d0e5a75bb69dabb8b37ae4f4d1cfe5bd.ppt
- Количество слайдов: 21
Vulture II Unmanned Aircraft System Reliability Russell W. Morris, Technical Fellow, BSEE, MCSE, SM IEEE, M INCOSE The Boeing Company
Abstract Boeing Defense and Space Development of Unmanned aircraft avionic systems design generally takes two paths; fully autonomous (with update) and semi-autonomous or remotely piloted aircraft. The reliability and systems engineering elements for these aircraft take different forms specifically for the RPV versus the UAV. A generalized comparison of the attributes of these two different types of system is presented along with the major elements of their employment challenges. Both vehicle types are dependent upon significant level of fault detection an isolation and redundancy management as well as ability to return to base or alternate field in the event of a failure. Mission duration plays a major role in the reliability demands on the system. An element that must be included is the potential for multiple failures or interrupts combined with other effects such as those associated with radiation. This presentation addresses the global system attributes and design reliability elements needed to ensure safety of flight and successful mission completion.
Unmanned Aircraft System Architectures Boeing Defense and Space § Problem Statement o o UAC must be perceived to be as good as manned UAC must be capable of see and avoid if used in manned AC flight paths § Solution Space o o Limited size, weight and power (SWAP) and reliability Must use sensors to replace the human (adds to SWAP) § Depending on AC type may be unconditionally unstable o Flight control is critical § System must include Ground Operations o Electronics and man elements § Define Success and Failure (not necessarily inverse) § Two types of AC o o Remotely Piloted Vehicles (RPV) – man in the loop Unmanned Autonomous Vehicles (UAV) – man planning the flight
General Operating Requirements Metric Low Medium Boeing Defense and Space High Temperature F (C) -40 C to +55 C -90 C to +75 C Altitude Ft (m) <5000 (1. 6 Km) >60, 000 (>12 Km) Vibration Grms(hz) . 25 grm 3 grms Shock Gs, ½ sine peak 3 11 Radiation h. e-. p+, CR, g 10 h/cm 2/hr 8000 h/cm 2/hr + flares Humidity %RH/Condensing 90 0 -100 Sand Dust Silica/Basalt Blowing S&D Volcanic Si/Basalt Fungus Acidic surface effects Aerosols Acidic/Base Duration hours . 25 -1 Winds Mph (Kmph) -100 Ozone corrosive HNO 3, H 2 SO 4, 1 -6 6 -120+ +100 1000 ppm
NASA Crash Course Review Boeing Automated Landing and Takeoff Boeing Defense and Space • Pilot is removed – but all flight control elements reside in a van not a cockpit • Rely extensively on Radio Communications – compounds C&C • Must provide for contingencies ahead of time – humans must identify and code ALL possible scenarios. • System must still interact with ATC, ARTCC, … NASA – Crash Course - Lessons Learned from Accidents involving Remotely Piloted and Autonomous Vehicles 2013 Takeoff WP: Go / No-Go Decision Point (Commit to takeoff) Takeoff Hold WP: Pilot command takeoff to proceed. Runway Aimpoint WP: Reference point for landing glideslope. End of Runway WP: WP points to self. Runway Hold WP: Monitor wait for ATC clearance before proceeding to runway. Taxi Phase: Monitor vehicle health and taxi performance; command stop if necessary. Proceed to Runway: Monitor vehicle health and taxi performance; command stop if necessary. Waypoint Types = Steering Waypoint = Hold Waypoint = End of Runway Waypoint = Runway Aimpoint WP Courtesy of the Boeing Company
On-board Avionic Systems § § Boeing Defense and Space Controls the vehicle (Flight Controls) Navigates the vehicle (Guidance) Controls subsystems (Subsystem Control) Adapts to emergencies (Contingency Management) § Safety/Reliability Criteria o o o MAC PLOC <1*10 -5 (CAC<1*10 -10) MAC PLOA <1*10 -6 (CAC<1*10 -9) MR>0. 9 MAC – Military Aircraft CAC – Commercial Aircraft These drive the architecture and design and reliability is allocated to all levels fo the aircraft
Mission Avionics Boeing Defense and Space § Tested to assure ability to acquire and transmit information § Weapons require man in the loop § Drives communication reliability o o Real time data is paramount Pipes must be large enough to handle detailed data § Must be able to detect on-board MS failures or respond to commanded RTB § Usage Profiles o o o Aerial Surveillance Communication Relay Surveying o Oil and Gas o Archeology o Disaster Assessment o o o Motion Pictures Military Cargo Transport
Flight Control Boeing Defense and Space § Ability to navigate/fly mission with or without update and in the event of communication loss follow the embedded protocol o o Requires extensive mission planning for way points and flight variables (speed, altitude, etc. ) Human reliability in the mission planning process becomes critical § Requires significant testing to assure safety of flight out-bound or inbound over friendly territory and minimize potential loss in Indian country. o o Autocode generation can reduce general errors – Unique errors can still exist if ground rules and assumptions are wrong § Primary VMS software functions: o o o Autonomously controls the air vehicle Implements Redundancy Management (RM) and Contingency Management (CM) Interfaces with air vehicle's Avionics subsystems Interfaces with Mission Management System Computer Supports the operational modes § Requires Ground Support Station(s) and Communications to perform Mission Software does not fly the air vehicle – hardware does –
RPV Boeing Defense and Space § Single-Dual architecture with direct link § Must make allowances for lag time in communication and command control § Potential for loss of vehicle is high given the generalized failure mechanisms and modes even when including attributes of auto RTB o o o High winds Gusting winds Single point failures § See and Avoid not used in Indian country o o Must be able to follow ARTCC or ATC commands Or Must be within visual range at all times § Loss of Navigation o Flew East and kept on flying § Loss of Control o Changed flight station – engine shut off
Boeing Defense and Space UAV § Triplex-Quad, majority voting § Ability to resync o o o CCDL (Common Computer Data Link) Commanded Reset Commanded Power Cycle § Ability to update or redirect aircraft is considered a prime requirement § Satellite like reliability for long endurance o o Robustness Redundancy o Functional o Actual § Microprocessor and Memory driven The Boeing Company
Example Boeing Defense and Space § Post crash analysis o 157 single point failures o Single noise transient on power bus would reset both computers o Jammed or frozen or loss of a flight control surface would result in inability of AC to fly to way points o To auto balance fuel – open port between main tanks – no bank control of fuel o Single actuation of LG doors – single failure in string would result in inability to lower landing gear o Common software could result in inflight loss of control o Flight Control system is critical for unconditionally unstable aircraft Lockheed Martin
Reliability/Architectural Drivers Boeing Defense and Space § Duration § Safety o Category 1 Hull Loss o PLOA o PLOC o CAT 2 Major Damage § Mission Criticality o o Danger Close ISR Proceedings of the 2012 IEEE, International Conference on Robotics and Biomimetics December 11 -14, 2012, Guangzhou, China’”An Implement of RPV Control System for Small Unmanned Helicopters” Yicheng Zhang, Tianmiao Wang, Jianhong Liang, Chaolei Wang, Yang Chen, Yi Zhou, Yubao Luan, Han Gao
Two Major Type of Avionics on board and Ground Flight Control Boeing Defense and Space § Mission o o o AC management Mission Package - Supplier built (e. g. , EO/IR, SCR, SAR, etc) Communications § Flight Control o o o Navigation Engine control (FADEC) Fuel control (CG) § Communication is THE major link § One or two stations o o Fully redundant controls Capability to split workload o Flight o Mission Package "CBP unmanned aerial vehicle control" by Gerald Nino, CBP, U. S. Dept. of Homeland Security - CBP
Boeing Defense and Space Generalized Example Mission Duration – 4 hours Range >500 nm Intermediate operating altitude ISR mission type MR>0. 9 Autonomous Operation with inflight route planning updates Autonomous landing and take off under control of ATC Communication Command & Control Mission Plan Waypoint s Autonomou s Actions § § § § Flight Control (inner loops) Navigation Redundancy & Contingency Management CM Monitor Status (Set / Clear) Actuator Command s PLA Comman d Subsystem Control Propulsion Fuel ECS : Subsystem H/W Interface
Microprocessor/Memory Failure Boeing Defense and Space § Structure o o o Internal registers I/O registers Cache Memories § Level of damage o o o Upset Latch up Burnout § Error Detection Codes o o o Can slow down processor If encryption is involved makes processing worse Need for CCDL (Cross Channel Data link) to monitor and resync microprocessors § Current technologies are too oriented to consumer market to be usable by aerospace
UAV/RPV Computing Basic Structure HW App 1 HW Test Clock HW App 2 CCDL Memory HW HW HW • • Timers Discretes HW App n-1 Boeing Defense and Space HW App n Isolation Layer Operating System § § Isolation layer prevents OS from becoming corrupted Isolation provides interface between API OS is both control and real time System is run synchronously to prevent race conditions and to ensure proper timing for critical events
SW Systems § § § Boeing Defense and Space Synchronous (Command Control) Asynchronous (Emergent operation and independent sensor) Master/Slave (Provides a who is driving) Majority Voting (Ensures that single failures do not affect operation) Mediator to assess failure conditions and force fights between asynchronous operation § Extensive use made of prior history for: o o o o Simulation Emulation Autocode Generation Envelope testing Parametric Testing Use Case Testing Simulation of element out conditions o Communication o Flight control o Engine control
Reliability Of HALE Aircraft Boeing Defense and Space § Mission Reliability for long duration aircraft can no longer be based on mean time to failure (exponential distribution: § Recommend use of failure distributions: o o Gaussian (Normal) Weibull, Beta>1 Log-Normal Exponential (Limited)
Use Dominant Failure Modes to Assess Reliability Factor Boeing Defense and Space Failure Mode Structural failure (catastrophic) Binding or jamming Time Stress Distribution Normal Fatigue Time, cycles, stress Normal Fails to remain in position (Drift) Leakage Fails closed Fails open Out of tolerance (high/low) Open Circuit-Electrical Short Circuit-Electical Fails to Operate Intermittent operation Reduced flow Erratic operation Erroneous failure indication (false positive/negative) Fails to start Incorrect Timing Fails to Charge Overheat Fails to charge Over/Under Pressure Output Open, Short or floating - Electronic Dielectric Leakage (electrical) Time, cycles Wear, Corrosion Jam, wear, time Random Time Random Time, Chemistry Time, cycles Operational Use Time - physics Time, Chemical Degradation Normal Weibull Exponential Exponential Binomial Weibull Normal Weibull Solder Creep, fatigue Weibull 19
Boeing Defense and Space CONCLUSION
Unmanned Aircraft Boeing Defense and Space § Have and continue to be a future for aviation § Require focused design and development for ‘removing the human from the aircraft’ § Can do some flying that humans can’t § Demands extensive testing for verification and validation § Requires man plan for ALL contingencies § Automation is the source of loss of sharpness of pilots § RPV pilots can’t ‘feel’ the aircraft § Lag time between command execution can be hazardous § Long Duration demands much higher reliability to achieve safety and high probability of mission success
d0e5a75bb69dabb8b37ae4f4d1cfe5bd.ppt