agard ar 281
TRANSCRIPT
-
8/11/2019 Agard Ar 281
1/28
I
ADVISORY GROUP
FOR
AEROSPACE RESEARCH & DEVELOPMENT
I
GARD ADVISORY REPORT
No 28
I
,I/ ' ..l O
Technical Evaluation Report
on the
Guidance and Control Panel
49th Symposium on
Fault Tolerant Design Concepts for
Highly Integrated Flight Critical
Guidance and Control Systems
(Systkmes Tolkrants amFautes pour les Phases
Critiques du Guidage et Pilotage)
N O R T H A T L A N T I C T R EA T Y O R G A N I Z A T I O N
-
-
8/11/2019 Agard Ar 281
2/28
-
8/11/2019 Agard Ar 281
3/28
AGARD-AR-281
NORTH ATLANTIC TREATY ORGANIZATION
ADVISORY GROUP FOR AE ROSPACE RE SE ARCH AND DE VE L OPME NT
(ORGANISATION DU TRAITEDE L 'ATLANTIQUE NORD)
AGARD Advisory Report No. 28
3
TECHNICAL EVALUATION REPORT
on the
GUIDANCE AND CO NTROL PANEL49th SYMPOSIUM
on
Fault Tolerant Design Concepts for Highly Integrated
Flight Critical Guidance and Control Systems
(Systkmes Tolkrants aux Fautes pour les Phases Critiques
du Guidage
et
Pilotage)
Monsieur Bernard Chaillot
Direction des Recherches et Etudes Techniques
(SCDEKTDN)
26 boulevard Victor
F-75996 Paris ArmCes
The Guidance and Control Panel 49th Symposium was held at the Ecole Nationale SupCrieure de
YACronautique et de YEspace
in
Toulouse, France, from 10th to 13thOctober, 1989.
The papers presented at the Symposium were compiled as Conference Proceedings CP-456.
-
8/11/2019 Agard Ar 281
4/28
The
Mission
of AGARD
Accordin g to its Cha rter, the mission of AGAR D is tobring together the leading personalities
of
the NA TO nations in the fields
of
science an d technology relating to aero space fo r the following purposes:
-
ecommending effective ways for the member nations to use their research and development capabilities for the
comm on benefit
of
the NA TO community;
-
roviding scientific and technical advice a nd assistance to the M ilitary Com mittee in
the
field of aerospace research
and d evel opm ent (with particular regard t o its military application);
-
ontinuously stimulating advan ces in the aerosp ace sciences relevant to strengthening th e comm on defence po sture;
- mproving the co-operation among member nations in aerospace research and deve lopment;
-
xchange
of
scientific and technical information;
-
roviding assistance t o memb er nations for the purpose
of
increasing their scientific and technical potential;
-Ren derin g scientific and technical assistance, as requested,
to
other NATO bodies and to member nations in
connection with research and develo pment problems in the aerospace field.
Th e highest authority within AG AR D is the National Delegates Board consisting
of
officially appo inted senior rep resentatives
from each member nation. Th e mission of AG AR D is carried out through the Panels which are composed of experts appointed
by the National Delegates, the Consultant and Exchange Programme an d the Aerospace A pplications Studies Programme.
Th e results
of
AGA RD work are reported
to
the member nations and the NA TO Authorities through the AGA RD series
of
publications
of
which th is is one.
Participation in AG AR D activities is by invitation only and is normally limited to citizens
of
the NATO nations.
Th e content of this publication has been reproduced
directly from material supplied by AGA RD or the authors.
Published May
1990
Copyright AGARD
1990
All Rights Reserved
ISBN 92-835-0559-X
Printed
y
Specialised Printing Services Lim ited
40Chigwell Lan e Loughton Essex
IGIO 3Tz
ii
-
8/11/2019 Agard Ar 281
5/28
Preface
The trend towards highly integrated systems continues to expand at a rapid rate. Recent examples include automated
maneuvering attack systems, flight control/fire control coupling, mission senso r management, real-time armam ent fuzing and
propulsion coupling/performance optimization.
The prospect of improv ed mission effectiveness through integrated systems is a very real an d powerful motivation with far
reaching implications. Recent advances in microprocessor technology are bringing about fundamental changes in several
traditional functional dom ains. Specifically, systems arch itecture re quirem ents, partitioning consideratio ns and functional
performance parameters take on new meaning in the context of fully integrated flight critical systems. Effective system
integration focu ses
on
end-item functional perfo rmanc e using the most efficient mechanization possible. In this regard, system
wide consideration of sensing elements, compu tational elements and co mm and signalling loops ar e critically important. Crew
station design considerations and the pilots role must also be thoroughly assessed vis-a-vis varying levels of task automation
and overall system wide integrity management requirements.
Achieving the full potential of integrated systems is highly depen dent up on dem onstrating ade quate reliability, safety and
survivability. Historical evidenc e indicates th at interfacing subsystems can introd uce serious com promises in overall system
safety and perform ance. High integrity software is essential. Satisfying stringent flight critical system req uireme nts necessitates
innovative fault tolerant design approache s and mechanization schemes. Addin g redund ancy levels across the full spectrum of
system elements is a self-limiting app roac h based on practical considerations of weight, volume, cost and supportability.
Reconfiguration strategies, graceful degrada tion and ae rodyna mic redundancy a re but a few of the mode rn conce pts currently
und er development. State estimation techniques in conjunctio n with artificial intelligence technology also offer potential fault
tolerance enhancements. Blending system elements for fully integrated
or
multi-purpose usage under both nominal and
extreme operating conditions, requires an ntensive system integration effort to achieve a cceptab le levels
of
fault tolerance.
This symposium focused on advan ced fault tolerant design concep ts and their practical application to integrated flight critical
military systems.
* *
La tendance vers les systkmes hautement int tgr ts se developpe rapidement. Des exemples rtcents concem ent les manoeuvres
automatiques dans la phase dattaque, le couplage des systkmes de pilotage automatique et de contrble des arm ements, les
dispositifs permettant la supervision de la mission, la mise
6
jour automatique darmes et loptimisation globale des
performances par inclusion du contrble de la propulsion.
La perspectiv e dune amtlio ration d e lefficacitt dune mission grCce
a
lintkgration des systkmes est une m otivation rtel le et
puissante avec des constquences long terme. Les rtcents progrks dans le domaine des microprocesseurs apportent des
changements fondamentaux dans certains domaines traditionnels. Plus prtcistment, les exigences de larchitecture des
systkmes, la ripartition des fonctions et les performances des paramktres fonctionnels prennent un nouveau sens dans le
contexte d e systkmes hautement i ntt grt s contrblant les phases critiques d e la mission. Lefficacitt des systkmes in ttg rts
recherch e les perform ances en bou t d e chaine en utilisant la meilleure automatisation: les tltm en ts capteurs, les calculateurs et
les informations sur lttat du systkme conditionnen t
le
succks. La co nception des postes d e pilotage et les rbles des pilotes
doivent &tredtfini s avec soin en face des tCches auto ma tistes ainsi que les sptcification s de lensemble du systkme largement
inttgrt.
Laboutissement du potentiel total des systkmes inttg rts d tpe nd largement d e la demonstration dune fiabilitt, stcurit6 et
survivabilitt adtqua tes. Dans le pass&, il est apparu qu e linterconnexion de sous-systkmes peut conduire de stvkres
compromis sur les performances et la stcuritt globales du systkme. Des logiciels
a
haute fiabilitt sont ntcessaires. La
satisfaction des contraintes dl e s
a
la phase critiqu e de la mission ntcessite des concep ts nouveaux dan s la toltranc e aux fautes
et dans les sch tmas &architecture et &automatisation du systkme. Ladjonction d e composants, par redondanc e et h tous
niveaux, est un processus qui a ses propres limites pour des questions de poids, de volume, d e co lt et d e rialisation. Les
strattgies de reconfiguration, de d tgradation acceptables et de redon dance atrodyna mique sont quelques uns, parmi la
multitude, des concepts couram men t utilists. Les techniqu es destimation d e lttat du systkme lites celles d e la technologie d e
lintelligence artificielle offrent tgaleme nt un potentiel d e rtsista nce aux fautes. Linterconnexion poussCe d&lCmentsdu
systkme pour une integration totale ou une utilisation polyvalente du systkme a la fois en con ditions nominales et en con ditions
extremes ntcessi te un effort dinttgration intensif pou r atteindre un niveau de toltr anc e acceptab le aux pannes.
Ce symposium sest int tre sst aux con cepts avancts de systkmes toltrants aux fautes, a leurs applications au x systkmes in ttg rts
militaires critiques.
i i i
-
8/11/2019 Agard Ar 281
6/28
Guidance and Control Panel O ficers
Chairman: Ir P.Ph.van den Broek
Deputy Chairman:
Prof essor E.B.Stear
Departmen t of A erospace Engineering
Delft University
of
Technology
Kluyverweg
1
262 9 HS Delft
.
The N etherlands
Director, W ashington Technology Center
University of Washington
376 Loew Hall- HlO
1013
NE
0th Street
Seattle, WA 98 195
United States
TECHNICAL PROGRAMME COMM ITTEE
Chairman:
Mr J.K.Ramage us
Members: r
M.J.Pelegrin
FR
Pr J.T.Shepherd UK
Mr U.K.Krogmann GE
Mr D.E.McIver
us
D r G.T.Schmidt us
Pr E .B.Stear us
PANEL EXECUTIVE
From Europe:
For USA and Canada only:
Executive, GCP Attention: GCP Executive
AGARD-OT AN O New York 09777
7 rue Ancelle
F-9 220 0 Neuilly-sur-Seine, France
Telephone: 33 (1)4738 5780 -Telex: 610 176F- ax: 33 (1) 4738 5 799
Commandant M.Mouhamad, FAF AGA RD-NA TO
HO ST COORDINATOR
Dr
Marc J.Pelegrin
Haut Conseiller
ONEW C E R T
BP 4025
2 avenue Edoua rd Belin
F-31055 Toulouse
France
Telephone: 33 (61) 557 077 -Telex: 521 596 -Fax: 33 (61) 55 7172
ACKNOWLEDGEMENTSIREMERCIEMENTS
The Panel wishes to express its thanks to the French National Delegates to A GA RD for the invitation to ho ld this meeting in
their country and for the facilities and p ersonnel which make the m eeting possible.
Le Pan el tient
leurs pays et de la m ise
a
disposition de personnel et de s installations nices saires.
remercier les DCligu is Nationaux de la France pr ts I'AGARD de leu r invitation
a
tenir cette reunion dans
iv
-
8/11/2019 Agard Ar 281
7/28
Contents
PREFACE
PANEL OFFICERS AND PROGRAMME COMMI lTEE
TECHNICAL EVALUATION R EPORT
EXECUTIVE SUMMARY
1. TERPURPOSE
2. INTRODUCTION
3. REVIEW
OF
SYMPOSIUM PROCEEDINGS
3.1 Keynote Address
3.2 Technical Papers
3.3 Round Table Discussion
4.
CONCLUSIONS
5 RECOMMENDATIONS
APPE NDIX : Final Program
V
Page
iii
iv
1
2
2
3
3
4
9
10
10
12
-
8/11/2019 Agard Ar 281
8/28
a
-
8/11/2019 Agard Ar 281
9/28
I
TECHNI CAL EVALUATI ON REPORT
Ber nar d Chai l l ot
Sous - Di r ec t i on Coor di nat i on et Eval uat i on
Di r ect i on des Recherches, Etudes et Techni ques
by
00460 ARMEES
-
FRANCE
EXECUTI VE SUMMARY
The 49t h symposi um of t he AGARD Gui dance and Cont r ol Panel ( GCP) was hel d i n
Tou l ouse , F r ance 10- 13 Oct ober 1989. The symposi um deal t wi t h advances i n met hods and
t ec hnol ogi es t o des i gn and val i dat e hi ghl y i nt egr at ed, f aul t t ol er ant , f l i ght c r i t i c al
gui dance and cont r o l syst ems.
Over t he past 20 year s t he gui dance and cont r ol communi t y has pi oneer ed a
number of s i gni f i cant t echnol ogy advancement s, whi ch have had a r a t her pr o f ound i mpact
o n c ombat c apabi l i t i es of moder n day m l i t ar y ai r c r a f t .
Cur r ent t ec hnol ogy t r ends c l ear l y poi nt i n t he di r ec t i on of hi ghl y i nt egr at ed
s ys t e ms t o ac hi e ve i nc r e as i ng l evel s of m s s i on ef f ec t i venes s .
The sympos i um pi npo i nt ed r equi r ement s , concept s , f l i ght t es t s and c l ear ance
aspect s o f f l i ght c r i t i cal cont r o l sys t ems . The des i gn exampl es cover ed a br oad range
of ai r c r af t s : c ommer c i al ai r pl ane, m l i t ar y ai r c r a f t and hel i c opt er . The c r i t i c al and
i ntegr at ed aspect s of new gui dance and cont r ol i ss ues wer e addressed and emphasi s was
gi ven t o Ter r ai n Fol l owi ng, Ter r ai n Avoi danc e, Rec onf i gur abl e Co nt r o l , Vehi c l e
Management , Mi ss i on Management , Mai nt enance Di agnosi s.
The t r end f o r hi ghl y i nt egr at ed sys t ems has sever a l f a r r eachi ng i mpl i ca t i ons
wi t h respec t t o ove ra l l sys t em wi de i nt egr i t y management . For exampl e, r ecent advances
i n m cr opr ocessor t echnol ogy have br ought about f undament a l changes i n severa l
t r adi t i onal f unc t i onal domai ns .
As
a
r es ul t , s ys t e m ar c hi t ec t ur e , f unc t i onal pos i t i oni ng and s ys t e m
per f or mance par amet er s t ake on new meani ng i n t he cont ext of
a
t ot al i nt egr at ed s ys t e m
des i gn.
Cl ass i cal appr oaches i nvol v i ng br ut e - f o rce r edundancy , i n concer t wi t h t he
us e o f - ul t r a hi gh r el i abi l i t y pi ec e par t s ar e s el f - l i m t i ng, and s i mpl y ri ot pr a ct i c al
f or appl i c at i on i n hi ghl y i nt egr a t ed m l i t ar y ai r c r af t f l i ght c r i t i c al s ys t ems .
For m l i t ar y ai r c r a f t a ppl i c at i ons , t he key ques t i ons r emai n one o f
/
/ c apabi l i t y, af f or dabi l i t y and pr act i cal i t y .
Anot her k ey i s s ue o f i nt egr at ed f aul t t ol er a nt s ys t em i s sy s t e m v al i dat i on.
Al t hough t r adi t i ona l methods a r e appl i cabl e new t echni ques and t es t phi l o sophi es ar e
r equi r ed t o as s ur e ov er al l s ys t em wi de i nt egr i t y .
The GCP Work i ng Gr oup 9 dea l t wi t h t h i s key i ssue by provi di ng det a i l ed
assessment s and r ecomm ndat i ons f or t he f ut ur e . F i na l r epor t
i s
pl anned f or p ubl i c at i on
i n 1990.
F
Ai r v ehi c l es ar e i nc r eas i ngl y r e l i ant o n aut omat ed f l i ght c r i t i c al s ys t ems
;
emphasi s must be gi ven wi t hi n AGARD t o aut omat ed ai r vehi c l e st udi es and oper at i onal
accept ance of c r ew onl y f o r superv i s i on.
Moder n day gui dance and cont r ol sys t ems must be consi der ed
as
a t ot al s ys t em
e nt i t y , i nc l udi ng t h e human pi l o t or s uper v i s or - v ehi c l e i nt er f ac e.
I n t hi s con text , i nnovat i ve f aul t t o l e rant t echnol ogy appr oaches must be
deve l oped and val i dat ed, i f we ar e t o achi eve expanded m ss i on capabi l i t i e s t hr ough
hi ghl y i nt egr at ed s ys t ems . Fai l ur e t o pr oper l y ac hi eve t hi s , c oul d f ur t her aggr avat e
ac ci dent s t at i s t i c s wi t h t he i nt r oduc t i on of h i ghl y i nt egr a t e d f l i ght c r i t i c al s ys t e ms .
-
8/11/2019 Agard Ar 281
10/28
2
TECHNI CAL EVALUATI ON REPORT ( TER) on t he
49TH GUI DANCE AND CONTROL PANEL TECHNI CAL MEETI NG
Symposi um on
FAUL T TOL ERANT DESI GN CONCEPTS FOR HI GHL Y I NTEGRATED FL I GHT
CRI TI CAL GUI DANCE AND CONTROL SVSTEMS
1. TER PURPOSE
Thi s Techni ca l Eva l uat i on Report has been pr epared t o summar i ze and assess
t he 49t h Gui dance and Cont r ol Symposi um
T he t i t l e of t he Sy mpos i um i s F aul t T ol er a nt De s i gn Co nc ept s f o r Hi ghl y
I nt egr a t e d F l i ght Cr i t i c al Gui danc e and Cont r ol S y s t e m. I t wa s hel d i n T ou l o us e ,
F r a nc e, f r o m 10 t o 13 Oct ober 1989. The pr ogr am Chai r man f or t h i s meet i ng was
Mr
J . K .
RAMAGE.
The pr ogr am as pr esent ed at t he sympos i um i s appended t o t hi s r epor t . The
compl et e compi l at i on o f paper s wi l l be publ i shed as AGARD Conf er ence Pr oceedi ngs .
2. I NTRODUCTI ON TO THE SYMPOSI UM
The meet i ng t ook p l ace a t t he Eco l e Nat i ona l e Supkr i eur e de 1 Ak r onaut i que et
de 1 Espace ( o r SUP AERO) , an i ngeneer s choo l ( Haut e Eco l e ) o f t he F rench Mi ni s t r y o f
Def ence.
2. 1. SvmPosium o b i e c t i v e s :
Th i s sympos i um i s f ocused on advanced f aul t t o l e rant des i gn concept s and
t h ei r p r ac t i c al appl i c at i on t o i nt e gr at e d f l i ght c r i t i c al m l i t a r y s ys t ems .
The t r end t owar ds h i ghl y i ntegrat ed sys t ems cont i nues t o expand at a rapi d
r a te . Recent exampl es i nc l ude aut omated maneuver i ng at t ack sys t ems , f l i ght cont r o l / f i r e
cont r o l coupl i ng, m ss i on sensor management , r eal - t i me ar mament f uz i ng and pr opul s i on
c oupl i ng/ pe r f o r ma nc e opt i m z at i on.
The l u re o f i mpr oved m ss i on e f f ec t i veness t h rough i nt egr a ted sys t ems i s a
ver y r eal and power f u l mot i vat i on wi t h f a r r eachi ng i mpl i ca t i ons . Recent advances i n
m cr opr ocesso r t echnol ogy ar e br i ngi ng about . f undament a l changes i n severa l t r adi t i ona l
f unc t i onal domai ns . Spec i f i c al l y , s ys t ems a r c hi t ec t u r e r equi r e ment s , par t i t i oni ng
cons i der at i ons and f unct i ona l per f ormance paramet ers t ake on new meani ng i n the cont ext
of f ul l y i nt e gr a t ed f l i ght c r i t i c al s ys t e ms . Ef f ec t i ve s ys t e m i nt egr a t i on f oc us es o n
e nd- i t em f unc t i o na l per f or ma nc e us i ng t he mos t e f f i c i e nt me cha ni z a t i o n po ss i bl e. I n
t h i s r egar d , s ys tem wi de cons i der a t i on o f sens i ng e l ement s , comput a t i ona l e l ement s and
c omma nd s i gna l l i ng l o ops ar e c r i t i c al l y i mpor t ant . Cr e w s t at i o n des i gn c ons i de r a t i o ns
and t he p i l o t s r o l e mus t a l so be tho roughl y as sessed v i s - &- v i s var y i ng l eve l s o f t ask
aut omat i on and over a l l sys t em wi de i ntegr i t y management r equi r ement s .
Ac hi ev i ng t he f ul l po t e nt i al o f i nt egr a t e d s y s t e ms i s hi ghl y dependent upon
demons t r at i ng adequat e r e l i abi l i t y , s a f et y and s ur v i v abi l i t y . Hi s t or i c al ev i denc e
i ndi c at es t ha t i nt er f a ci ng s ubs y t e ms c a n i nt r o duc e s er i o us c ompr o m s e s i n o ve r a l l
s y s t e m s af et y a nd pe r f o r ma nc e. Hi gh i nt egr i t y s o f t wa r e i s es s ent i al . Sat i s f yi ng
s t r i ngent f l i ght c r i t i c al s ys t e m r e qui r e ment s nec es si t a t e i nnovat i ve f aul t t ol er a nt
des i gn approaches and mechani zat i on schemes . Addi ng r edundancy l evel s acr oss t he f u l l
spec t r um
of
s ys t em el ement s i s a sel f - l i m t i ng appr o ac h bas ed o n pr ac t i c al
c ons i der at i ons o f we i ght , v ol ume, c o s t and s uppor t abi l i t y . Rec onf i gur a t i on s t r a t e gi e s ,
gracef ul degr adat i on and aer odynam c r edundancy ar e but a f ew of t he moder n concept s
c ur r ent l y un de r de ve l o pme nt . St a t e es t i mat i o n t e chni que s i n c onj unc t i o n wi t h a r t i f i c i a l
i nt el l i ge nc e t ec hno l o gy a l s o of f e r pot e nt i al f a ul t t o l e r a nc e e nha nc eme nt s . Bl e ndi ng
s y s t e m e l e me nt s
f o r
f ul l y i nt egr a t ed
or
mul t i - pur pose usage under bot h nom nal and
ex t r eme oper at i ng c o nd i t i o ns , r e qui r es an i nt ens i ve s ys t em i nt egr at i on ef f or t t o
ac hi ev e ac c ept abl e l ev el s of f aul t t ol er a nc e.
I n h i s i n t r oduct i on t he Sympos i um Cha i r man i nd i cat ed t he re l a t i onshi p be tween
des i gn def i c i enc i es of s ubs ys t e m i nt er f ac i ng and ac ci dent s t a t i s t i c s due t o l os s of
ai r c r a f t c o nt r ol . Br ut e- f or c e r e dundanc y and ul t r a hi gh r el i abl e pi ec e par t s a r e n ot
pr a ct i c al ; hi gh r el i abl e s pac e s ys t ems ar e t o o c os t l y f or m l i t ar y f i ght er ;
i nnovat i ve f aul t t o l e rant t echnol ogy approaches ar e needed to des i gn capab l e ,
af f or dabl e and pr ac t i c abl e f l i ght c ont r ol s ys t e ms .
Over t he past 20 years t he gui dance and cont r ol communi t y has pi oneered
a
number o f s i gni f i cant t echnol ogy advancement s
,
whi ch have had a r at her prof ound i mpact
o n c ombat c a pa bi l i t i e s o f moder n day m l i t ar y a i r c r a f t . Cur r e nt t e chnol ogy t r ends
-
8/11/2019 Agard Ar 281
11/28
3
c l e ar l y poi nt i n t he d i r e c t i o n of hi ghl y i nt e gr a t e d s y s t e ms t o a c hi e ve i nc r e as i ng
l evel s of m s s i on ef f ec t i venes s .
T hi s t r e nd ha s s ev er a l f ar r e ac hi ng i mpl i c at i o ns wi t h r es pec t t o ov er a l l
s ys t em wi de i nt egr i t y management . Fo r exampl e , r ecent advances i n m cr opr ocesso r
t e c hn ol o gy ha ve b r o ught a bo ut f u nda me nt a l c h anges i n s e v er a l t r a di t i o na l f unc t i o nal
domai ns .
As a r e s ul t , s ys t e m ar c hi t ec t ur e , f unc t i onal p os i t i oni ng and s ys t e m
per f or mance par amet er s take on new meani ng i n t he cont ext o f a t ota l i ntegrat ed sys t em
de s i gn.
2 . 2 . Sympos i i i m organi za t i on
The s ympos i um i s o r gan i zed under t he
I
-
TRENDS I N I NTEGRATED FL I GHT
CRI TI CAL SYSTEMS
I 1 - ADVANCED FAULT T OLERANT DESI GN
CONCEPTS
111
-
SYSTEM ARCHI TECTURES,
MECHANI ZATI ON AND I NTEGRATI ON
I SSUES
I V
-
HI GH I NTEGRI TY SOFTWARE DESI GN
MET HODOLOGI ES AND ALGORI THMS
V
-
SYSTEM VALI DATI ON, SI MULATI ON
AND FLI GHT TEST EXPERI ENCE
TOTALS
Paper s
3
6
4
4
5
2 2
f ol l owi ng s es s i ons :
FR
1
GE UK
1
2
1
2
1 1
1
4
2 5
u s
1
4
2
1
3
11
Thi s t abl e t akes i n to account t he wi t hdr awa l o f t wo paper s ( f r omGERMANY) .
2 . 3
Symposi um at t endance
The number o f r egi s t e red par t i c i pant s was a round
1 8 0 .
The ac t ual a t t endance
was
144
wi t h t he f o l l owi ng di s t r i but i on :
Ger many :
3 4
Fr ance :
3 3
Uni t ed Ki ngdom
:
3 0
Uni t ed S ta t es : 2 8
I t a l y , T he Ne t h er l a nds :
5
Spa i n , T ur k ey :
2
Be l g i um Canada , Denmark , Gr eece, Por t uga l
:
1
3 .
REVI EW OF SYMPOSI UM PROCEEDI NGS
The Sympos i um Keynot e Addr ess , meet i ng papers and t he Round Tabl e Di scuss i on
a r e n ex t r e vi e we d i n s e qu en c e, a s l i s t e d i n Appendi x A , t o ge t h er wi t h s e s s i o n
i dent i f i cat i on.
3 . 1 . Keynot e Addr ess by Gen. F r anco i s Maur i n. Fo rmer Chi e f o f
S t a f f at t he F r e n c h Ar m e s , Me mber of F r ench Conse i l d' Eta t
Gener a l MAURI N emphas i zed t he need f or i ncreas i ng and i mprov i ng of f l i ght
cont r o l and combat a i d sys t ems i n o rder t o ma i n t a i n NATO a i r f o r c e t echnol ogy l ead over
i t s adve r s a r i e s , nume r i c al l y s u pe r i o r . He a ddr e s s ed t he t e c hn i c a l , hu ma n and f i nanc i al
cons t r a i n t s of des i gn and devel opment o f f u tu r e gui dance and cont r o l s ys tems . ' He
s t r essed t he necess i t y t o c r eat e mul t i di s c i pl i na ry t eams to dea l wi t h such advanced
p r o j e c t i n or der t o de c r e a s e c o mp l e xi t y and c o s t of t he f ut u r e s ys t e ms
;
s i mpl i f i c at i on
i ns t e ad of s ophi s t i c at i o n, s t andar di z a t i on i ns t e ad of unc ompa t i bi l i t y ar e t he c ha l l e nge
; and so co l l abor a t i ve work was c l a i med by t he speaker , espec i a l l y f r om AGARD and i t s
Gu i dance and Cont r o l Panel .
-
8/11/2019 Agard Ar 281
12/28
4
3. 2.
T e c hn i c a l P ape r s
Al l 22 t echni ca l paper s ar e i nc l uded i n the summar i es and ass essment s bel ow.
SESSI ON 1 Paper 11 : FL I GHT CRI TI CAL DESI GN CONCEPTS FOR L OW LEVEL
TACTI CAL GUI DANCE AND CONTROL
by
M R.
Gr i swo l d, USA.
T hi s paper pr es ent s s e ver al of t he el ement s of f l i ght c r i t i c al c onc ept s
f o r
l ow- l ev el t ac t i c al oper at i on wi t h a ut onomous , ac c ur at e t ar get ac qui s i t i on ; t he
di s c us s i on
i s
based on t he c l o se Ai r Suppor t m ss i on us i ng a f as t movi ng,
t e chno l o gi c al l y advanc ed a i r c r a f t , F16 de r i vat i ve, t he AFTI / F16. T he gui da nc e and
c ont r o l s t r a t e gi e s e mpha s i z e i nt egr i t y c ons i de r a t i o ns and pe r f o r ma nc e- ver s u s - s a f e t y
i ssues . Many poss i b i l i t i e s a re o f f er ed by t he use of on- boa rd te r r a i n dat a and the need
t o we i gh t he r i s k s of da t a bas e us e i s poi nt ed out . T he pr i nc i pa l i s s u es a r e t he i r
a cc ur a cy and c o mpl e t e ne s s . T he a r c h i t e ct ur e of t he gui da nc e and c ont r o l s y s t e m i s
desc r i bed and t he var i ous r edundancy t echn i ques a re l i s t ed. S i ngl e th r ead senso r s and
s i ngl e t hr ead comput i ng a re used f o r t he av i oni c manager , phys i cal l y r edundant .
Paper 12 : EVOLUTI ON DANS LES APPLI CATI ONS CI VI LES ( CI VI L
APPLI CATI ONS TRENDS) by P. Tr aver se, FR.
Ai r bus A 320 El ec t r i c F l i ght Cont r ol Sy s t e m needs f or updat ed s y s t e m f or
A
330/ 340 and t r ends ar e rev i ewed i n t h i s paper . Emphas i s i s g i ven t o pr ocessor and
s y s t e m a r c hi t ec t ur es and i n gener al t o di s s i m l ar r edundanc i es .
The aut hor descr i bes t he exi s t i ng Command and Sur ve i l l ance Pr ocess or s and t he
evol ut i on wi t h respect t o t he ARI NC 651 r u l e . Much emphas i s i s g i ven t o t he use of a
di s t r i but e d s ys t e m wi t h r e dunda nt p r o c es s o r s a nd da t a s ync hr o ni s a t i o n. A Pet r i Ne twor k
bas ed pr ot oc ol i s s p ec i f i e d. Opt i c al F l i ght Co nt r o l Sys t e ms ar e quot ed a nd l e ads f or
sa f ety ass ess met hods ar e pr esent ed.
The l ect ur e was a br oad and compr ehens i ve sur vey o f t he t r ends of t he
c omput er i z ed f l i ght c ont r ol s y s t e m needed f or c i v i l av i at i on as wel l a s t he t ool s t o
devel op and c l ear t hem
Paper 13
:
PI LOT MONI TORI NG OF DI SPL AY ENHANCEMENTS
GENERATED FROM A DI GI TAL DATA BASE by
P. J . Bennet t and J . J . Coc kbur n, UK.
Thi s paper pr esents a penet r a t i on m ss i on and sys t em cal l ed PENETRATE. Thi s
sys t em i s des i gned t o pr ovi de a i r c r ew wi t h accura t e nav i gat i on coupl ed wi t h head - up and
head- down d i sp l ays of t he t e r r ai n. The hea r t of t he sys t em i s a ver y l ar ge ca pa ci t y
m l i t ar y opt i c al di s c dr i v e whi c h cont ai ns t er r ai n el ev at i on dat a, pl ani met r y
i nf or mat i on, i nt el l i genc e i nf or mat i on and m s s i on i nf or mat i on. The s y s t e m pr ov i des
t e r r a i n r ef er enc ed na vi ga t i o n, gr ound pr ox i m t y war ni ng and di s p l a ys of na vi ga t i o n,
t e r r a i n maski ng and t h rea t avoi dance dat a . Emphas i ze i s g i ven on the d i f f e ren t poss i b l e
di s p l a ys o f t er r ai n t o t he a i r c r e w whi c h wi l l depend on t he vi s i bi l i t y of t he sc ene
( ni g ht , da y, g oo d, bad we at he r ) . Range of di gi t a l t e r r a i n di s p l ays de pe nds o f
vi s i bi l i t y
6
t o
8
m l es i n s t andar d vi s i bi l i t y , f ur t her f or l ow vi s i bi l i t y ) . The er r or
of nav i gat i on i s pr opo r t i ona l t o the smoot hness o f t he t e r r a i n and t he au tomat i c
m s s i on pl anni ng s ys t e m ha s t o s o r t o ut t he f l i ght pat h i n o r d er t o a chi e ve a cc ur a cy
but al s o l ow i nt er v i s i bi l i t y . The l ec t ur e s l i des s howed t h e c ol l at i ons bet ween ac t ual
pho t o gr a phi e s and obs t r uc t i on c ue s whi c h we r e o bt ai ned d ur i ng f l i ght t r i al s . Da t a
pr ocess i ng and compr ess i on may i nt r oduce er r or s and opt i ca l d i sk mass st or age has a
bas i c e r r o r r at e. Ca r e f ul pr o ce s s i ng and e r r o r c o r r e ct i o n t e chni que s a r e ment i oned a s a
s o l ut i o n but a r e not des c r i be d.
Thi s s es s i on addr es s ed t h e c aut i ous , r e l at i v el y s hor t t er m t r ends i n c i v i l
FCS and t h e new gui da nc e and co nt r o l i s s u es f o r m l i t ar y a i r c r a f t . T he t o pi c s of t hi s
s e s s i o n wer e not e xha us t ed but wer e a ddr e s s ed f ur t he r ( r e co nf i gur a bl e c ont r o l , m s s i o n
management , d i agnos t i c sys t em schedul ed ma i n tenance i s sues ) .
Sess i on I 1 Paper 21
:
TECHNI QUES FOR TRANSI ENT ERROR RECOVERY AND
AVOI DANCE I N REDUNDANT PROCESSI NG SYSTEMS by
S. J . Adams , M. J . Dzwonczy k, USA.
Thi s paper r evi ews approaches t o de t ec t and r es t or e t r ans i ent f aul t memor i es .
The r a t e of t r a ns i e nt memor y f a i l ur e s a s compar ed t o t h e r at e of f i xed f a i l ur e s i s
h i ghl i ght ed. Er r o r r ecover y t echn i que i s desc r i bed whi ch use a Segment Access Si gna t u re
Ar chi t ect ur e. Har dwar e i s used t o comput e a checkwor d on memor y s egment s and det ect
whi ch s egment s have been cor r upt ed by compar i zon bet ween r edundant pr ocess or s or at
di f f er e nt t i me s i n a s i ngl e pr o ce s s or . B ut r ec over y i s a pr obl em be ca us e t i me i s
c r i t i c al f o r f l i ght c ont r ol s ys t em es pec i al l y f or i ns t abl e ai r c r a f t .
So
a second
appr oach
t o
t ol er a t i ng t r ans i ent f aul t s i s t o use a common f aul t - t o l e ran t memor y whi ch
a l l ows er r o rs t o be masked and cor r ec t ed e l i m nat i ng t he need f o r r ecover y .
-
8/11/2019 Agard Ar 281
13/28
5
Paper
2 2
: THE ROLE OF TI ME- LI MI TED DI SPATCH OPERATI ON I N
FAULT TOLERANT F LI GHT CRI TI CAL CONTROL SYSTEMS
by D. F . Al l i nger , F . J . L eo ng, P . S. Ba bc oc k ,
G. C. Hor an, R. F . LaPr ad, USA.
T hi s pape r a ddr e s s es a met hodol ogy of e s t a b l i s hi ng d i s pat c h po l i c i e s of
f aul t - t o l e r a nt s y s t e ms wi t h f ai l ed c omponent s f or a l i m t ed t i me per i od.
A dua l - r e dundant c ont r o l a c t u at i on s y s t e m i s us ed t o i l l us t r a t e t he anal yt i c
t ec hni ques whi c h per m t t o di s pat c h c l as s i f i c at i on of each sys t em component ;
t echn i ques t o quant i f y t he i mpact on sys t em per f o rmance a re g i ven . Markov mode l
assumpt i ons ar e t aken
;
but s ome
work
i s under t aken t o augment t he model . Advant ages of
such a mode o f opera t i on a re out l i ned .
The wa i t ed advant age o f such a mode o f opera t i on i s t ha t i t per m t s t o
po s t pon e ma i nt e na nc e o pe r a t i o ns , c o ns o l i dat i n g bot h t he l o gi s t i c s and t he e xper t i s e of
mai nt enance oper at i ons ; i t i s a s t ep t owar ds schedul ed mode of mai nt enance.
But mai nt enance cos t f i gur es have t o be comput ed t o assess t he poss i b l e
ec ono m c benef i t .
Paper 2 3 : A FAULT TOLERANT FL Y- BY- W RE SYSTEM FOR
MAI NTENANCE FREE APPLI CATI ONS by R. W Den, i i s,
A. D. Hi l l s , UR.
T hi s pape r d es c r i be s a f a ul t - t o l e r a nt Pr i mar y Fl i ght Co mput er Sy s t e m f or
a ppl i c at i o n pr i mar i l y t o c omme r c i a l a i r c r a f t . T he t es t c onf i gur a t i on on t he Boei ng
1 5 1
i r o n bi r d r i g i s s h own. Re c onf i gur a bl e , r e dundan t a r c h i t e c t u r e c o nc e pt i s j us t i f i e d and
des c r i be d. A s er i a l i nt er f a ce de vi c e i s s p ec i a l l y dev el oped t o s u ppor t t h e
ar c hi t e ct ur e. T o co mpl e me nt t hi s f aul t - t o l e r a nt ar c hi t ec t ur e ASI C de si gn m ni m z i ng
f ai l ur e r at e of ea ch s ub- f onc t i onal el ement i s pr es ent e d.
T hi s pa pe r a dd r e s s es pe r f ec t l y wel l t he t o pi c of t h i s s y mpo s i um and t h e
l ect ur e was a compl et e over v i ew of t he t hemes t o be devel oped at t h i s occas i on
:
why
f aul t t ol er a nc e
?
How ? Redundancy management phi l osophy, t oo l s t o c l ear t he des i gn,
r es ul t d i s c us s i on and out l o ok s .
Paper 2 4
:
THE I NTEGRATED AI RFRXME/ PROPULSI ON CONTROL
ARCHI TECTURE SYSTEM PROGRAM ( APSA) by
D. L . Pal umbo, C. W Me i s sner , G. C. Cohen, USA.
T hi s pape r p r o v i de s t he e xa mp l e of t h e i nt egr at ed Ai r f r a me / P r o pul s i o n Co nt r o l
Sy s t e m Ar c hi t ec t ur e Pr ogr am ( I AP SA) t o hi ghl i ght t he need
fo r
a do pt i n g a de s i gn f o r
v al i dat i on s t r at egy i n or d er t o a voi d des i gn er r o r s . I t c onc l udes pes s i m s t i c al l y t hat
t he l i m t a t i o ns of a na l y t i c t e c hn i que s c a n be t oo r e s t r a i ni ng and c ompr e he ns i v e
v al i dat i o n t o ol s ha ve t o be de ve l o pe d.
Re l i a bi l i t y and Pe r f o r ma nc e An al y s i s t o ol s us ed wi t h t he I AP SA pr ogr am a r e
pr e s ent e d.
Paper 2 5 : DEPENDABLE SYSTEMS USI NG VI PER by J . Ker shaw,
UK .
Thi s paper descr i bes a m cr opr ocesso r , VI PER , wh i ch has been des i gned t o
wo r k i n pa i r s t o f or m f a ul t - de t e c t i ng c o mput i n g modul es . I t e mpha s i z e s t h e l e s s ons t h at
have been l ear ned f r om t he use o f f o rma l mat hemat i ca l t echn i ques of des i gn and
ver i f i cat i on.
T hi s s ol ut i on ar i s es t he pr o bl em
of
s pec i f y i n g a nd v er i f y i ng t h e c o r r e c t n es s
o f t h e des i gn wi t h a c ommo n f o r ma l ma t h ema t i c a l l o gi c . I n f a c t i n t e l l i ge nt e xha us t i v e
s i mul a t i o ns ar e a l s o n eede d.
Paper 26
:
FAULT TOLERANT, FL I GHT CRI TI CAL CONTROL SY STEMS
by T . Sadeghi , G. Ma yv i l l e , USA.
Thi s paper makes an over v i ew o f t he t ool s r ecent l y devel oped wi t h i n Genera l
El ec t r i c f or f aul t - t ol er a nt c ont r o l s ys t e ms . T he goal i s t o de s i gn a r e c o nf i gur a bl e
f l i ght c ont r o l s ys t e m
;
an ar c hi t e ct ur e i s o ut l i ned and s i mul at i o n r es ul t s ar e gi v en
f o r di f f e r e nt i mpai r ment s . F u r t her d i s c us s i ons ar e t he t o pi c s o f paper n' 5 3 . On- boar d
e xpe r t s y s t e m t o s u ppor t a i r c r a f t di a gno s t i c s and v ehi c ul e ma na ge me nt s y s t e m t o s u ppor t
ma i n ta i nab i l i t y a re t hen pr esent ed. I t seems that a l l t hese concept s a re i mpl ement ed i n
t he s ame pl a t f or m and t h at i t i s
a
l i t t l e bi t c onf us i ng.
-
8/11/2019 Agard Ar 281
14/28
6
T he r e wa s l i t t l e i n t e r - r e l a t i o n a mo ng t he pa pe r s i n t h i s s e s s i o n. T he r e wer e
sever a l exampl es o f f aul t t o l e rant concept s , r anged f r om memory s ubsys t emt o i nt egr a ted
Ai r f r ame/ propul s i on cont r o l sys t em But r edundancy management phi l osophy and saf ety
a s s es s t ool and met hod d i s c us s i o ns we r e par t i c ul a r l y a pp r o pr i a t e d.
Sess i on I 11 Paper 31
:
METHODS TO PRESERVE THE I NTEGRI TY OF
A
COMBAT AI RCRAFT FL I GHT CONTROL SYSTEM
THROUGH MAJ OR UP GRADE PROGRAMMES by
M Ros s l er , W Sc hm dt , GE.
Based on present l y r unni ng and i nt ended upgr ades of t he TORNADO f l i ght
c o nt r o l s y s t e m t he pa pe r des c r i be s wha t me as u r e s ar e t a ke n t o pr e s er v e i n t e gr i t y , f aul t
t o l er ance and per f or mance of t he ex i s t i ng s y s t e m dur i ng a ma j o r u pgr a de . For i ns t ance
t er r a i n r ef er ence nav i gat i on mode i s go i ng to be i mpl ement ed t oget her wi t h t he pr esent
t e r r a i n f o l l owi ng r adar sys t em and combi ned . Ar e shown t he TORNADO f l i ght cont r o l
sys t em and t he i mpact of new r equi r ement s and advanced basi c t echnol ogi es. The met hod
f or t he i nt r o duc t i on of maj or mo di f i c at i ons c ons i s t s of an i nt r o duc t i on s t ep by s t ep
:
har dwar e modi f i c at i ons i n t he f i r s t s t ep whi l e t h e f unc t i onal i t y o f t h e sy s t e m r e mai ns
unchanged, so f t ware modi f i ca t i ons i n the second s t ep a f t e r i mp l ement a t i on and t es t i ng.
Met hods of c l ear ance t he new har dwar e and f unct i ons ar e descr i bed.
Paper 32
:
FL I GHT CONTROL COMPUTER APPROACH FOR MODERN
FLY- BY- W RE AI RCRAFT by J . Ke s be r g , R. Ho c k el e ,
H. Ho hn er , H. J a c obs , GE.
W t hdr a wn.
Paper
3 3 :
RESEARCH I NTO
A
MI SSI ON MANAGEMENT AI D by
J . R . Ca t f o r d , I . D. Gr a y, UK.
T hi s paper o ut l i nes t he pr o gr a m t h e j o i nt vent ur e o r ga ni z at i o n, t he
pr ot ot ype wor k and t he goal o f t he m ss i on management a i d whi ch i s due t o decr ease
p i l o t wor k l oad. T he gene r a l a r c h i t e c t u r e of t he s ys t e m
i s
gi ven and emphas i s i s p l aced
o n t h e c o r e f unc t i o ns and i nt egr i t y .
Mi s s i on Management Ai d Sys t em i s i nt ended t o be onl y a t echn i ca l adv i se r f o r
a i r cr ew and onl y convent i ona l i n f or mat i on t echnol ogy t echni ques ar e p l anned t o be used
so i t h as no t r eal l y t o c o mpl y wi t h s af et y c r i t i c al r e qui r e me nt s . T he pr o gr a m mus t be
seen as a p ro t o t ype exerc i se i n or der t o i mp l ement and val i da te a number o f a l gor i t hms
and a f t e r t h at t o s pec i f y t h e a c t u al ai d s ys t e m
Paper 34
:
I NTEGRATED DI AGNOSTI CS FOR FAULT TOLERANT
SYSTEMS by H. A. Funk, M. M. J eppson , USA.
T hi s paper a dd r e s s es t h e i nt egr at ed appr o ac h t o t he ma i n t a i na bi l i t y of f l i ght
c on t r o l s y s t e ms . I t e mpha s i z e s t he go al s , t he r e s our c e s a va i l a bl e and t he c o ns t r a i nt s
of t h e I nt egr at ed Di a gno s t i c s c o nc e pt .
An i mp l ement a t i on s t r a t egy o f an approach ut i l i z i ng bot h a po r t abl e
mai nt e nanc e ai d at t he f l i ght l i ne and on- ai r c r a f t i n- f l i ght di agnos t i c r es our c es i s
present ed al ong wi t h
a
t echni que whi ch ensur es commonal i t y bet ween t he on- a i r cr af t and
of f - ai r c r a f t s ys t e ms .
The paper di s cusses the resu l t s of a pr esent s t udy o f i nt egr a ted ma i n tenance
and concl udes t hat t he f unct i ona l model based d i agnost i c appr oach pr ov i des a c ommon
bas i s f or i nf or ma t i o n t r a ns f er .
Onc e agai n t he i nt egr a t e d di a gno st i c s s y s t e m i s not i nt egr a t e d t o f l i ght
c r i t i c al c ont r ol s ys t e m and
so
i s not s ubm t t ed t o f aul t t ol e r a nc y. T he empha si s i s
g i ven on how t o shar e dat a and t he answer i s t o mode l i n var y i ng l eve l s of det a i l s .
Paper
35 :
A BYZANTI NE RESI LI ENT PROCESSOR W TH AN ENCODED
FAULT- TOLERANT SHARED MEMORY by R. Har per ,
B. Bu t l e r , USA.
T hi s pape r a dd r e s s es t he ne ga t i v e e f f e c t on t he r e l i abi l i t y of t h e i nc r e as e
of memory s i ze r equi r ement s . I t descr i bes t he use of an encoded memor y- based f aul t -
t o l e rant pr ocesso r a r ch i t ec t ure under devel opment a t t he Char l es St a rk Dr aper
L abo r a t o r y . T he pa pe r s u cc e s s i v el y pr e s ent s a n o ve r v i e w of t he a r c h i t e c t u r e and i t s
o pe r a t i o n, a r e l i a bi l i t y a na l y s i s whe r e i t i s c ompa r e d t o qua dr upl y r e du ndant des i gns
and a per f o rmance ana l ys i s . The paper conc l udes that i t s pr i mary bene f i t s over o ther
By z an t i n e r e s i l i e nt a r c h i t e c t u r e ar e t he el i m na t i o n of memor y r e al i gnme nt t i me , t he
i mprovement i n shor t t erm r el i abi l i t y obt a i ned by t he r educed memory r equi r ement and
t he har dwar e i mpl ement ed memor y s cr ubber , t he reduced f aul t l at ency due to t he
c o nt i nu al and i mpl i c i t f aul t ma s ki n g, and t he i mpr ov ed h i gh - i t e r a t i o n- r a t e pe r f o r ma nc e .
-
8/11/2019 Agard Ar 281
15/28
By zant i ne r es i l i enc e
i s
de f i ned
as
a s or t o f r es i l i enc e t o any pos s i bl e
e r r o r s i n t he s ub s ys t e m but how t o d ea l wi t h t he pos s i bl e f aul t o f s y s t e m moni t or ?
Anot her l aye r o f p rocess i ng i s needed wh i ch has obv i ous l y t o be f aul t t o l e rant .
Dur i ng t he sympos i um t he Sess i on Chai r man t ook t he oppo r t un i t y t o of f e r t he
speaker s a f eedback f r om t he audi ence. A coupl e o f t hought s were exchanged about syst em
ar c hi t ec t ur e updat e ( i s i t pos s i bl e 7 1 , r e conf i gur at ed f l i ght c r i t i c al as pec t , er r or
pr opaga t i on, e r r o r d i agnos t i c and env i r onment moni t or i ng.
Sess i on I V Paper 4 : A HI GHLY REL I ABLE, AUTONOMOUS DATA
COMMUNI CATI ON SUBSYSTEM FOR AN ADVANCED
I NFORMATI ON PROCESSI NG SYSTEM by G. Nagl e,
T . Mas o t t o, L . Al g er , USA.
Thi s paper descr i bes t he des i gn and i mpl ement at i on of t he pr otot ype
i nput / out put communi cat i on sys t em f o r t he Advanced I nf o rmat i on P rocess i ng Sys t em ( AI PS )
under devel opment at t he Char l es St ark Dr aper Labor at or y. The goal s ar e pr esented whi ch
ar e t o des i gn gener a l pur pose comput er syst ems and i nput / out put subsyst ems i n or der t o
ease modi f i cat i ons
or
ext ens i ons of f l i ght c r i t i c al s ys t ems . AI PS addr e s ses r el i abi l i t y
i ssues r e l a ted t o dat a communi cat i ons by t he use o f r econf gurabl e i nput / out put
ne tworks i nc l udi ng spa re i nl e rconnec t i ons . Per f o rmance i s sues a re addr essed by us i ng a
par al l e l ed comput er ar chi t ect ur e whi ch decoupl es i nput / out put r edundancy management and
i nput / out put pr oc es s i ng f r o m t he c omput at i onal s t r e am o f a n appl i c at i on and
so
t he
communi cat i on s ubsys t em i s t r anspar ent t o t he use r .
Paper 4 2
:
FORMALI SATI ON DE DEVELOPPEMENTS
:
DE LA THEORI E
AU PROGRAMME ( FORMALI ZI NG DEVEL OPMENTS : FROM
THEORY TO PRACTI CE) by
M
Lemoi ne, K. Bechane,
FR.
Thi s paper addr esses sof t war e devel opment met hod i ssues. A proj ect i s
pr esent ed, t he Too l Use P ro j ec t and t he l anguage o f f o rma l i za t i on i s descr i bed. The
DEVA l anguage i s a h i gh- order t yped A- ca l cul us . Thr ough t he case st udy o f express i ng
par t o f t he J ackson s St r uct ured Progr amm ng method i n the DEVA f r amework t he aut hor s
show t he i nt e res t o f f or mal t echni ques o f so f t ware deve l opment .
So i f t he f aul t t ol er anc e r e qui r ement s ar e cor r e ct l y expr es s ed i n t he
s pec i f i c at i on, t hi s met hod pr ov i des a sof t war e whi ch i s saf e pr oven i n a mat hemat i cal
sense . Doubt s a r i se f r om t he compl ex i t y and unpr edi c t abi l i t y o f t he app l i cat i on compl ex
envi r onment and f r om t he or i g i nal spec i f i cat i on compl et ness . Work must be under t aken i n
t hat way.
Paper 4 3
:
METHODOLOGI E DE DECOMPOSI TI ON D APPL I CATI ON DE
NAVI GATI ON CRI TI QUE EN ELEMENTS SI MPL ES ( BREAK-
DOWN METHODOLOGY FOR FL I GHT CRI TI CAL
APPL I CATI ONS I NTO ELEMENTARY COMPONENTS) by
B. Ch avana , F . d e Sai nt e Mar e s vi l l e, FR.
The so f t ware des i gn of a he l i copt e r pr i mary r ef er ence sys t em
i s
present ed.
The des i gn methodo l ogy goa l s and i mpl ement at i on are depi c t ed. The s i mpl i f i cat i on met hod
i s bas ed o n s pl i t t i ng det er m ni s t i c pr oc es s es a nd r andom i nt er r upt i ons ; t he real t i me
compl exi t y i s el i m nat ed f r om each sof t ware component and onl y suppor t ed by a moni t or ;
s i mpl i f i c at i on ef f ec t s on so f t ware pr oduc t i on i s emphas i zed ( modul a r i t y ,
s t andar di za t i on) . The tes t s were sa i d t o be ve ry e f f ec t i ve but no demonst r a t i on was
suppl i ed
.
Paper
44 :
FAULT TOLERANCE VI A FAULT AVOI DANCE by
B. D. Br amson, UK.
The phi l o sophy of t he paper i s t ha t t es t i ng
i s
good at f i ndi ng er r ors but bad
at demonst r at i ng t hei r absence
;
a l s o s a f e s of t war e pr oduc t i on c ondi t i ons ar e f i r s t
r em nded and t hen i t i s c l a i med t ha t a pr oo f o f cor r ec tness of one of t he so f t ware
component s can i mpl y a proof o f sa f ety o f t he syst em A hypo thet i cal pr ocess i ng sys t em
des i gn i l l us t r a tes t he c l a i m MALPAS i nt er medi a te l anguage and comp l i ance ana l ys i s a re
r espect i ve l y pr esent ed as a des i gn l anguage and a ver i f i c at i on t e chni que.
Be f o r e get t i ng met hods f or pr oof of c or r ec t ne s s i n- bui l t s y s t e m pr o duc t i on
t hi s pa per i l l us t r at e s t he need f or m ni m z i ng s of t war e c ompl e xi t y i n o r d er t o have
mat hemat i cal l y based val i da ted sof t ware . Sys tem not i on, when i t espands , i nvol ves
cust omer spec i f i cat i ons as wel l and i t seems we are l ook i ng a per f ec t wor l d pr oduc t i on
met hod, what i s hi ghl y ut opi a.
-
8/11/2019 Agard Ar 281
16/28
8
Paper
45
: HI GH I NTEGRI TY SOFTWARE FOR SAFETY CRI TI CAL
TF/ FA FUNCTI ONS by H. Wal d, H. D. Ler che, GE.
W t hdr a wn.
The papers o f t h i s sess i on address how f aul t t o l e rance can be achi eved i n
so f t ware . The answers a r e va r i ous : some a re negat i ve and c l a i m f o r s o f t ware comp l exi t y
m ni m z at i on ; some ot her s s uggest sever al met hods. And among t hem t her e i s need t o
quant i f y pr obabi l i t y of f aul t s i n o rde r t o i mpr ove t he des i gn and to have so f t ware
bet t er and bet t er . T oda y t he bo t t o m l i ne
i s
t he human r esour ce. A good met hod, a
power f u l t echn i que such as DEVA i s wai t ed f or .
Paper 51 : PI LOTED SI MULATI ON VERI FI CATI ON OF A CONTROL
RECONFI GURATI ON STRATEGY FOR A FI GHTER AI RCRAFT
UNDER I MPAI RMENTS by R. Mer cadant e, USA.
T hi s pa pe r pr e s ent s t he r e s ul t s obt ai ned dur i ng pi l ot ed s i mul a t i o n o f t he
Co nt r o l Re co nf i gur a bl e Co mba t A i r c r a f t ( CRCA) . T hi s s t udy wa s a i med a t t he ver i f i c at i on
of
t he c apabi l i t y of a r e c onf gur at i on s t r at egy t o i mpr ov e ai r c r a f t c o nt r ol abi l i t y .
CRCA con f i gur a t i on, damage and f a i l u re mode l i ng , r econ f i gur a t i on s t r a t egy a re
de s cr i be d. T e s t c ondi t i o ns a r e out l i ne d, t hen t h e r e s ul t s a r e s ho wn us i ng pi l ot
work l oad measur ement , t ar ge t t r ack i ng sco r i ng and pi l o t ( us i ng Cooper - Harper r a t i ng
s c al e ) . The i mpr o ve ment s of r ec onf i gur a t i o n of t he c ont r o l l a ws f ol l owi ng i mpa i r me nt s
a r e di s c us s e d.
The l ect ur e was accompani ed by a v i deo showi ng t he pi l o t ' s v i ew t hr ough t he
Head- Up Di sp l ay wh i l e f l y i ng wi t h an i mpa i r ment dur i ng shor t t ake - o f f and l andi ng
f l i ght c ondi t i on, s uc c es s i v el y wi t hout and wi t h r e c onf i gur at i on ac t i v at ed. Thi s
i l l us t r at ed a ver y i mpor t ant f e at ur e : t he nec es s i t y t o al er t t he pi l ot about t he
f l i ght e nvel o pe s t a t us and i t was s a i d t hat pi l o t s wer e i nvol ved i n i t s de s i gn. T h i s
l ec t u re was ver y a t t r ac t i ve. Ques t i ons were about ext ens i on
of
r ec onf i gur at i on t o
engi ne or f uel c i r c ui t f ai l ur es and a bout i mpai r ment s t at i s t i c s dat a t o hel p t o d es i gn
r ec onf i gur at i on l aws .
Paper
5 2 :
FL I GHT TEST RESULT S OF FAI LURE DETECTI ON AND
I SOLATI ON ALGORI THMS FOR A REDUNDANT ST RAPDOWN
I NERTI AL MEASUREMENT UNI T by F. R. Mor r el l ,
P . R. Mo t yk a, M L. Ba i l e y, USA.
T wo al go r i t hms f or f a i l ur e de t e c t i o n and i s o l a t i o n of a s k ewe d ar r ay of
c ol l oc at e d i ner t i al s e ns o r s a r e des c r i bed a nd c o mpa r e d. Faul t t o l e r a nc e
i s
pr ovi ded by
edge vec t o r t es t and genera l i zed l i kel i hood t es t a l gor i t hms . To det ec t t he wi de r ange
of f ai l ur e magni t udes i n i ner t i al s e ns o r s , f aul t d et ec t i on and i s ol at i on ar e dev el oped
i n t er ms of a mul t i l evel s t r uc t ur e.
The deve l opment o f acce l er omet er par i t y equat i ons and t he r educt i on t o sensor
e r r o rs a r e desc r i bed and t hr esho l d compensa t i on t echni ques a re pr esent ed. F l i ght t es t
equi pment s and r esu l t s ar e shown whi ch a l l ow a compar i son o f bot h a l gor i t hms and a
di s c us s i on.
The r esul t s a re cons i s t ent but do no t appl y i n th i s exampl e t o accura t e
na vi ga t i on, and r e dunda nc y c onc ept s wi t h s t r apdo wn i ne r t i a l s y s t e m a r e f ai r l y o l d now.
Paper 5 3 : FL I GHT DEMONSTRATI ON OF A SELF- REPAI RI NG FLI GHT
CONTROL SYSTEM I N A NASA F- 15 FI GHTER AI RCRAFT
by J . M. Ur nes ,
J .
St ewar t , R. Es l i nger , USA.
T hi s p ape r p r es e nt s t he r e al - t i me r e conf i gur a t i o n de ve l o pme nt pr ogr am t hat i s
goi ng on i n the USA. Sof t war e des i gn cons i der at i ons ar e present ed i n paper n' 2 6 Paper
51 i s r epo r t i ng the same r e l evant r esea rches . The NASA F - 15 f l i ght t es t o f a se l f
r epai r i ng f l i ght c o nt r ol s y s t e m whi c h i nc or por at es r eal - t i me r ec onf i gur at i on and ex per t
ma i n tenance d i agnos t i c s
i s
des c r i bed. T he hear t of r ec onf i gur at i on i s a Fai l ur e
Det ect i on, I so l a t i on and Est i mat i on Al gor i t hm where t he expect ed answer o f t he command
i s
compar ed t o t he ac t ual answer . Recon f i gu ra t i on p rocess and r esul t s ar e pr esented .
F ut ur e pr os pec t s a r e o ut l i ned.
Her e , t oo, emphas i s i s g i ven on man- machi ne i nt e r f ace
;
cues of maneuver
c apabi l i t y ar e gi v en t o t he pi l ot . The i l l us t r at i on of an on boar d e xper t s y s t e m i s
v er y at t r ac t i v e. Ques t i ons ar i s e f r o m t he need t o s o phi s t i c at e t he s ys t em whi c h wi l l
have to t ake i nt o account sever a l i mpai r ment s and t o ana l yse v i abi l i t y o f
r ec onf i gur at ed i mpai r ed ai r c r a f t s t at us .
-
8/11/2019 Agard Ar 281
17/28
9
Paper
54
: FLI GHT TESTI NG OF
A
REDUNDANT EXPERI MENTAL
FbW FbL HEL I COPTER CONTROL SYSTEM by
H. Be c ke r , K. Be nde r , K. D. Ho l l e ,
G.
Ma ns f e l d,
GE
.
Thi s pape r de sc r i be s obj e ct i v es , ar c hi t e ct ur e, ha r dwar e , s of t wa r e and f l i ght
t es t r es ul t s of a hel i c opt er f l i ght c ont r ol s ys t em I nv es t i gat i on of new har dwar e
t echnol ogi es and components a re ai med a t i mpr ovi ng re l i abi l i t y .
A
yaw cont r o l s ys t em
wi t h f i ber opt i c communi ca t i on bet ween sensors and ac t uat i on i s i mDl ement ed. F i ber
Op t i c i nt e r f a ce s a l s o t he t h r e e r e dun da nt f l i ght c o nt r o l c o mput e r s . Ha ndl i ng qu al
i mpr o ve me nt i s c l ai med. L os s o f c on t r o l i s t es t e d.
Paper 55
:
UN SYSTEME DE REFE RENCES PRI MAI RE DE HAUTE
I NTEGRI TE
( A
HI GH I NTEGRI TY FLI GHT DATA SYSTEM)
by J . L . ROCH, J . CONTET, FR.
T hi s pa per p r e s ent s t h e f l i ght dat a s y st e m hi gh i nt egr i t y and h
r e l i abi l i t y i s sues and t he answer b rought . Sof t ware met hods a re pr esent ed i n paper
43
di
of
. I t des c r i be s t h e o ve r a l l a r c h i t e c t u r e of t h e Supe r P UMA MK2 i nt egr at ed f l i ght
s p l a y s y s t e m and t he r e qui r e me nt s f o r t he pr i mar y r e f e r e nc e s y s t e m Qu al i t y a s pe ct s
t he des i gn a re out l i ned and c l ear ance aspect s a re descr i bed
;
es pec i al l y i ndus t r i al
devel opment met hod appr oach i s emphasi zed.
The paper doe s not br i ng v al i dat i on of r el i abi l i t y r equi r e ment s . Thi s i s
bec aus e t he f l i ght c ont r o l s y st e m r e l i a bi l i t y depends on t he ar c hi t ec t ur e of t he
o ver al l s y st em whi c h i nc l udes f or t hi s he l i c opt e r appl i c at i on t wo f l i ght dat a s ys t ems ,
ba c k- u p s e ns o r s and a ve r t i c a l gy r o f or do ubt e r a s i n g.
So
f ul l budget i s at a hi gher
l evel and t he r eader i s a l i t t l e bi t f r u st r a t ed.
Ex c ept t h i s l as t pa pe r , whi c h i s s e s s i o n I 1
or
I 11 r e l ev ant , f o ur paper s
i l l us t r a t e t he e xt e ns i v e and c ompr e he ns i v e f l i ght t e s t s t o be done t o va l i da t e a
concept . There i s no ans wer t o s ay i f i t i s s uf f i c i ent .
3 . 3 .
Round t a b l e di s c us s i ons
The round tabl e i s set up t o pr ov i de a r esume of each maj or t opi c o f t he
sympos i umand serve as a ca t a l ys t f o r d i s cuss i on and conc l us i on by a l l a t t endees of t he
sympos i um
Round t abl e par t i c i pant s and se l ec t ed a reas ar e
:
Mr
J . K.
RAMAGE, Chai r man
D r M. PEL L EGRI N, F l i ght Cr i t i c al Sy st em T r e nds ,
Dr R. C. ONKEN, Advanced Faul t To l er ant Des i gn Concepts ,
Dr E. B. STE AR, Sy s t e m Ar c hi t e ct ur e s , Me c ha ni z a t i o n and
I nt egr a t i on I s s ues
Dr
J .
KERSHAW Sof t war e Desi gn Met hodol ogi es and
Al go r i t h ms
Dr G. T. SCHMI DT , Sy s t e m Va l i dat i o n, Si mul a t i o n and F l i ght
Tes t Exper i ence
STATEMENTS AND DI SCUSSI ONS
:
Dr M P EL L EGRI N, i n c ha r ge of Sy s t e m T r e n ds ,
t o o k
a p r o voc at i v e pos i t i on
s u gge s t i ng t he on- bo ar d c r e w e l i m na t i o n. T o da y f l i ght o f a mo de r n a i r c r a f t i s made o f
sequent i a l aut omat i c modes whi ch ar e engaged by t he pi l o t . Sur et y depends on Ai r
T r a f f i c Cont r ol ( ATC) , c r ew and f l i ght c ont r o l s ys t em e r r or s . Tr e nds ar e t o get an
a ut omat i c ATC and t o i nc r e as e f l i ght c ont r ol s y st em r el i abi l i t y ; what about t he cr ew
?
I t i s not p os s i bl e t o r el y on one pi l ot bec aus e of i t s poor r e l i abi l i t y ( 10- 6/ h) s o t he
que s t i o n i s t o s u ppr e s s
or
not t he t wo p i l o t s and t o have i ns tead super v i sor cr ewman.
Dr P EL L EGRI N f o r e c as t s t he s u ppr e s s i o n wi l l be pos s i bl e wi t h i n 5 y ear s .
The audi ence r eact i on was t hat such a change need an evo l ut i on o f passenger
m nd and t hat s o f t wa r e e r r o r t r eat ment r e c ei v es a s o l ut i o n.
Dr R. C. ONKEN hi ghl i ght ed t he need t o des i gn pr obabi l i t y f i gur es . Th i s i s
compl i ca t ed because F l i ght Cont r o l Sys t ems ar e c r i t i ca l wi t h respect t o har dware
or
s o f t wa r e f a i l u r e s but a l s o c r i t i c a l wi t h r e s pe ct t o ene my t h r e at s . And i n peac e t i me ,
when t h rea t s ar e no t t her e , t r a i ni ng need i s s af et y cr i t i c al due t o m l i t ar y f l i ght s
o ve r popul at ed a r e a. Adv anc ed f u nc t i o ns , s u ch a s ve hi c l e , f l i ght and m s s i on
management s whi ch wer e exc l us i ve l y ass umed- by t he p i l o t , are i ntegrat ed and
so
t he
f ai l ur e r at e i s i ncr eas i ng. How coul d we measur e t he degree of t o l er ance of i ntegrat ed
sys t ems
?
A pe s s i m s t i c a ns we r wa s gi v en by t he aud i e nc e . F ai l ur e r at e obj e ct i v es f or
adv anc ed f a ul t t o l e r a nt s y s t e ms a r e t o o hi gh and t o o di f f i c ul t t o val i dat e wi t h
-
8/11/2019 Agard Ar 281
18/28
10
s ophi s t i c at ed but t e di ous s i mul at i o ns
;
t he l aw i s t o be br oken as ar e t he l aws made
t o be vi o l a ted
Dr E. B. STEAR emphas i zed t he necess i t y t o cope wi t h i ncreas i ng compl ex i t y due
t o t he add o f vehi c l e management sys t em m ss i on management sys t em et c . . . and t he
pr e se nc e of no t o nl y r a ndo m f a i l ur e s but a l s o By z ant i ne o r i nt ent i onal f a i l ur es . Ther e
are sever a l key i s sues f o r t he f u tur e , mos t o f t hem we don t know what t o do t he
s pea ke r s a i d.
Sever al comment s wer e made. R and D met hods must be t r ans i t i oned t o
pr o duc t i o n l i n e i n o r der t o eas e t he f u nc t i o na l c o mpl e xi t y t r a ns f e r t o wa r ds
appl i c at i o n. Us e di agno st i c t o f i t s y s t e m and mak e s ur e
i t
works . Use pro t ec t i on
a ga i ns t des i gne r r a t h er t h an p r o gr a mme r , r epor t c i r c ums t a nc e s o f f a i l ur e ( wh at
maneuver , what env i r onment , e t c . . .
.
Va l i da t i on pr o bl em i s a k ey i s s ue ; i t woul d be a
s or t o f l i m t i ng as pec t of v al i dat i on t o make do wi t h r u nni ng val i dat i on f r om t h e
begi nni ng of t he program as i t i s r ecommanded.
Dr J . KERSHAW was pl eased t o hear about power f ul t echni ques such as DEVA but
r em nded t hat t r adi t i ona l pr act i ce was made of good met hods ; s ubs ys t e m par t i t i oni ng
hel ps t o r educe compl exi t y but i t as sumes t hat i f a component i s cor r ec t i t s t ays
c o r r e c t ; t he speaker sees no con f l i c t bet ween m ss i on management concept and f l i ght
c o nt r o l des i gn but r a t h er s y ne r gy. T he que s t i o n pos ed wa s i f t r a di t i o na l me t h ods a r e
good but a r e not a bl e t o s uppl y s of t wa r e f a i l u r e r at e f i gur e s , i s good qu al i t y f e el i ng
enough ?
DR
G. T.
SCHMI DT summed up t he i ssue of f l i ght t es t r esul t s : because of
t he i r s pec i f i c e nv i r onme nt wha t i s t hei r v al ue ? A dat a bank woul d be ver y usef u l .
Mr J . K. RAMAGE concl uded t he sympos i um and addr essed the key i ssues o f f aul t -
t ol er ant f l i ght c o nt r o l s ys t e ms
;
new i nnovat i ve concept s and methods wer e i nter es t i ng
t o not e a nd t r a de - o f f bet we en m s s i on per f o r manc e, r el i a bi l i t y , s a f et y and
a f f or da bi l i t y c oul d be got at a s t i l l hi gher l evel f or b ot h par t s t ha nk s t o power f ul
t e c hn i que s , n ew t o ol s and s k i l l ed peo pl e.
Cl e ar l y , t o da ys t r end t o wa r ds hi ghl y i nt egr at ed s y s t e ms ha s s e v er a l
s i gni f i c ant i mpl i c at i ons wi t h r e s pec t t o ov er al l s ys t e m i nt e gr i t y and val i dat i on
met ho do l o gi e s. I t s e nc our a gi ng t o not e t hat s ev er al i nnov at i v e f aul t t ol er ant d es i gn
concept s a re bei ng deve l oped wi t h i n NATO t o pr ovi de the necessary sys t em i nt egr i t y f o r
a c hi e vi n g i mpr ov ed m s s i o n c a pa bi l i t i e s . K ey no t e s pea ke r Ge n Ma ur i n hi ghl i ght ed t he
need t o cons i der modern day gu i dance and cont r o l s ys t ems as a t o ta l ent i t y , i nc l udi ng
t he pi l ot vehi c l e i nt er f ac e. I n pa r t i c ul a r , o ne mus t c ons t ant l y bal anc e m s s i o n
pe r f or ma nc e a ga i ns t a f f or da bi l i t y and s af et y . F ai l ur e t o pr o per l y a c hi ev e t hi s , c oul d
f ur t her a ggr av at e ac c i dent s t a t i s t i c s wi t h t he i nt r oduc t i on of hi ghl y i nt egr at ed f l i ght
c r i t i c al s y s t e ms . Si gni f i c ant t ec hni c al c hal l e nges r e mai n t o as s ur e a cc ept a bl e r i s k
l evel s .
4 .
CONCLUSI ONS
The conc l us i ons pr esent ed here a re t hose o f t he aut hor , based on the wr i t t en
paper s , p resent a t i ons , d i s cuss i ons and on t he f o rms handed i n by t he sympos i um
de l e ga t e s .
4 . 1
An ov er a l l p i c t u r e o f t he t o pi c s pr es ent ed i n t h i s s ympo s i um i s gi v en by t he
di s t r i but i on
of
t he pa pe r s r el at ed t o e xi s t i n g, updat e d or n ew s y s t e ms , t o s pec i f i c
t echnol ogy advances or t o s af et y as pec t s .
F aul t - Tol er a nt F l i ght Cont r o l Sub- s ys t e m s ys t e m :
.
exi s t i ng
:
12
( A
3 2 0 )
;
4 3 , 5 5
( PUMA PSR)
;
5 2
( I NS)
;
. updat ed : 11 ( AFTI / F l 6)
; 12
( A 3 3 0 / 3 4 0 ) ; 2 3 ( Commer ci al
Ai r pl a ne F CS ) ; 31 ( TORNADO)
. new : 12 ( Co mme r c i a l Ai r pl a ne )
; 2 4
( i nt egr at ed
Ai r f r ame/ P ropul s i on Cont r o l Sys t em) ; 26,
5 1 , 5 3
( CRCA) .
Faul t - Tol e rant Techn i que / Techno l ogy Advances :
. Mi c r o pr o c es s o r :
2 3 , 2 5 ;
Memor y :
2 1 , 3 5
;
. Communi cat i on Net wor k
:
41 ;
Dat a Base : 11,23 ;
. Di s pl ay s :
1 3
;
. Opt i c al :
1 2 , 5 4
;
-
8/11/2019 Agard Ar 281
19/28
11
. Exper t - Sys t e m :
2 6 , 5 3
;
.
Hi gh Or der Language : 4 2 , 4 4 .
New Gui dance and Cont r ol I ss ues :
-
. Te r r a i n F ol l owi ng, T er r ai n Av oi danc e
: 11, 1 3 , 3 1
;
Rec onf i gur abl e c ont r ol
:
2 6 , 5 3 ;
.
Mi ss i on, Vehi c l e Management
:
2 6 , 3 3
;
. Di agnos i s : 2 6 , 3 4 ;
. Schedul ed Mai nt enance
: 2 2
;
Saf et y Ass ess Tes t s and Met hods : 3 1 , 4 4 , 5 1 , 5 3 , 5 4 , 5 5 ;
Sa f e ty Assess Tool s :
1 2 , 2 4 , 2 5 .
4 . 2 The s t a te o f t he ar t F l i gh t Cont r o l Sys t ems have been r evi ewed. Sys t em
Ar c hi t ec t ur e i s l ane or i ent ed and s ys t e m f ai l ur e t ol er a nc e c apabi l i t y
i s
achi eved
t hr o ugh pa r a l l el r e dundanc y . Requi r e ment s ar e mor e s t r i ngent f o r c i v i l appl i c at i ons . I n
t hese appl i cat i ons more emphas i s i s gi ven on channe l i z i ng and di sper s i ng t he f l i ght
c ont r ol f unc t i ons . Commer c i al Ai r c r a f t Co nt r ol l e r s e ems t o be mor e f aul t - t o l er a nt
ef f ec t i ve t h an m l i t a r y Ai r c r a f t Cont r ol l er .
4 . 3
Ther e i s
a
gener a l consensus i n t he t echni ca l communi t y t hat t he
t echnol ogy i s i n hand f or addr ess i ng new gui dance and cont r o l i ssues such
as
r econf i gur abl e cont r o l and vehi c l e management and f o r a l l owi ng p i l o t wo rk l oad t o
dec rease wi t h m ss i on management ai d sys t em W t h r espec t t o f aul t t o l e rance c r ew m ght
be t he bot t l eneck. Out o f 4 0 acc i dent s a year f o r bo th commerc i a l and m l i t ar y
ai r c r a f t s due t o c ont r ol f unc t i on
l oss,
80
%
are due t o t he cr ew
or
t o pr o cedur e r ul es .
A comp l e te f l i ght aut omat i c sys t em
i s
c l ai med t o i nc r e as e r e l i abi l i t y . Howe ver t he key
o f t h i s new s t ep success i s t he deve l opment o f means t o assure opera t i ona l dec i s i on
maker s
-
o r pass enger s
-
t hat t hey are not a t t he mercy o f a machi ne.
4 . 4 Fl i ght Cont r o l Syst em wi l l become more compl ex due to i ncr eas i ng number
o f f unc t i ons ( Te r r a i n F ol l o wi ng, T er r ai n Av oi danc e, Rec onf i gur abl e Co nt r o l , Vehi c l e
Management , Mai nt enance Di agnosi s , Mi ss i on Management . . . and i nt es r a t i on ( p r o pul s i on,
f i r e cont r ol , . . . . Commonal i t y of har dwar e and sof t war e must be encouraged t o i ncr ease
conf i dence and t o l ower
cost .
Es pec i al l y r eus abi l i t y
of
sof t war e must be encour aged
;
devel opment of means s uch as so f t ware pa r t i t i oni ng, comp l ex so f t har e r epl acement by
si mpl e har dwar e i s needed because i t seems t hat f or mal proof coul d be achi eved f or
s i mpl e appl i c at i on.
4 . 5
T he s t a t e o f t he a r t F l i ght Cont r ol Sys t e m val i dat i on met hods a nd t ool s
have been r evi ewed. The t r adi t i ona l method can be qua l i f i ed o f good
;
i t i nc l udes
mode l l i ng phase wi t h Fai l u re Modes and Ef f ec ts Ana l ys i s ( F . M . E . A . ) , t he Augment ed
Fai l ur e Modes and Ef f ect s and Cr i t i ca l i t y Anal ys i s ( FMECA) and Faul t - T ree Methodo l ogy ,
t hen i r on bi r d i nt egr at i on and t e s t i ng, f l i ght t es t a nd m - s er v i c e oper at i on i nc i dent
r epor t ev al uat i on.
No
t heor et i c al f r amewor k ex i s t s f or t he val i dat i on pr oc es s .
A
r el i a bi l i t y i ns ur anc e mus t be appl i ed
;
i t c ons i s t s t o i nc l ude v al i dat i on i n t he
de s i gn and t o cons i der v al i dat i on f r o m t he cr eat i on of t he pro j ect . Comput er - Ai ded
Rel ' abi l i t y Es t i mat i on wi l l b e ver y us ef ul .
4 . 6 At p resent , because of i t em
4 . 4
i s s u e, F l i ght Cont r ol Sy st em updat i ng i s
a ver y ha rd j ob.
4 . 7
Tes t i ng
i s
onl y good a t f i ndi ng e r r o rs but
no t
at demonst r at i ng
t hei r abs e nc e. So t h e r e
i s
a need f or mat ure f or mal proof met hods. Thi s need
i s
at
pr esent , not sa t i s f i ed even i f some pr ogr ess has been made. The key i s sue of f aul t
t o l er a nt s ys t em i s val i dat i on.
5.
RECOMM NDATI ONS
. 1
T he k ey i s s ue of f aul t - t o l er a nt F l i ght Cont r ol Sys t e m mus t be addr es s e d
cont i nuous l y . W t h r espec t t o the r esul t s of t he GCP Work i ng Gr oup
9
o n v al i dat i on of
f l i ght c r i t i c al c ont r ol s y s t e ms f ol l ow- on ac t i on shoul d be gi v en t o
a
L ec t u r e S er i es t o
expl a i n val i dat i on methods
o r
what met hods ar e asked f or ( i . e . f o rmal proof
val i dat i on) .
5 . 2
Ai r vehi c l es are s t i l l mor e and mor e aut omat i c because t echnol ogy push
and r equi r eme nt p ul l ( e s pec i al l y f i r e c ont r o l ari d t h r e at avoi da nc e s ys t e m l evel
)
; t he
di al ogue bet ween man and machi ne
i s
more and mor e di f f i cul t when t he r esponsabi l i t i e s
ar e no t c l ea r
or
t he bandwi dths d i f f er ent . Sem - aut omat i c syst ems ar e har d t o manage
because man pr esence hi nder s t he whol e sys t em model l i ng ; i t i s t he r eason why emphasi s
must be gi ven on aut omat i c a i r vehi c l e s t udi es and oper at i ona l acceptance o f c r ew onl y
f or s uper v i s i on.
-
8/11/2019 Agard Ar 281
20/28
12
APPENDI X
FI NAL PROGRAM
FAULT TOLERANT DESI GN CONCEPTS FOR HI GHLY I NTEGRATED FL I GHT CRI TI CAL GUI DANCE AND
CONTROL SYSTEMS
Pr ogr amme Chai r man : Mr . J ames K. RAMAGE
US)
KEYNOTE ADDRESS by GBn6r al Fr anqoi s Maur i n, Member of Fr ench Consei l d Et at and For mer
Chi ef of St af f of t he Fr enc h Ar m es .
Ses s i on I
-
TRENDS I N I NTEGRATED FL I GHT CRI TI CAL SYSTEMS
Chai r man : Dr . M. J . PELEGRI N ( FR)
: F l i ght c r i t i c al des i gn c onc ept s f or l ow- l ev el t ac t i c al gui danc e
and cont r o l
M. R. GRI SWOLD
Ge ner a l Dynam c s Co r p or at i o n, For t
Wor t h Di v i s i on, TX, USA
12 : Evo l u t i on dans
l es
appl i c at i ons ci vi l es
Ci v i l appl i c at i ons t r ends
P . TRAVERSE AGr ospa t i a l e , Tou l ouse , FR.
13
: P i l ot moni t or i ng
of
d i sp l ay enhancement s genera t ed f r om a di g i t a l
dat a base
P . J . BENNETT, J . J . COCKBURNFer r ant i Def ence Syst em Li m t ed
Edi nburgh, UK
Se s s i o n I 1 - ADVANCED FAULT TOLERANT DESI GN CONCEPTS
Chai r man
:
Mr . U. K. KROGMANN ( GE)
21 : Techn i ques f or t r ans i ent e r r o r r ecover y and avoi dance i n
r edundant pr ocessi ng syst ems
S. J . ADAMS,
M. J .
DZWONCZYK The Charl es St ar k Dr aper Labor at or y,
I nc . , Cambr i dge, MA, USA
2 2 :
The r o l e of t i me- l i m t ed di s pat c h oper at i on i n f aul t t ol er a nt
f l i ght c r i t i c al c ont r o l s ys t e ms
D. F . ALL I NGER, F . J . LEONG The Char l es S ta r k Dr aper Labor a t o ry ,
P . S . BABCOCK
I nc . , Cambr i dge , MA , USA
G. C. HORAN, R. F . LaPr ad P ra t t and Wh i t ney Ai r c r a f t Di v i s i on,
E. Ha r t f o r d , Co nne ct i c ut , USA
23
: A f aul t t ol er ant f l y - by - wi r e s y s t e m f or mai nt enanc e f r ee
a ppl cat ons
R. W DENNI S , A. D. HI L L S GEC Av i o ni c s F l i ght Cont r ol s Di v i s i o n,
Roches t e r , Kent , UK.
24
: The i nt egr at ed a i r f r ame/ pr opul s i on c ont r ol s y s t e m a r c h i t ec t ur e
pr o gr a m ( I APSA)
D. L. PALUMBO, C. W MEI SSNERNASA L angl ey Resear ch Cent er , Hampt on,
G. C. COHEN Boei ng Advanced Syst ems Co. , Seat t l e,
VA, USA
WA, USA
25 : Dependabl e syst ems usi ng VI PER
J . KERSHAW RSRE, Mal ver n, UK
26 : F aul t t ol er a nt , f l i ght c r i t i c al c ont r o l s ys t e ms
T. SADEGHI , G. MAYVI LLE Gener al E l ect r i c Company, Bi nghampt on,
NY ,
USA
-
8/11/2019 Agard Ar 281
21/28
13
.
SESSI ON
-
I 11 SY STEM ARCHI TECTURES, MECHANI ZATI ON AND I NTEGRATI ON
I SSUES
Chai r man
:
P ro f esso r E. B. STEAR ( US)
3 1
:
Me t h ods t o pr e s er v e t h e i nt egr i t y of a co mba t ai r c r a f t f l i ght
cont r o l sys t em t hrough maj or upgr ade pr ogr ammes
M.
RbSSLER,
W.
SCHMI DT MBB Munc hen, GE
3 3
:
Resear ch i nt o a m ss i on management ai d
J . R. CATFORD
I . D. GRAY
GEC Av i oni cs , Roches t e r , Kent , UK
Fer r ant i De f ence Sys t ems , Edi nburgh,
UK
( Both o f t he MMA J o i n t Vent ure , RAE ,
Far nborough , Hant s )
3 4
:
I nt egr at ed di agnos t i c s f or f aul t t o l er a nt s y st ems
H. A FUNK, M. M. J EPPSON Honeywel l Syst ems and Resear ch Cent er ,
Mi nneapol i s , MN, USA
3 5 :
A By z ant i n e r e s i l i e nt pr o ce s s or wi t h a n enc oded f a ul t - t o l e r a nt
s har ed memor y
R. E. HARPER, B. BUTLER The Char l es St ar k Dr aper Labor at or y ,
I nc . , Ca mbr i dge,
MA,
USA
SESSI ON I V - HI GH I NTEGRI TY SOFTWARE DESI GN METHODOLOGI ES AND
ALGORI THMS
Chai r man
:
Pr of essor J . T . SHEPHERD
UK)
4 1
:
A h i ghl y r e l i abl e , aut onomous da t a communi ca t i on subsys t em f or an
advanced i nf or mat i on process i ng sys t em
G. NAGLE, T . MASOTTO, The Char l es St ar k Dr aper Labor at or y ,
L. ALGER I nc. , Cambr i dge, MA, USA
4 2
:
For mal i sat i on de d6vel oppement s
:
de l a t h6or i e au progr amme
For mal i z i ng devel opment s : f r o m t heor y t o pr a ct i c e
M.
LEMOI NE, K. BECHANE ONERA- CERT, Ddpar t ement d Et udes et de
Recherches en I n f o rmat i que , Tou l ouse ,
FR
4 3
:
M6t hodol ogi e de d6compos i t i on d app l i ca t i on de nav i gat i on
cr i t i que en 616ment s s i mp l es
Br eak- down met hodol ogy f or f l i ght c r i t i c al appl i c at i ons i nt o
el ement ar y component s
B. CHAVANA, CROUZET
S A ,
Val ence, FR
F. de SAI NTE MARESVI LL E
4 4 :
F aul t t o l e r a nc e vi a f aul t a v oi da nc e
B. D. BRAMSON RSRE, Mal ver n, Wor cs , UK
SESSI ON V - SYSTEM VALI DATI ON, SI MULATI ON AND FL I GHT TEST EXPERI ENCE
Chai r man
:
Dr . G. T . SCHMI DT ( US)
5
:
Pi l ot ed s i mul at i on ver i f i c at i on of a cont r o l r e c onf i gur a t i on
s t r at egy f or a f i ght er a i r c r a f t u nde r i mpa i r ment s
R. MERCADANTE
Gr umman Ai r c r a f t Sys t ems Di v i s i on,
Bet hpage, NY, USA
5 2
:
F l i ght t e st r e s ul t s of f ai l ur e det ec t i on and i s ol at i on al gor i t hms
f or a r edundant s t r apdown i ner t i a l measur ement uni t
F. R. MORRELL
P. R. MOTYKA
M. L . BAI LEY
NASA Langl ey Resear ch Cent er , Hampt on,
VA,
USA
The Char l es St a rk Dr aper Labora t o ry ,
I nc . , Cambr i dge,
MA,
USA
PRC Kent r on I n te r nat i ona l , Hampt on,
VA, USA
-
8/11/2019 Agard Ar 281
22/28
14
53
:
F l i ght demons t r at i on of a s el f - r e pai r i ng f l i ght c ont r o l s ys t e m i n
a NASA F - 15 f i ght e r a i r c r a f t
J . M. URNES
J .
ST EWART
R. ESLI NGER
McDonne l l Ai r c ra f t Company, S t Loui s ,
MO,
USA
NASA Ames Resear ch Cent er , Dr yden
F l i ght Re sear c h Fac i l i t y , Edwa r ds AF B,
CA, USA
Wr i ght Resear ch and Devel opment
Ce nt e r , ( WDRC/ F I GL ) , Wr i gh t - P at t e r s o n
AFB, USA
54
:
F l i gh t t es t i ng o f a r e du nda nt e x pe r i me nt a l F bW F bL h el i c opt er
c ont r ol s y st em
G .
MANSFELD, H. BECKER DFVLR, I ns t i t ut f ur F l ugf uhr ung,
K.
BENDER, K. D. HOLLE Br aunschwei g, GE
55 :
Un sys t kme de r d f e rences pr i ma i r es de haute i nt egr i t d
A hi gh i nt egr i t y f l i ght d at a s ys t em
J . L . ROCH, J . CONTET CROUZET S A , Val ence, FR
ROUND TABLE DI SCUSSI ON
-
FUTURE TRENDS AND KEY I SSUES
-
8/11/2019 Agard Ar 281
23/28
1
Recipient s Reference 2. Originator s Reference 3. Further Reference
211
ISBN 92-835-0559-X
'I\\
AGARD-AR-28
4. Security Classification
of Document
UNCLASSIFIED
B. Author(s)/Editor(s)
Monsieur Bernard Chaillot
0.
Author s/Editor s Address
Direction des Recherches et Etudes Techniques
26 boulevard Victor, F-75996 Paris ArmCes
(SCDEKTDN)
Guidance
Control
Fault tolerance system
Software validation
Terrain following
9. Date
May 1990
I 1 1 13
1 1 .
Pages
22
Terrain avoidance
Reconfigurable control
Vehicle management
Mission management
Maintenance diagnosis
---
w
Evaluation Report on the Guidance and Control Panel 49th Symposium held at the Ecole
Nationale SupCrieure de 1 Aeronautiqueet de 1 Espace
in
Toulouse, France, from 10th to 13th
October 1989.
In
all
23 papers were presented including the Keynote address, covering the following headings:
- Trends
in
integrated flight critical systems;
- Advanced fault tolerant design concepts;
-
System architectures,mechanization and integration issues;
- High integrity software design methodologies and algorithms;
-
System validation, simulation and flight test experience.
% Y
c e@
-
8/11/2019 Agard Ar 281
24/28
-
8/11/2019 Agard Ar 281
25/28
r
7
b
r
2
a:
-
8/11/2019 Agard Ar 281
26/28
s
\o
z
E
w
VI
VI
8
E
UY
3
2
2
9
E
F
2
Q
5
5
e
7:
Y
Y
(U
a
E:
w
s
v
n
3
3
s
g
..
z
8
E
v
2
E
E.
2
8
Y
E
5
e
CD
Y
3
P
a
E:
2
m
n