A Decentralized Voting and Monitoring Flight Control Actuation System for eVTOL Aircraft
Abstract
:1. Introduction
2. Outline of EMA on eVTOL Aircraft
2.1. EMA for eVTOL Flight Control
2.2. Design Requirements and Principles
- Safety Requirements
- Functional Separation
- Component Separation
- Structural Impact on the Aircraft
2.3. Design Methodology
3. VoDeMo EMA Architecture Design
3.1. Overview
3.2. Digital Complex
Algorithm 1: FCC Input Monitoring |
|
3.3. Digital Simple
3.4. High-Power Analog
4. Evaluation
4.1. Preliminary Safety Assessment Based on Abstract Architecture Model
- Rare events approximation:
- Esary–Proschan upper bound:
- Recursive inclusion–exclusion:
4.2. Qualitative Safety Validation with Simulation Model and HIL Test
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A
Functions | Failure Modes | Causes | Effects | Current Corrections |
---|---|---|---|---|
Position and Speed Control Loop | COM Lost | COM destroyed | No COM transmit to Digital Simple “C==S” and “C==M” taken as false | STBY control |
COM PWR disconnected | No COM transmit to Digital Simple “C==S” and “C==M” taken as false | STBY control | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Failure on RS422 from COM | No COM signal to Digital Simple “C==S” and “C==M” taken as false | STBY control | ||
STBY Lost | STBY destroyed | No STBY transmit to Digital Simple “S==C” and “S==M” taken as false | COM control | |
STBY PWR disconnected | No STBY transmit to Digital Simple “S==C” and “S==M” taken as false | COM control | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Failure on RS422 from STBY | No STBY signal to Digital Simple “S==C” and “S==M” taken as false | COM control | ||
MON Lost | MON destroyed | “S==C” and “S==M” taken as false | COM control | |
MON PWR disconnected | “M==C” and “M==S” taken as false | COM control | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Lost COM and STBY | COM and STBY destroyed | No COM and STBY transmit to Digital Simple “C==S”,“C==M”,“S==C”, and “S==M” taken as false | Passive | |
COM and STBY PWR disconnected | No COM and STBY transmit to Digital Simple “C==S”,“C==M”,“S==C”, and “S==M” taken as false | Passive | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Failure on two RS422s | No COM and STBY signal to Digital Simple “C==S”,“C==M”,“S==C”, and “S==M” taken as false | Passive | ||
Position and Speed Control Loop | Lost COM and MON | COM and MON destroyed | No COM and MON transmit to Digital Simple “C==S”,“C==M”,“M==C”, and “M==S” taken as false | Passive |
COM and MON PWR disconnected | No COM and MON transmit to Digital Simple “C==S”,“C==M”,“M==C”, and “M==S” taken as false | Passive | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Lost STBY and MON | STBY and MON destroyed | No STBY and MON transmit to Digital Simple “S==C”,“S==M”,“M==C”, and “M==S” taken as false | Passive | |
STBY and MON PWR disconnected | No STBY and MON transmit to Digital Simple “S==C”,“S==M”,“M==C”, and “M==S” taken as false | Passive | ||
PWR supplies destroyed | The EMA system loses power | Passive | ||
Inconsistentoutputs | COM Latency/bias/noise/fault | “C==S” and “C==M” taken as false | STBY control | |
STBY Latency/bias/noise/fault | “S==C” and “S==M” taken as false | COM control | ||
MON Latency/bias/noise/fault | “M==C” and “M==C” taken as false | COM control | ||
Control signalvotings | Lost voting 1 | PLD 1 destroyed | No control signal to CH1 | CH1 Passive All load on CH2 |
Lost voting 2 | PLD 2 destroyed | No control signal to CH2 | CH2 Passive All load on CH1 | |
Lost voting 1 and 2 | PLD 1 and 2 destroyed | No control signal to CH1 and 2 | CH1 and 2 Passive | |
Motor drive | Lost Channel 1 | H-PWR 1 destroyed\open circuit | No torque generated on CH1 | CH1 Passive All load on CH2 |
Open circuit on Motor 1 | No torque generated on CH1 | CH1 Passive All load on CH2 | ||
Lost Channel 2 | H-PWR 2 destroyed\open circuit | No torque generated on CH2 | CH2 Passive All torque on CH1 | |
Open circuit on Motor 2 | No torque generated on CH2 | CH2 Passive All load on CH1 | ||
Lost Channel 1 and 2 | H-PWR 1 and 2 destroyed\open circuit | No torque generated on CH1 and 2 | CH1 and 2 Passive | |
Open circuit on Motor 1 and 2 | No torque generated on CH1 and 2 | CH1 and 2 Passive | ||
Unequal outputs | Asyncronous current control | Power surge/force fighting | Normal control Forces quickly merge | |
PWM frequency reduced | Power surge/force fighting | Normal control | ||
Mechanicalactuation | Friction on motor 1 | Motor1 jammed/bad lubrication | Force fighting/temperature rises | Normal control Higher load on Motor 2 |
Friction on motor 2 | Motor 2 jammed/bad lubrication | Force fighting/temperature rises | Normal control Higher load on Motor 1 | |
Friction on shaft | Shaft jammed/bad lubrication | Load increased/temperature rises | Normal control | |
Position feedback | Lost one sensor | Failure on one sensor | Lost one position measurement | Fuse rest two MEAs |
Lost two sensors | Failure on two sensors | Lost two position measurements | Feedback remain MEA | |
Lost three sensors | Failure on all sensors | Lost all position measurements | Passive |
References
- McKinsey & Company. Study on the Societal Acceptance of Urban Air Mobility in Europe; Technical Report; European Union Aviation Safety Agency: Cologne, Germany, 2021. [Google Scholar]
- McKinsey & Company. Urban Air Mobility Survey Evaluation Report; Technical Report; European Union Aviation Safety Agency: Cologne, Germany, 2021. [Google Scholar]
- European Union Aviation Safety Agency. Special Condition for Small-Category VTOL Aircraft, 1st ed.; European Union Aviation Safety Agency: Cologne, Germany, 2023. [Google Scholar]
- Lu, Z.; Hong, H.; Diepolder, J.; Holzapfel, F. Maneuverability Set Estimation and Trajectory Feasibility Evaluation for eVTOL Aircraft. J. Guid. Control. Dyn. 2023, 46, 1184–1196. [Google Scholar] [CrossRef]
- Lu, Z.; Li, H.; He, R.; Holzapfel, F. Energy-Efficient Incremental Control Allocation for Transition Flight via Quadratic Programming. In Proceedings of the 2022 International Conference on Guidance, Navigation and Control, Tianjin, China, 5–7 August 2022; pp. 4940–4951. [Google Scholar]
- Nelson, T. 787 Systems and Performance; The Boeing Company: Arlington, VA, USA, 2005. [Google Scholar]
- Qiao, G.; Liu, G.; Shi, Z.; Wang, Y.; Ma, S.; Lim, T.C. A review of electromechanical actuators for More/All Electric aircraft systems. Proc. Inst. Mech. Eng. Part C J. Mech. Eng. Sci. 2018, 232, 4128–4151. [Google Scholar] [CrossRef]
- Thompson, E.L.; Taye, A.G.; Guo, W.; Wei, P.; Quinones, M.; Ahmed, I.; Biswas, G.; Quattrociocchi, J.; Carr, S.; Topcu, U.; et al. A survey of eVTOL aircraft and AAM operation hazards. In Proceedings of the AIAA AVIATION 2022 Forum, Chicago, IL, USA & Virtual, 27 June–1 July 2022; p. 3539. [Google Scholar]
- Wasson, K.; Neogi, N.; Graydon, M.; Maddalon, J.; Miner, P.; McCormick, G.F. Functional Hazard Assessment for the eVTOL Aircraft Supporting Urban Air Mobility (UAM) Applications: Exploratory Demonstrations; Technical Report; NASA: Washington, DC, USA, 2022. [Google Scholar]
- European Union Aviation Safety Agency. Proposed Means of Compliance with the Special Condition VTOL, 4th ed.; European Union Aviation Safety Agency: Cologne, Germany, 2023. [Google Scholar]
- McGough, J.; Moses, K.; Platt, W.; Reynolds, G.; Strole, J. Digital Flight Control System Redundancy Study; US Air Force Flight Dynamics Laboratory (AFFDL): Wright-Patterson Air Force Base, OH, USA, 1974. [Google Scholar]
- Bosch, J.; Kuehl, W. Reconfigurable redundancy management for aircraft flight control. J. Aircr. 1977, 14, 966–971. [Google Scholar] [CrossRef]
- Yeh, Y.C. Triple-triple redundant 777 primary flight computer. In Proceedings of the 1996 IEEE Aerospace Applications Conference. Proceedings, Aspen, CO, USA, 10 February 1996; Volume 1, pp. 293–307. [Google Scholar]
- Ning, C.; Zhang, H.; Weng, H.; Ma, R. Safe Architecture Design of Flight Control System for eVTOL; Technical Report, SAE Technical Paper; SAE International: Warrendale, PA, USA, 2023. [Google Scholar]
- Ismail, M.; Wiedemann, S. Design and evaluation of fault-tolerant electro-mechanical actuators for flight controls of unmanned aerial vehicles. Actuators 2021, 10, 175. [Google Scholar] [CrossRef]
- Murray, C. Automakers opting for model-based design. Des. News 2010, 5, 11. [Google Scholar]
- Landi, A.; Nicholson, M. ARP4754B/ED-79A-guidelines for development of civil aircraft and systems-enhancements, novelties and key topics. Sae Int. J. Aerosp. 2023, 4, 871–879. [Google Scholar] [CrossRef]
- SAE. ARP4761A-Guidelines and methods for conducting the safety assessment process on airborne systems and equipments. In USA: The Engineering Society for Advancing Mobility Land Sea Air and Space; SAE International: Warrendale, PA, USA, 2023. [Google Scholar]
- Joshi, A.; Miller, S.P.; Whalen, M. A proposal for model-based safety analysis. In Proceedings of the 24th Digital Avionics Systems Conference, Washington, DC, USA, 30 October–3 November 2005; Volume 2, pp. 2–13. [Google Scholar]
- Gorospe, G.E., Jr.; Kulkarni, C.S.; Hogge, E.; Hsu, A. A study of the degradation of electronic speed controllers for brushless dc motors. In Proceedings of the Asia Pacific Conference of the Prognostics and Health Management Society 2017, Jeju, Republic of Korea, 12–15 July 2017. [Google Scholar]
- Moseler, O. Application of model-based fault detection to a brushless DC motor. IEEE Trans. Ind. Electron. 2000, 47, 1015–1020. [Google Scholar] [CrossRef]
- Fulton, R. RTCA DO-254/EUROCAE ED-80 Digital Avionics Handbook; CRC Press: Boca Raton, FL, USA, 2017; pp. 217–236. [Google Scholar]
- European Union Aviation Safety Agency. AMC 20-115D Airborne Software Development Assurance Using EUROCAE ED-12 and RTCA DO-178. In Easy Access Rules for Acceptable Means of Compliance for Airworthiness of Products, Parts and Appliances; European Union Aviation Safety Agency: Cologne, Germany, 2021. [Google Scholar]
- Ismail, M.; Bosch, C. Fault-tolerant actuation architectures for unmanned aerial vehicles. In Advances in Condition Monitoring and Structural Health Monitoring; Springer: Berlin/Heidelberg, Germany, 2021; pp. 345–354. [Google Scholar]
- He, R.; Hofsäß, H.; Zhang, S.; Holzapfel, F. Model-Based Design and Evaluation Approach of Redundant Electro-Mechanical Actuator Control Architecture for eVTOL. In Proceedings of the International Conference on Guidance, Navigation and Control, Tianjin, China, 5–7 August 2022; pp. 974–983. [Google Scholar]
- Crassidis, J.L.; Junkins, J.L. Optimal Estimation of Dynamic Systems, 2nd ed.; Chapman & Hall/CRC Applied Mathematics and Nonlinear Science Series; CRC Press: Boca Raton, FL, USA, 2012. [Google Scholar]
- Mokhamad, K.; Holzapfel, F. A Cost-Effective Synchronization Method for Distributed Flight Control Computers. IEEE Trans. Aerosp. Electron. Syst. 2024. [Google Scholar]
- Rhein, J. ExCuSe—A Method for the Model-Based Safety Assessment of Simulink and Stateflow Models. In Proceedings of the MATLAB Expo 2018, Munich, Germany, 26 June 2018. [Google Scholar]
- The United States Department of Defense. MIL-HDBK-217F N2. Reliability Prediction of Electronic Equipment; The United States Department of Defense: Arlington, VA, USA, 1995.
- Mazur, D.R. Combinatorics: A Guided Tour; American Mathematical Society: Providence, RI, USA, 2022; Volume 55. [Google Scholar]
- Actuator Test Bench. Available online: https://www.fsd.ed.tum.de/infrastructure/gnc-subsystems/ (accessed on 26 February 2024).
- The United States Department of Defense. MIL-HDBK-338B Military Handbook Electronic Reliability Design Handbook; The United States Department of Defense: Arlington, VA, USA, 1998.
- Schallert, C. Integrated Safety and Reliability Analysis Methods for Aircraft System Development Using Multi-Domain Object-Oriented Models. Ph.D. Thesis, Technische Universität Berlin, Berlin, Germany, 2016. [Google Scholar]
Component Type | Failure Rate/fh |
---|---|
Digital Complex | |
Digital Simple | |
Power Electronics | |
High Power Input | |
Low Power Input | |
Position Sensor |
Methods | Failure Rate/fh | Failure Probability (4 h) |
---|---|---|
Rare Events Approximation | 7.6512238567 × 10−7 | 3.0678917175 × 10−6 |
Esary–Proschan Upper Bound | 7.6512238567 × 10−7 | 3.0678917175 × 10−6 |
Recursive Inclusion–Exclusion | 7.6512238567 × 10−7 | 3.0678917175 × 10−6 |
Exact Inclusion–Exclusion | 7.6512238567 × 10−7 | 3.0678917175 × 10−6 |
Mode | Description | Effect |
---|---|---|
0 | normal function | - |
1 | loss of function (flow var.) | de-energized, no active motion |
2 | loss of function (pot. var.) | de-energized, jam or overload |
3 | inadvertent function | uncommanded motion |
Component | Mode | |||
---|---|---|---|---|
0 | 1 | 2 | 3 | |
Bus | Healthy | Loss connection | Interrupted | False but valid signal (delay, drift, intermittent…) |
Processor | Healthy | Lost | Faulty output | Asynchronous computation |
Power electronic | Healthy | Open circuit | Short circuit | PWM frequency reduction Asynchronous computation |
Motor | Healthy | Open circuit | Short circuit | Stator resistance reduction Magnetic flux reduction |
Shaft | Healthy | Disconnection | Jam | Friction increment, Disturbance |
Sensor | Healthy | Lost | Blocked | Precision degraded (biased, delayed, etc.) |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
He, R.; Holzapfel, F.; Bröcker, J.; Lai, Y.; Zhang, S. A Decentralized Voting and Monitoring Flight Control Actuation System for eVTOL Aircraft. Aerospace 2024, 11, 195. https://doi.org/10.3390/aerospace11030195
He R, Holzapfel F, Bröcker J, Lai Y, Zhang S. A Decentralized Voting and Monitoring Flight Control Actuation System for eVTOL Aircraft. Aerospace. 2024; 11(3):195. https://doi.org/10.3390/aerospace11030195
Chicago/Turabian StyleHe, Ruichen, Florian Holzapfel, Johannes Bröcker, Yi Lai, and Shuguang Zhang. 2024. "A Decentralized Voting and Monitoring Flight Control Actuation System for eVTOL Aircraft" Aerospace 11, no. 3: 195. https://doi.org/10.3390/aerospace11030195
APA StyleHe, R., Holzapfel, F., Bröcker, J., Lai, Y., & Zhang, S. (2024). A Decentralized Voting and Monitoring Flight Control Actuation System for eVTOL Aircraft. Aerospace, 11(3), 195. https://doi.org/10.3390/aerospace11030195