Integrated application of compositional and behavioural safety analysis

To address challenges arising in the safety assessment of critical engineering systems, research has recently focused on automating the synthesis of predictive models of system failure from design representations. In one approach, known as compositional safety analysis, system failure models such as fault trees and Failure Modes and Effects Analyses (FMEAs) are constructed from component failure models using a process of composition. Another approach has looked into automating system safety analysis via application of formal verification techniques such as model checking on behavioural models of the system represented as state automata. So far, compositional safety analysis and formal verification have been developed separately and seen as two competing paradigms to the problem of model-based safety analysis. This thesis shows that it is possible to move forward the terms of this debate and use the two paradigms synergistically in the context of an advanced safety assessment process. The thesis develops a systematic approach in which compositional safety analysis provides the basis for the systematic construction and refinement of state-automata that record the transition of a system from normal to degraded and failed states. These state automata can be further enhanced and then be model-checked to verify the satisfaction of safety properties. Note that the development of such models in current practice is ad hoc and relies only on expert knowledge, but it being rationalised and systematised in the proposed approach – a key contribution of this thesis. Overall the approach combines the advantages of compositional safety analysis such as simplicity, efficiency and scalability, with the benefits of formal verification such as the ability for automated verification of safety requirements on dynamic models of the system, and leads to an improved model-based safety analysis process. In the context of this process, a novel generic mechanism is also proposed for modelling the detectability of errors which typically arise as a result of component faults and then propagate through the architecture. This mechanism is used to derive analyses that can aid decisions on appropriate detection and recovery mechanisms in the system model. The thesis starts with an investigation of the potential for useful integration of compositional and formal safety analysis techniques. The approach is then developed in detail and guidelines for analysis and refinement of system models are given. Finally, the process is evaluated in three cases studies that were iteratively performed on increasingly refined and improved models of aircraft and automotive braking and cruise control systems. In the light of the results of these studies, the thesis concludes that integration of compositional and formal safety analysis techniques is feasible and potentially useful in the design of safety critical systems

The INOVE ANR 2010 Blan 0308 project: Integrated approach for observation and control of vehicle dynamics

International audienceThis paper presents the INOVE "Integrated approach for observation and control of vehicle dynamics" project. The aim and organization of the project are described and we present some recent results on the proposed integrated approach to design new methodologies for the improvement of the vehicle dynamical behaviour

Industry/University Collaboration at the University of Michigan-Dearborn: A Focus on Relevant Technology

https://deepblue.lib.umich.edu/bitstream/2027.42/154105/1/kampfner1997.pd

Assessment of the State of the Art of Integrated Vehicle Health Management Technologies as Applicable to Damage Conditions

A survey of literature from academia, industry, and other Government agencies assessed the state of the art in current integrated vehicle health management (IVHM) aircraft technologies. These are the technologies that are used for assessing vehicle health at the system and subsystem level. This study reports on how these technologies are employed by major military and commercial platforms for detection, diagnosis, prognosis, and mitigation. Over 200 papers from five conferences from the time period of 2004 to 2009 were reviewed. Over 30 of these IVHM technologies are then mapped into the 17 different adverse event damage conditions identified in a previous study. This study illustrates existing gaps and opportunities for additional research by the NASA IVHM Project

Data-Driven Modeling and Regulation of Aircraft Brakes Degradation via Antiskid Controllers

In ground vehicles, braking actuator degradation and tire consumption do not represent a significant maintenance cost as the lifespan of both components, at least in common situations, is rather long. In the aeronautical context, and for aircraft in particular, instead, braking actuator degradation and tire consumption significantly contribute to an aircraft maintenance cost due to the frequency of their replacement. This is mainly due to the fact that aircraft braking maneuvers last significantly longer than those in the automotive context. So that the antilock braking system is always active during the braking maneuver, making its impact on the consumption of the two components significant. This work proposes an innovative data-driven model of brake and tire degradation, showing how they are related to the antiskid controller parameters. The analysis is carried out in a MATLAB/Simulink environment on a single wheel rigid body model, validated experimentally, which includes all the nonlinear effects peculiar of the aeronautic context. The results show that by using an appropriate antiskid control approach, it is possible to directly regulate the consumption of these components while at the same time guaranteeing the required braking performance

Model-based Condition Monitoring of Anti-lock Braking Systems

The Anti-lock Braking System (ABS) is one of the most important safety features in modern vehicles. It is a device integrating complicated electronic systems, hydraulic systems and mechanical components. It is possible to produce faults in these systems due to extreme vehicle operating conditions, which may lead to the failure of the ABS. However, there has not been an effective mechanism available in current operation and service facilities, which allows the performance of the ABS to be checked on-board or at a service base. This research therefore aims to investigate and develop approaches which allow the ABS systems to be monitored in different ways. As the ABS is a highly integrated system, conventional monitoring methods cannot be applied to it directly. The primary objective of this research is to develop a condition monitoring model for a typical ABS system under different conditions and then to monitor the dynamic characteristics and performance of the ABS according to simulation and experimental results. The Rapid Control Prototype (RCP) technique is used by applying dSpace MicroAutoBoxII on the ABS controller. A full mathematical model has been developed to simulate the ABS system under different conditions and seeded fault conditions. This results in a full understanding of the characteristics of measurable variables such as wheel velocity and vehicle velocity. This work has led to the conclusion that a model-based condition monitoring approach is the method with the most potential for the monitoring of the ABS systems. To overcome inevitable measurement noise and model uncertainties, a Kalman filter (KF) has been designed and evaluated through both simulation data and experimental results. This has been found to have acceptable performance and has subsequently been incorporated into the model-based condition monitoring system. The performance of the model-based condition monitoring system has been evaluated using an ABS test system. The ABS test rig consists of the basic ABS components and also the dSpace MicroAutoBoxII components, together with NI data acquisition equipment. The ABS test rig developed in this research is highly flexible to allow experimental investigations under different fault conditions with different severities. It has demonstrated that the monitoring system can reliably detect different possible faults in the ABS such as speed sensor failure, solenoid valve sticking or stuck, hydraulic fluid leakage and pump efficiency loss. All these faults occur with high possibility according to a systematic failure mode analysis based on that of similar components. Obviously, there is still considerable work which needs to be carried out to adopt this system in industry. For example, interfaces to integrate this new system into existing vehicle electronics should be investigated. In addition, specific fault conditions from different vehicle manufacturers should be simulated to tailor the system to specific vehicles specifically