Safety analysis of longitudinal motion controllers during  climb flight

T. Baar; H. Schulte

Geodesic

Parcourir par

Safety analysis of longitudinal motion controllers during climb flight

T. Baar ; H. Schulte

Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 4, pp. 488-501.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

During the climb flight of big passenger airplanes, the airplane's vertical movement, i.e. its pitch angle, results from the elevator deflection angle chosen by the pilot. If the pitch angle becomes too large, the airplane is in danger of an airflow disruption at the wings, which can cause the airplane to crash. In some airplanes, the pilot is assisted by a software whose task is to prevent airflow disruptions. When the pitch angle becomes greater than a certain threshold, the software overrides the pilot's decisions with respect to the elevator deflection angle and enforces presumably safe values. While the assistance software can help to prevent human failures, the software itself is also prone to errors and is – generally – a risk to be assessed carefully. For example, if software designers have forgotten that sensors might yield wrong data, the software might cause the pitch angle to become negative. Consequently, the airplane loses height and can – eventually – crash. In this paper, we provide an executable model written in Matlab/Simulink$^{\mathrm{\circledR}}$ for the control system of a passenger airplane. Our model takes also into account the software assisting the pilot to prevent airflow disruptions. When simulating the climb flight using our model, it is easy to see that the airplane might lose height in case the data provided by the pitch angle sensor are wrong. For the opposite case of correct sensor data, the simulation suggests that the control system works correctly and is able to prevent airflow disruptions effectively. The simulation, however, is not a guarantee for the control system to be safe. For this reason, we translate the Matlab/Simulink$^{\mathrm{\circledR}}$-model into a hybrid program (HP), i.e. into the input syntax of the theorem prover KeYmaera. This paves the way to formally verify safety properties of control systems modelled in Matlab/Simulink$^{\mathrm{\circledR}}$. As an additional contribution of this paper, we discuss the current limitations of our transformation. For example, it turns out that simple proportional (P) controllers can be easily represented by HP programs, but more advanced PD (proportional-derivative) or PID (proportional-integral-derivative) controllers can be represented as HP programs only in exceptional cases.

Keywords: cyber-physical system (CPS), formal safety analysis, hybrid automaton.

@article{MAIS_2019_26_4_a2,
     author = {T. Baar and H. Schulte},
     title = {Safety analysis of longitudinal motion controllers during  climb flight},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {488--501},
     publisher = {mathdoc},
     volume = {26},
     number = {4},
     year = {2019},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2019_26_4_a2/}
}

TY  - JOUR
AU  - T. Baar
AU  - H. Schulte
TI  - Safety analysis of longitudinal motion controllers during  climb flight
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2019
SP  - 488
EP  - 501
VL  - 26
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2019_26_4_a2/
LA  - en
ID  - MAIS_2019_26_4_a2
ER  -

%0 Journal Article
%A T. Baar
%A H. Schulte
%T Safety analysis of longitudinal motion controllers during  climb flight
%J Modelirovanie i analiz informacionnyh sistem
%D 2019
%P 488-501
%V 26
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2019_26_4_a2/
%G en
%F MAIS_2019_26_4_a2

T. Baar; H. Schulte. Safety analysis of longitudinal motion controllers during  climb flight. Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 4, pp. 488-501. http://geodesic.mathdoc.fr/item/MAIS_2019_26_4_a2/

Bibliographie
Cité par

[1] Stengel R. F., Flight Dynamics, Princeton University Press, 2004

[2] Yechout T. R., Introduction to Aircraft Flight Mechanics, American Institute of Aeronautics Astronautics, 2003

[3] Platzer A., Logical Foundations of Cyber-Physical Systems, Springer, Heidelberg, 2018 | MR | Zbl

[4] Platzer A., Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics, Springer, Heidelberg, 2010 | MR | Zbl

[5] Platzer A., “Logic and Compositional Verification of Hybrid Systems (Invited Tutorial)”, Computer Aided Verification, CAV 2011, LNCS, 6806, eds. Gopalakrishnan G., Qadeer S., Springer, Berlin–Heidelberg, 2011, 28–43 | MR

[6] Quesel J. D., Mitsch S., Loos S., Aréchiga N., Platzer A., “How to Model and Prove Hybrid Systems with KeYmaera: A Tutorial on Safety”, International Journal on Software Tools for Technology Transfer, 18:1 (2016), 67–91 | DOI

[7] Henzinger T. A., “The Theory of Hybrid Automata”, Proceedings, 11th Annual IEEE Symposium on Logic in Computer Science (New Brunswick, New Jersey, USA, 1996), 278–292 | MR

[8] Baar T., “A Metamodel-Based Approach for Adding Modularization to KeYmaera's Input-Syntax”, Proceedings, 11th A. P. Ershov Informatics Conference (Akademgorodok, Novosibirsk, Russia, 2019)

[9] Harel D., Kozen D., Tiuryn J., Dynamic Logic, MIT Press Cambridge, 2000 | MR | Zbl

[10] Frehse G., Kekatos N., Nickovic D., Oehlerking J., Schuler S., Walsch A., Woehrle M., “A Toolchain for Verifying Safety Properties of Hybrid Automata via Pattern Templates”, Proceedings, Annual American Control Conference (ACC) (Milwaukee, USA, 2018), 2384–2391

[11] Alur R., Courcoubetis C., Henzinger T. A., Ho P. H., “Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems”, International Hybrid Systems Workshop, LNCS, 736, Springer, Berlin–Heidelberg, 1991, 209–229 | MR

[12] Osher S., Sethian J. A., “Fronts Propagating with Curvature-dependent Speed: Algorithms Based on Hamilton-Jacobi Formulations”, Journal of Computational Physics, 79:1 (1988), 12–49 | DOI | MR | Zbl

[13] Tomlin C. J., Mitchell I., Bayen A. M., Oishi M., “Computational Techniques for the Verification of Hybrid Systems”, Proceedings of the IEEE, 91:7 (2003), 986–1001 | DOI

[14] Asarin E., Bournez O., Dang T., Maler O., “Approximate Reachability Analysis of Piecewise-Linear Dynamical Systems”, Hybrid Systems: Computation and Control, HSCC 2000, LNCS, 1790, eds. Lynch N., Krogh B.H., Springer, Berlin–Heidelberg, 2000, 20–31 | Zbl

[15] Clarke Jr. E. M., Grumberg O., Kroening D., Peled D., Veith H., Model Checking, second edition, MIT Press, 2018 | MR | Zbl

[16] Chen J., Patton R. J., Robust Model-Based Fault Diagnosis for Dynamic Systems, Kluwer Academic Publishers, Norwell, MA, USA, 1999 | Zbl

[17] Goupil P., Marcos A., Advanced Diagnosis for Sustainable Flight Guidance and Control: The European ADDSAFE Project, SAE technical paper 2011-01-2804, 2011

[18] Goupil P., Marcos A., “Industrial Benchmarking and Evaluation of ADDSAFE FDD Design”, IFAC Proceedings Volumes, 45:20, Proc. of 8th IFAC Symposium on Fault Detection, Supervision and Safety of Technical Processes (2012), 1131–1136 | DOI

[19] Grenaille S., Henry D., Zolghadri A., “A method for designing fault diagnosis filters for LPV polytopic systems”, Journal of Control Science and Engineering, 2008 | Zbl

[20] Christopher E., Thomas L., Hafid S., Fault Tolerant Flight Control: A Benchmark Challenge, Lecture Notes in Control and Information Sciences, 399, 2010

[21] Witczak M., “Fault Diagnosis and Fault-Tolerant Control Strategies for Non-Linear Systems”, Lecture Notes in Electrical Engineering, 266, Springer, 2014, 375–392 | MR

[22] Mitsch S., Loos S. M., Platzer A., “Towards Formal Verification of Freeway Traffic Control”, Proc. of the 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems, ICCPS, 2012, 171–180 | DOI

[23] Jeannin J. B., Ghorbal K., Kouskoulas Y., Gardner R., Schmidt A., Zawadzki E., Platzer A., “A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System”, Proc. of International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS, 2015, 21–36

[24] Platzer A., Quesel J. D., “European Train Control System: A Case Study in Formal Verification”, Formal Methods and Software Engineering, ICFEM 2009, LNCS, 5885, eds. Breitman K., Cavalcanti A., Springer, 2009, 246–265

[25] Frehse G., Le Guernic C., Donzé A.,Cotton S., Ray R., Lebeltel O., Ripado R., Girard A., Dang Th. Maler O., “SpaceEx: Scalable Verification of Hybrid Systems”, Computer Aided Verification, CAV 2011, LNCS, 6806, eds. Gopalakrishnan G., Qadeer S., Springer, 2011, 379–395 | MR

[26] Chen X., Ábrahám E., Sankaranarayanan S., “Flow*: An Analyzer for Non-linear Hybrid Systems”, Computer Aided Verification, CAV 2013, LNCS, 8044, eds. Sharygina N., Veith H., Springer, 2013, 258–263 | MR

[27] Cimatti A., Griggio A., Mover S., Tonetta S., “HyComp: An SMT-Based Model Checker for Hybrid Systems”, Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS, 9035, eds. Baier C., Tinelli C., Springer, 2015, 52–67

[28] Silva B.I., Krogh B.H., “Formal Verification of Hybrid Systems Using CheckMate: A Case Study”, Proceedings of the 2000 American Control Conference, v. 3, 2000, 1679–1683

[29] Zolghadri A., “Advanced Model-Based FDIR Techniques for Aerospace Systems: Today Challenges and Opportunities”, Progress in Aerospace Sciences, 53 (2012), 18–29 | DOI

[30] Grenaille S., Henry D., Zolghadri A., “A Method for Designing Fault Diagnosis Filters for LPV Polytopic Systems”, Journal of Control Science and Engineering, 2008, 1–11 | DOI

[31] Witczak M., Dziekan L., Puig V., Korbicz J., “Design of a Fault-Tolerant Control Scheme for Takagi-Sugeno Fuzzy Systems”, Proc. 16th Mediterranean Conference on Control and Automation, 2008, 280–285