Internet operation of aero gas turbines

Diakostefanis, Michail

10 1900

Internet applications have been extended to various aspects of everyday life and offer services of high reliability and security. In the Academia, Internet applications offer useful tools for the remote creation of simulation models and real-time conduction of control experiments. The aim of this study was the design of a reliable, safe and secure software system for real time operation of a remote aero gas turbine, with the use of standard Internet technology at very low cost. The gas turbine used in this application was an AMT Netherlands Olympus micro gas turbine. The project presented three prototypes: operation from an adjacent computer station, operation within the Local Area Netwok (LAN) of Cranfield University and finally, remotely through the Internet. The gas turbine is a safety critical component, thus the project was driven by risk assessment at all the stages of the software process, which adhered to the Spiral Model. Elements of safety critical systems design were applied, with risk assessment present in every round of the software process. For the implementation, various software tools were used, with the majority to be open source API’s. LabVIEW with compatible hardware from National Instruments was used to interface the gas turbine with an adjacent computer work station. The main interaction has been established between the computer and the ECU of the engine, with additional instrumentation installed, wherever required. The Internet user interface web page implements AJAX technology in order to facilitate asynchronous update of the individual fields that present the indications of the operating gas turbine. The parameters of the gas turbine were acquired with high accuracy, with most attention given to the most critical indications, exhaust gas temperature (EGT) and rotational speed (RPM). These are provided to a designed real-time monitoring application, which automatically triggers actions when necessary. The acceptance validation was accomplished with a formal validation method – Model Checking. The final web application was inspired by the RESTful architecture and allows the user to operate the remote gas turbine through a standard browser, without requiring any additional downloading or local data processing. The web application was designed with provisions for generic applications. It can be configured to function with multiple different gas turbines and also integrated with external performance simulation or diagnostics Internet platforms. Also, an analytical proposal is presented, to integrate this application with the TURBOMATCH WebEngine web application, for gas turbine performance simulation, developed by Cranfield University.

Asynchronous

AJAX

Remote

Real-time

Spiral

Safety Critical

Risk Assessment

Software Process

Formal Validation

Model Checking

Credible autocoding of control software

Wang, Timothy

21 September 2015

Formal methods is a discipline of using a collection of mathematical techniques and formalisms to model and analyze software systems. Motivated by the new formal methods-based certification recommendations for safety-critical embedded software and the significant increase in the cost of verification and validation (V\&V), this research is about creating a software development process for control systems that can provide mathematical guarantees of high-level functional properties on the code. The process, dubbed credible autocoding, leverages control theory in the automatic generation of control software documented with proofs of their stability and performance. The main output of this research is an automated, credible autocoding prototype that transforms the Simulink model of the controller into C code documented with a code-level proof of the stability of the controller. The code-level proof, expressed using a formal specification language, are embedded into the code as annotations. The annotations guarantee that the auto-generated code conforms to the input model to the extent that key properties are satisfied. They also provide sufficient information to enable an independent, automatic, formal verification of the auto-generated controller software.

Formal methods

Control

Lyapunov

Safety-critical software

Model-based development

Verification & validation

Certification of Actel Fusion according to RTCA DO-254

Lundquist, Per

January 2007

In recent years the aviation industry is moving towards the use of programmable logic devices in airborne safety critical systems. To be able to certify the close to fail-safe functionality of these programmable devises (e.g. FPGAs) to the aviation authorities, the aviation industry uses a guideline for design assurance for airborne electronic hardware named RTCA DO-254. At the same time the PLD industry is developing ever more complex embedded system-on-chip solutions integrating more and more functionality on a single chip. This thesis looks at the problems that rise when trying to certify system-on-chip solutions according to RTCA DO-254. Used as an example of an embedded FPGA, the Actel Fusion FPGA chip with integrated analog and digital functionality will be tested according to the verification guidance. The results show that for the time being, the examined embedded system-on-chip FPGAs can not be verified to be used in airborne safety critical systems.

Safety critical

certification

RTCA DO-254

FPGA

airborne

Actel Fusion

Electronics

Elektronik

ARCHITECTURE-AWARE HARD-REAL-TIME SCHEDULING ON MULTI-CORE ARCHITECTURES

Shekhar, Mayank

01 December 2014

The increasing dependency of man on machines have led to increase computational load on systems. The increasing computational load can be handled to some extent by scaling up processor frequencies. However, this approach has hit a frequency and power wall and the increasing awareness towards green computing discourages this solution. This leads us to use multi-core architectures. Due to the same reason, real-time systems are also migrating from single-core towards multi-core systems. While multi-core systems provide scalable high computational power, they also expose real-time systems to several challenges. Most of these challenges hamper the key property of real-time systems, i.e., predictability. In this work, we address some challenges imposed by multi-core architectures on real-time systems. We propose and evaluate several scheduling algorithms and demonstrate improved predictability and performance over existing methods. A unifying them in all our algorithms is that we explicitly consider the effects of architectural factors on the scheduling and schedulablity of real-time programs. As a case study, we use Tilera's TilePro64 platform as an example multi-core platform and implement some of our algorithms on this platform. Through this case study, we derive several useful conclusions regarding performance, predictability and practical overheads on a multi-core architecture.

Embedded Systems

Hard Real-Time Systems

Real-Time Systems

Safety Critical

Scheduling

Reliability analysis of neural networks in FPGAs / Análise de confiabilidade de redes neurais em FPGAs

Libano, Fabiano Pereira

January 2018

Redes neurais estão se tornando soluções atrativas para a automação de veículos nos mercados automotivo, militar e aeroespacial. Todas essas aplicações são de segurança crítica e, portanto, precisam ter a confiabilidade como um dos principais requisitos. Graças ao baixo custo, baixo consumo de energia, e flexibilidade, FPGAs estão entre os dispositivos mais promissores para implementar redes neurais. Entretanto, FPGAs também são conhecidas por sua susceptibilidade à falhas induzidas por partículas ionizadas. Neste trabalho, nós avaliamos os efeitos de erros induzios por radiação nas saídas de duas redes neurais (Iris Flower e MNIST), implementadas em FPGAs baseadas em SRAM. Em particular, via experimentos com feixe acelerado de nêutrons, nós percebemos que a radiação pode induzir erros que modificam a saída da rede afetando ou não a corretude funcional da mesma. Chamamos o primeiro caso de erro crítico e o segundo de error tolerável. Nós exploramos aspectos das redes neurais que podem impactar tanto seu desempenho quanto sua confiabilidade, tais como os níveis de precisão na representação dos dados e diferentes métodos de implementação de alguns tipos de camadas. Usando campanhas exaustivas de injeção de falhas, nós identificamos porções das implementações da Iris Flower e da MNIST em FPGAs que são mais prováveis de gerar erros critícos ou toleráveis, quando corrompidas. Baseado nessa análise, nós propusemos estratégias de ABFT para algumas camadas das redes, bem como uma estratégia de proteção seletiva que triplica somente as camadas mais vulneráveis das redes neurais. Nós validamos essas estratégias de proteção usando testes de radiação com nêutrons, a vemos que nossa solução de proteção seletiva conseguiu mascarar 68% das falhas na Iris Flower com um custo adicional de 45%, e 40% das falhas na MNIST com um custo adicional de 8%. / Neural networks are becoming an attractive solution for automatizing vehicles in the automotive, military, and aerospace markets. All of these applications are safety-critical and, thus, must have reliability as one of the main constraints. Thanks to their low-cost, low power-consumption, and flexibility, Field-Programmable Gate Arrays (FPGAs) are among the most promising devices to implement neural networks. Unfortunately, FPGAs are also known to be susceptible to faults induced by ionizing particles. In this work, we evaluate the effects of radiation-induced errors in the outputs of two neural networks (Iris Flower and MNIST), implemented in SRAM-based FPGAs. In particular, through accelerated neutron beam experiments, we notice that radiation can induce errors that modify the output of the network with or without affecting the neural network’s functionality. We call the former critical errors and the latter tolerable errors. We explore aspects of the neural networks that can have impacts on both performance and reliability, such as levels of data precision and different methods of implementation for some types of layers. Through exhaustive fault-injection campaigns, we identify the portions of Iris Flower and MNIST implementations on FPGAs that are more likely, once corrupted, to generate a critical or a tolerable error. Based on this analysis, we propose Algorithm-Based Fault Tolerance (ABFT) strategies for certain layers in the networks, as well as a selective hardening strategy that triplicates only the most vulnerable layers of the neural network. We validate these hardening approaches with neutron radiation testing, and see that our selective hardening solution

Inteligência artificial

Redes neurais

Fpga

Microeletrônica

Reliability

Safety-Critical Applications

Artificial Intelligence

FPGAs

Neural Networks

Effects of Mutation Testing on Safety Critical Software

Johnsson, Rebecca, Svensson, Nathalie

January 2017

For avionic systems, the safety requirements are stricter than for non-safety critical systems due to the severe consequences a failure could cause. Depending on the consequences of a failure, the software needs to fulfill different testing criterias. More critical software needs more extensive testing. The question is whether the extra testing activities performed for software of higher criticality level results in discovery of more faults. Mutation testing has been used in this thesis as a method to evaluate the quality of test suites of avionic applications from different safety critical levels. The results showed that the extra activities performed at the higher levels do not necessarily result in finding more faults.

Mutation testing

software testing

safety critical software

Computer Sciences

Datavetenskap (datalogi)

Simulation of Safety-Critical Systems Specified in AADL

Sheytanov, Boyan

January 2012

Safety-critical software intensive systems are used in a lot of industries nowadays. Examples ofthese are in automotive and aircraft industry, medicine, and autonomous systems. Fault in suchsystems can lead to severe damage and/or loss of human lives. Therefore fault-tolerance should beconsidered at all stages of the system development, starting from the analysis and design.Different languages and tools have been developed for that purpose across the years. One of these isthe Architecture Analysis and Design Language (AADL) – a modeling language used to describethe architecture of a software system. It consists of textual and graphical descriptions of three typesof components – software, execution platform and composite.In this work we implement a prototype of an AADL simulator in Java that enables us to examine thepossible dynamic executions of an AADL specification. This allows us to verify the correctness ofan AADL specification based on the behavior it shows. The simulator would expect an AADLspecification of a software system as an input and simulate the dynamic execution of that system.Before implementing the simulator, we introduce the problem area - safety-critical systems andAADL. Since AADL is used primarily in the automotive and aircraft industries, we have chosen todescribe a simplified flight control system for a plane. It should give the reader an initialunderstanding of the language without going into unnecessary detail about rarely used features.Part of the simulator is a compiler that reads the AADL specification, validates it and transforms itto a Java model. We take a look at the individual steps needed for that, with focus on parsing theinput. Therefore we review the different kinds of algorithms used for parsing and explore how theywork.We also make a detailed literature review of previous works in the area of AADL modeltransformations. Finally, we describe the analysis, design and implementation of the simulator andexamine a case study to test the prototype.

model transformation

software

simulation

AADL

Java

safety-critical systems

real-time systems

Computer Sciences

Datavetenskap (datalogi)

Safety-critical Geometric Control Design with Application to Aerial Transportation

Wu, Guofan

01 December 2017

Safety constraints are ubiquitous in many robotic applications. For instance, aerial robots such as quadrotors or hexcoptors need to realize fast collision-free flight, and bipedal robots have to choose their discrete footholds properly to gain the desired friction and pressure contact forces. In this thesis, we address the safety critical control problem for fully-actuated and under-actuated mechanical systems. Since many mechanical systems evolve on nonlinear manifolds, we extend the concept of Control Barrier Function to a new concept called geometric Control Barrier Function which is specifically designed to handle safety constraints on manifolds. This type of Control Barrier Function stems from geometric control techniques and has a coordinate free and compact representation. In a similar fashion, we also extend the concept of Control Lyapunov Function to the concept of geometric Control Lyapunov Function to realize tracking on the manifolds. Based on these new geometric versions of CLF and CBF, we propose a general control design method for fully-actuated systems with both state and input constraints. In this CBF-CLF-QP control design, the control input is computed based on a state-dependent Quadratic Programming (QP) where the safety constraints are strictly enforced using geometric CBF but the tracking constraint is imposed through a type of relaxation. Through this type of relaxation, the controller could still keep the system state safe even in the cases when the reference is unsafe during some time period. For a single quadrotor, we propose the concept of augmented Control Barrier Function specifically to let it avoid external obstacles. Using this augmented CBF, we could still utilize the idea of CBF-CLF-QP controller in a sequential QP control design framework to let this quadrotor remain safe during the flight. In meantime, we also apply the geometric control techniques to the aerial transportation problem where a payload is carried by multiple quadrotors through cable suspension. This type of transportation method allows multiple quadrotors to share the payload weight, but introduces internal safety constraints at the same time. By employing both linear and nonlinear techniques, we are able to carry the payload pose to follow a pre-defined reference trajectory.

Aerial Transportation

Geometric Control Barrier Function

Geometric Control Lyapunov Function

Safety-critical Geometric Control

Explainable Neural Networks based Anomaly Detection for Cyber-Physical Systems

Amarasinghe, Kasun

01 January 2019

Cyber-Physical Systems (CPSs) are the core of modern critical infrastructure (e.g. power-grids) and securing them is of paramount importance. Anomaly detection in data is crucial for CPS security. While Artificial Neural Networks (ANNs) are strong candidates for the task, they are seldom deployed in safety-critical domains due to the perception that ANNs are black-boxes. Therefore, to leverage ANNs in CPSs, cracking open the black box through explanation is essential. The main objective of this dissertation is developing explainable ANN-based Anomaly Detection Systems for Cyber-Physical Systems (CP-ADS). The main objective was broken down into three sub-objectives: 1) Identifying key-requirements that an explainable CP-ADS should satisfy, 2) Developing supervised ANN-based explainable CP-ADSs, 3) Developing unsupervised ANN-based explainable CP-ADSs. In achieving those objectives, this dissertation provides the following contributions: 1) a set of key-requirements that an explainable CP-ADS should satisfy, 2) a methodology for deriving summaries of the knowledge of a trained supervised CP-ADS, 3) a methodology for validating derived summaries, 4) an unsupervised neural network methodology for learning cyber-physical (CP) behavior, 5) a methodology for visually and linguistically explaining the learned CP behavior. All the methods were implemented on real-world and benchmark datasets. The set of key-requirements presented in the first contribution was used to evaluate the performance of the presented methods. The successes and limitations of the presented methods were identified. Furthermore, steps that can be taken to overcome the limitations were proposed. Therefore, this dissertation takes several necessary steps toward developing explainable ANN-based CP-ADS and serves as a framework that can be expanded to develop trustworthy ANN-based CP-ADSs.

Explainable Artificial Intelligence

Machine Learning

Artificial Neural Networks

Safety-Critical Systems

Cybersecurity

Artificial Intelligence and Robotics

Run Time Assurance for Intelligent Aerospace Control Systems

Dunlap, Kyle

24 May 2022

No description available.

Aerospace Materials

Run Time Assurance

Safety Critical Control

Reinforcement Learning

Genetic Fuzzy Systems