626 research outputs found
Laboratory test methodology for evaluating the effects of electromagnetic disturbances on fault-tolerant control systems
Control systems for advanced aircraft, especially those with relaxed static stability, will be critical to flight and will, therefore, have very high reliability specifications which must be met for adverse as well as nominal operating conditions. Adverse conditions can result from electromagnetic disturbances caused by lightning, high energy radio frequency transmitters, and nuclear electromagnetic pulses. Tools and techniques must be developed to verify the integrity of the control system in adverse operating conditions. The most difficult and illusive perturbations to computer based control systems caused by an electromagnetic environment (EME) are functional error modes that involve no component damage. These error modes are collectively known as upset, can occur simultaneously in all of the channels of a redundant control system, and are software dependent. A methodology is presented for performing upset tests on a multichannel control system and considerations are discussed for the design of upset tests to be conducted in the lab on fault tolerant control systems operating in a closed loop with a simulated plant
Real-time closed-loop simulation and upset evaluation of control systems in harsh electromagnetic environments
Digital control systems for applications such as aircraft avionics and multibody systems must maintain adequate control integrity in adverse as well as nominal operating conditions. For example, control systems for advanced aircraft, and especially those with relaxed static stability, will be critical to flight and will, therefore, have very high reliability specifications which must be met regardless of operating conditions. In addition, multibody systems such as robotic manipulators performing critical functions must have control systems capable of robust performance in any operating environment in order to complete the assigned task reliably. Severe operating conditions for electronic control systems can result from electromagnetic disturbances caused by lightning, high energy radio frequency (HERF) transmitters, and nuclear electromagnetic pulses (NEMP). For this reason, techniques must be developed to evaluate the integrity of the control system in adverse operating environments. The most difficult and illusive perturbations to computer-based control systems that can be caused by an electromagnetic environment (EME) are functional error modes that involve no component damage. These error modes are collectively known as upset, can occur simultaneously in all of the channels of a redundant control system, and are software dependent. Upset studies performed to date have not addressed the assessment of fault tolerant systems and do not involve the evaluation of a control system operating in a closed-loop with the plant. A methodology for performing a real-time simulation of the closed-loop dynamics of a fault tolerant control system with a simulated plant operating in an electromagnetically harsh environment is presented. In particular, considerations for performing upset tests on the controller are discussed. Some of these considerations are the generation and coupling of analog signals representative of electromagnetic disturbances to a control system under test, analog data acquisition, and digital data acquisition from fault tolerant systems. In addition, a case study of an upset test methodology for a fault tolerant electromagnetic aircraft engine control system is presented
Total energy-rate feedback for automatic glide-slope tracking during wind-shear penetration
Low-altitude wind shear is recognized as an infrequent but significant hazard to all aircraft during the take-off and landing phases of flight. A total energy-rate sensor was developed for measuring the specific total energy rate of an airplane with respect to the air mass. Control-system designs, both with and without energy-rate feedback, for the approach to landing of a transport airplane through a severe-wind-shear and gust environment are presented in order to evaluate this application of the sensor. A system model incorporates wind-shear-dynamics equations with the airplane equations of motion to permit analysis of the control systems under various wind-shear conditions. The control systems are designed using optimal-output feedback and are analyzed using frequency-domain control-theory techniques. Control-system performance is evaluated using a complete nonlinear simulation of the airplane combined with a severe-wind-shear and gust data package. This evaluation is concerned with control system stability and regulation capability only
Loss of Control Prevention and Recovery: Onboard Guidance, Control, and Systems Technologies
Loss of control (LOC) is one of the largest contributors to fatal aircraft accidents worldwide. LOC accidents are complex in that they can result from numerous causal and contributing factors acting alone or (more often) in combination. These LOC hazards include vehicle impairment conditions, external disturbances; vehicle upset conditions, and inappropriate crew actions or responses. Hence, there is no single intervention strategy to prevent these accidents. NASA previously defined a comprehensive research and technology development approach for reducing LOC accidents and an associated integrated system concept. Onboard technologies for improved situation awareness, guidance, and control for LOC prevention and recovery are needed as part of this approach. Such systems should include: LOC hazards effects detection and mitigation; upset detection, prevention and recovery; and mitigation of combined hazards. NASA is conducting research in each of these areas. This paper provides an overview of this research, including the near-term LOC focus and associated analysis, as well as preliminary flight system architecture
Validation of Safety-Critical Systems for Aircraft Loss-of-Control Prevention and Recovery
Validation of technologies developed for loss of control (LOC) prevention and recovery poses significant challenges. Aircraft LOC can result from a wide spectrum of hazards, often occurring in combination, which cannot be fully replicated during evaluation. Technologies developed for LOC prevention and recovery must therefore be effective under a wide variety of hazardous and uncertain conditions, and the validation framework must provide some measure of assurance that the new vehicle safety technologies do no harm (i.e., that they themselves do not introduce new safety risks). This paper summarizes a proposed validation framework for safety-critical systems, provides an overview of validation methods and tools developed by NASA to date within the Vehicle Systems Safety Project, and develops a preliminary set of test scenarios for the validation of technologies for LOC prevention and recover
A monitor for the laboratory evaluation of control integrity in digital control systems operating in harsh electromagnetic environments
This paper presents a strategy for dynamically monitoring digital controllers in the laboratory for susceptibility to electromagnetic disturbances that compromise control integrity. The integrity of digital control systems operating in harsh electromagnetic environments can be compromised by upsets caused by induced transient electrical signals. Digital system upset is a functional error mode that involves no component damage, can occur simultaneously in all channels of a redundant control computer, and is software dependent. The motivation for this work is the need to develop tools and techniques that can be used in the laboratory to validate and/or certify critical aircraft controllers operating in electromagnetically adverse environments that result from lightning, high-intensity radiated fields (HIRF), and nuclear electromagnetic pulses (NEMP). The detection strategy presented in this paper provides dynamic monitoring of a given control computer for degraded functional integrity resulting from redundancy management errors, control calculation errors, and control correctness/effectiveness errors. In particular, this paper discusses the use of Kalman filtering, data fusion, and statistical decision theory in monitoring a given digital controller for control calculation errors
Aircraft Loss-of-Control: Analysis and Requirements for Future Safety-Critical Systems and Their Validation
Loss of control remains one of the largest contributors to fatal aircraft accidents worldwide. Aircraft loss-of-control accidents are complex, resulting from numerous causal and contributing factors acting alone or more often in combination. Hence, there is no single intervention strategy to prevent these accidents. This paper summarizes recent analysis results in identifying worst-case combinations of loss-of-control accident precursors and their time sequences, a holistic approach to preventing loss-of-control accidents in the future, and key requirements for validating the associated technologies
A problem formulation for glideslope tracking in wind shear using advanced robust control techniques
A formulation of the longitudinal glideslope tracking of a transport-class aircraft in severe wind shear and turbulence for application to robust control system design is presented. Mathematical wind shear models are incorporated into the vehicle mathematical model, and wind turbulence is modeled as an input disturbance signal. For this problem formulation, the horizontal and vertical wind shear gradients are treated as real uncertain parameters that vary over an entire wind shear profile. The primary objective is to examine the formulation of this problem into an appropriate design format for use in m-synthesis control system design
On the formulation of a minimal uncertainty model for robust control with structured uncertainty
In the design and analysis of robust control systems for uncertain plants, representing the system transfer matrix in the form of what has come to be termed an M-delta model has become widely accepted and applied in the robust control literature. The M represents a transfer function matrix M(s) of the nominal closed loop system, and the delta represents an uncertainty matrix acting on M(s). The nominal closed loop system M(s) results from closing the feedback control system, K(s), around a nominal plant interconnection structure P(s). The uncertainty can arise from various sources, such as structured uncertainty from parameter variations or multiple unsaturated uncertainties from unmodeled dynamics and other neglected phenomena. In general, delta is a block diagonal matrix, but for real parameter variations delta is a diagonal matrix of real elements. Conceptually, the M-delta structure can always be formed for any linear interconnection of inputs, outputs, transfer functions, parameter variations, and perturbations. However, very little of the currently available literature addresses computational methods for obtaining this structure, and none of this literature addresses a general methodology for obtaining a minimal M-delta model for a wide class of uncertainty, where the term minimal refers to the dimension of the delta matrix. Since having a minimally dimensioned delta matrix would improve the efficiency of structured singular value (or multivariable stability margin) computations, a method of obtaining a minimal M-delta would be useful. Hence, a method of obtaining the interconnection system P(s) is required. A generalized procedure for obtaining a minimal P-delta structure for systems with real parameter variations is presented. Using this model, the minimal M-delta model can then be easily obtained by closing the feedback loop. The procedure involves representing the system in a cascade-form state-space realization, determining the minimal uncertainty matrix, delta, and constructing the state-space representation of P(s). Three examples are presented to illustrate the procedure
Validation and Verification (V&V) of Safety-Critical Systems Operating Under Off-Nominal Conditions
Loss of control (LOC) remains one of the largest contributors to aircraft fatal accidents worldwide. Aircraft LOC accidents are highly complex in that they can result from numerous causal and contributing factors acting alone or more often in combination. Hence, there is no single intervention strategy to prevent these accidents. Research is underway at the National Aeronautics and Space Administration (NASA) in the development of advanced onboard system technologies for preventing or recovering from loss of vehicle control and for assuring safe operation under off-nominal conditions associated with aircraft LOC accidents. The transition of these technologies into the commercial fleet will require their extensive validation and verification (V&V) and ultimate certification. The V&V of complex integrated systems poses highly significant technical challenges and is the subject of a parallel research effort at NASA. This chapter summarizes the V&V problem and presents a proposed process that could be applied to complex integrated safety-critical systems developed for preventing aircraft LOC accidents. A summary of recent research accomplishments in this effort is referenced
- …