Hybrid Modeling and Analysis of Error Recovery in Safety Critical Flight Control Systems

安全关键飞行控制系统中错误恢复的混合建模和分析

• 批准号: 0209094
• 负责人: Oscar Gonzalez
• 金额: $ 12万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-08-15 至 2004-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0209094&HistoricalAwards=false
• 关键词: Hybrid; Modeling; Analysis; Error; Recovery

Oscar R. GonzalezCCR-0209094"Hybrid Modeling and Analysis of Error Recovery in Safety Critical Flight Control Systems"Embedded computer systems have become an essential component of technological products and systems. An example is the safety-critical real-time computer systems on board the Boeing 777, a digital fly-by-wire aircraft. To completely certify that safety-critical systems will operate as intended requires the validation and verification of both the software and the hardware. An additional challenge is the use of safety critical systems in harsh environments that produce electromagnetic interference (EMI) such as high intensity radiated fields (HIRF) or lightning. Under these harsh conditions, it is known that triple modular redundancy, error correcting codes, and other fault-tolerant computing techniques are of limited use, since multiple fault containment regions are near-simultaneously affected by correlated or common-mode faults. The project is developing enhanced models and analysis tools from the ground up, that is, it starts with models of the physical system, the controller, and the environment in order to study the stability of closed-loop systems and the safety properties of embedded software. To make sure that the theoretical foundations being developed are sound, a particular class of systems is considered: computer systems with error recovery, which control physical processes and mitigate the effects of common-mode faults. The external events are triggered with a certain probability by the presence of a harsh electromagnetic disturbance. The internal events are generated by the error recovery logic. This class of systems is hybrid since it includes the continuous-time dynamics of the process under control and of the electromagnetic environment, the discrete-time dynamics of the controller, and the models for the transitions. The models and tools being developed are enhancements of switched system models and analysis tools. Their capabilities are validated together and independently with a particular flight control system. The controller is being implemented using an architecture that has been evolving for the past 30 years: rollback recovery. This architecture has been widely used in digital process control systems and in real-time database transaction systems. In particular, a rollback error recovery architecture using dual-lock step processors is part of a prototype of a recoverable computer system (RCS) being investigated by a NASA-industry partnership to deal with transient or soft common-mode faults. The new models will be validated using data from NASA Langley Research Center's HIRF Laboratory via a Cooperative Research Agreement. The analytical tools developed in this project will allow system designers to quickly evaluate new recoverable computer architectures before doing the more expensive and time consuming physical tests.

OSCAR R.GonzalezCCR-0209094《安全关键飞行控制系统错误恢复的混合建模与分析》嵌入式计算机系统已成为科技产品和系统的重要组成部分。一个例子是波音777上的安全关键实时计算机系统，这是一种数字电传飞机。要完全证明安全关键系统将按预期运行，需要对软件和硬件进行验证和验证。另一个挑战是在产生电磁干扰(EMI)的恶劣环境中使用安全关键系统，如高强度辐射场(HIRF)或闪电。在这些苛刻的条件下，已知三模冗余、纠错码和其他容错计算技术的使用是有限的，因为多个故障包含区域几乎同时受到相关或共模故障的影响。该项目正在从头开始开发增强的模型和分析工具，即从物理系统、控制器和环境的模型开始，以研究闭环系统的稳定性和嵌入式软件的安全属性。为了确保正在开发的理论基础是健全的，考虑了一类特殊的系统：具有错误恢复的计算机系统，它控制物理过程并减轻共模故障的影响。外部事件是由恶劣电磁干扰的存在以一定的概率触发的。内部事件由错误恢复逻辑生成。这类系统是混合的，因为它包括受控过程和电磁环境的连续时间动态，控制器的离散时间动态，以及转换的模型。正在开发的模型和工具是对切换系统模型和分析工具的增强。它们的能力通过特定的飞行控制系统一起和独立地进行验证。控制器的实施使用了一种在过去30年中不断发展的体系结构：回滚恢复。该体系结构已广泛应用于数字过程控制系统和实时数据库事务系统中。具体地说，使用双锁步骤处理器的回滚错误恢复体系结构是NASA-行业伙伴关系正在研究的可恢复计算机系统(RCS)原型的一部分，以处理瞬时或软共模故障。新模型将通过合作研究协议使用NASA兰利研究中心HIRF实验室的数据进行验证。在该项目中开发的分析工具将允许系统设计人员在进行更昂贵和更耗时的物理测试之前，快速评估新的可恢复计算机体系结构。