vehicle systems and the vehicle motion control are affected by automated driving on public roads. We describe the redundancy needed for a road vehicle to meet certain safety goals. The concept of system safety as well as system solutions to fault tolerant actuation of steering and braking and the associated fault tolerant power supply is described. Notably restriction of the operational domain in case of reduced capability of the driving automation system is discussed. Further we consider path tracking, state estimation of vehicle motion control required for automated driving as well as an example of a minimum risk manoeuver and redundant steering by means of differential braking. The steering by differential braking could offer heterogeneous or dissimilar redundancy that complements the redundancy of described fault tolerant steering systems for driving automation equipped vehicles. Finally, the important topic of verification of driving automation systems is addressed

Integrated Application of Active Controls (IAAC) technology to an advanced subsonic transport project: Final ACT configuration evaluation

The Final ACT Configuration Evaluation Task of the Integrated Application of Active Controls (IAAC) technology project within the energy efficient transport program is summarized. The Final ACT Configuration, through application of Active Controls Technology (ACT) in combination with increased wing span, exhibits significant performance improvements over the conventional baseline configuration. At the design range for these configurations, 3590 km, the block fuel used is 10% less for the Final ACT Configuration, with significant reductions in fuel usage at all operational ranges. Results of this improved fuel usage and additional system and airframe costs and the complexity required to achieve it were analyzed to determine its economic effects. For a 926 km mission, the incremental return on investment is nearly 25% at 1980 fuel prices. For longer range missions or increased fuel prices, the return is greater. The technical risks encountered in the Final ACT Configuration design and the research and development effort required to reduce these risks to levels acceptable for commercial airplane design are identified

Integrated approaches to handle UAV actuator fault

Unmanned AerialVehicles (UAV) has historically shown to be unreliable when compared to their manned counterparts. Part of the reason is they may not be able to a ord the redundancies required to handle faults from system or cost constraints. This research explores instances when actuator fault handling may be improved with integrated approaches for small UAVs which have limited actuator redundancy. The research started with examining the possibility of handling the case where no actuator redundancy remains post fault. Two fault recovery schemes, combing control allocation and hardware means, for a Quad Rotor UAV with no redundancy upon fault event are developed to enable safe emergency landing. Inspired by the integrated approach, a proposed integrated actuator control scheme is developed, and shown to reduce the magnitude of the error dynamics when input saturation faults occur. Geometrical insights to the proposed actuator scheme are obtained. Simulations using an Aerosonde UAV model with the proposed scheme showed significant improvements to the fault tolerant stuck fault range and improved guidance tracking performance. While much research literature has previously been focused on the controller to handle actuator faults, fault tolerant guidance schemes may also be utilized to accommodate the fault. One possible advantage of using fault tolerant guidance is that it may consider the fault degradation e ects on the overall mission. A fault tolerant guidance reconfiguration method is developed for a path following mission. The method provides an additional degree of freedom in design, which allows more flexibility to the designer to meet mission requirements. This research has provided fresh insights into the handling UAV extremal actuator faults through integrated approaches. The impact of this work is to expand on the possibilities a practitioner may have for improving the fault handling capabilities of a UAV

Engineering Resilient Space Systems

Several distinct trends will influence space exploration missions in the next decade. Destinations are becoming more remote and mysterious, science questions more sophisticated, and, as mission experience accumulates, the most accessible targets are visited, advancing the knowledge frontier to more difficult, harsh, and inaccessible environments. This leads to new challenges including: hazardous conditions that limit mission lifetime, such as high radiation levels surrounding interesting destinations like Europa or toxic atmospheres of planetary bodies like Venus; unconstrained environments with navigation hazards, such as free-floating active small bodies; multielement missions required to answer more sophisticated questions, such as Mars Sample Return (MSR); and long-range missions, such as Kuiper belt exploration, that must survive equipment failures over the span of decades. These missions will need to be successful without a priori knowledge of the most efficient data collection techniques for optimum science return. Science objectives will have to be revised ‘on the fly’, with new data collection and navigation decisions on short timescales. Yet, even as science objectives are becoming more ambitious, several critical resources remain unchanged. Since physics imposes insurmountable light-time delays, anticipated improvements to the Deep Space Network (DSN) will only marginally improve the bandwidth and communications cadence to remote spacecraft. Fiscal resources are increasingly limited, resulting in fewer flagship missions, smaller spacecraft, and less subsystem redundancy. As missions visit more distant and formidable locations, the job of the operations team becomes more challenging, seemingly inconsistent with the trend of shrinking mission budgets for operations support. How can we continue to explore challenging new locations without increasing risk or system complexity? These challenges are present, to some degree, for the entire Decadal Survey mission portfolio, as documented in Vision and Voyages for Planetary Science in the Decade 2013–2022 (National Research Council, 2011), but are especially acute for the following mission examples, identified in our recently completed KISS Engineering Resilient Space Systems (ERSS) study: 1. A Venus lander, designed to sample the atmosphere and surface of Venus, would have to perform science operations as components and subsystems degrade and fail; 2. A Trojan asteroid tour spacecraft would spend significant time cruising to its ultimate destination (essentially hibernating to save on operations costs), then upon arrival, would have to act as its own surveyor, finding new objects and targets of opportunity as it approaches each asteroid, requiring response on short notice; and 3. A MSR campaign would not only be required to perform fast reconnaissance over long distances on the surface of Mars, interact with an unknown physical surface, and handle degradations and faults, but would also contain multiple components (launch vehicle, cruise stage, entry and landing vehicle, surface rover, ascent vehicle, orbiting cache, and Earth return vehicle) that dramatically increase the need for resilience to failure across the complex system. The concept of resilience and its relevance and application in various domains was a focus during the study, with several definitions of resilience proposed and discussed. While there was substantial variation in the specifics, there was a common conceptual core that emerged—adaptation in the presence of changing circumstances. These changes were couched in various ways—anomalies, disruptions, discoveries—but they all ultimately had to do with changes in underlying assumptions. Invalid assumptions, whether due to unexpected changes in the environment, or an inadequate understanding of interactions within the system, may cause unexpected or unintended system behavior. A system is resilient if it continues to perform the intended functions in the presence of invalid assumptions. Our study focused on areas of resilience that we felt needed additional exploration and integration, namely system and software architectures and capabilities, and autonomy technologies. (While also an important consideration, resilience in hardware is being addressed in multiple other venues, including 2 other KISS studies.) The study consisted of two workshops, separated by a seven-month focused study period. The first workshop (Workshop #1) explored the ‘problem space’ as an organizing theme, and the second workshop (Workshop #2) explored the ‘solution space’. In each workshop, focused discussions and exercises were interspersed with presentations from participants and invited speakers. The study period between the two workshops was organized as part of the synthesis activity during the first workshop. The study participants, after spending the initial days of the first workshop discussing the nature of resilience and its impact on future science missions, decided to split into three focus groups, each with a particular thrust, to explore specific ideas further and develop material needed for the second workshop. The three focus groups and areas of exploration were: 1. Reference missions: address/refine the resilience needs by exploring a set of reference missions 2. Capability survey: collect, document, and assess current efforts to develop capabilities and technology that could be used to address the documented needs, both inside and outside NASA 3. Architecture: analyze the impact of architecture on system resilience, and provide principles and guidance for architecting greater resilience in our future systems The key product of the second workshop was a set of capability roadmaps pertaining to the three reference missions selected for their representative coverage of the types of space missions envisioned for the future. From these three roadmaps, we have extracted several common capability patterns that would be appropriate targets for near-term technical development: one focused on graceful degradation of system functionality, a second focused on data understanding for science and engineering applications, and a third focused on hazard avoidance and environmental uncertainty. Continuing work is extending these roadmaps to identify candidate enablers of the capabilities from the following three categories: architecture solutions, technology solutions, and process solutions. The KISS study allowed a collection of diverse and engaged engineers, researchers, and scientists to think deeply about the theory, approaches, and technical issues involved in developing and applying resilience capabilities. The conclusions summarize the varied and disparate discussions that occurred during the study, and include new insights about the nature of the challenge and potential solutions: 1. There is a clear and definitive need for more resilient space systems. During our study period, the key scientists/engineers we engaged to understand potential future missions confirmed the scientific and risk reduction value of greater resilience in the systems used to perform these missions. 2. Resilience can be quantified in measurable terms—project cost, mission risk, and quality of science return. In order to consider resilience properly in the set of engineering trades performed during the design, integration, and operation of space systems, the benefits and costs of resilience need to be quantified. We believe, based on the work done during the study, that appropriate metrics to measure resilience must relate to risk, cost, and science quality/opportunity. Additional work is required to explicitly tie design decisions to these first-order concerns. 3. There are many existing basic technologies that can be applied to engineering resilient space systems. Through the discussions during the study, we found many varied approaches and research that address the various facets of resilience, some within NASA, and many more beyond. Examples from civil architecture, Department of Defense (DoD) / Defense Advanced Research Projects Agency (DARPA) initiatives, ‘smart’ power grid control, cyber-physical systems, software architecture, and application of formal verification methods for software were identified and discussed. The variety and scope of related efforts is encouraging and presents many opportunities for collaboration and development, and we expect many collaborative proposals and joint research as a result of the study. 4. Use of principled architectural approaches is key to managing complexity and integrating disparate technologies. The main challenge inherent in considering highly resilient space systems is that the increase in capability can result in an increase in complexity with all of the 3 risks and costs associated with more complex systems. What is needed is a better way of conceiving space systems that enables incorporation of capabilities without increasing complexity. We believe principled architecting approaches provide the needed means to convey a unified understanding of the system to primary stakeholders, thereby controlling complexity in the conception and development of resilient systems, and enabling the integration of disparate approaches and technologies. A representative architectural example is included in Appendix F. 5. Developing trusted resilience capabilities will require a diverse yet strategically directed research program. Despite the interest in, and benefits of, deploying resilience space systems, to date, there has been a notable lack of meaningful demonstrated progress in systems capable of working in hazardous uncertain situations. The roadmaps completed during the study, and documented in this report, provide the basis for a real funded plan that considers the required fundamental work and evolution of needed capabilities. Exploring space is a challenging and difficult endeavor. Future space missions will require more resilience in order to perform the desired science in new environments under constraints of development and operations cost, acceptable risk, and communications delays. Development of space systems with resilient capabilities has the potential to expand the limits of possibility, revolutionizing space science by enabling as yet unforeseen missions and breakthrough science observations. Our KISS study provided an essential venue for the consideration of these challenges and goals. Additional work and future steps are needed to realize the potential of resilient systems—this study provided the necessary catalyst to begin this process