CN109426675B - Stateflow-based redundancy management method for airborne electromechanical integrated management system - Google Patents
Stateflow-based redundancy management method for airborne electromechanical integrated management system Download PDFInfo
- Publication number
- CN109426675B CN109426675B CN201710728850.7A CN201710728850A CN109426675B CN 109426675 B CN109426675 B CN 109426675B CN 201710728850 A CN201710728850 A CN 201710728850A CN 109426675 B CN109426675 B CN 109426675B
- Authority
- CN
- China
- Prior art keywords
- state
- integrated management
- electromechanical integrated
- management computer
- airborne
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
Aiming at the defects of redundancy management function development of the traditional electromechanical integrated management system, a Stateflow tool of Simulink is adopted, a Stateflow-based airborne electromechanical integrated management system redundancy management method is provided, an airborne electromechanical integrated management system architecture model is established, and a state machine model of an electromechanical integrated management computer is designed; and designing redundancy management logic based on a truth table. The method can be used for designing the redundancy management method of the airborne electromechanical integrated management system in the early development stage of the airborne electromechanical integrated management system, can find system faults in advance, improve development efficiency, save development cost, reduce the complexity of the design of the airborne electromechanical integrated management system, enable the model to be far higher than documents and codes in comprehensibility, and reduce the communication difficulty of requirements, design and realization of relevant engineers.
Description
Technical Field
The invention relates to a redundancy management method, in particular to a Stateflow-based onboard electromechanical integrated management system redundancy management method.
Background
An airborne electromechanical system refers to equipment on an airplane for ensuring the normal operation of systems such as flight control and avionics and the safety of personnel on the airplane. The airborne electromechanical system comprises a dozen of systems such as a power supply system, a fuel system, a hydraulic system, an environmental control system, a brake system, an undercarriage system, an engine system and an auxiliary power system. The aviation industry departments at home and abroad introduce an electromechanical integrated management system, and change the electromechanical system from a traditional combined architecture to an integrated or deep integrated architecture.
The redundancy management function of the current airborne electromechanical integrated management system is mainly realized by C language codes, along with the higher and higher degree of integration of the electromechanical integrated management system, system developers are difficult to communicate through codes and documents, the complexity of design is higher and higher, and the portability of the codes is also poorer and poorer. It is urgent to change the above situation.
Stateflow is a graphical design and development tool in Matlab/Simulink series products, and is a graphical implementation tool of a finite state machine. The method is mainly used for expressing the control and detection logic relation in Simulink. When a user carries out Simulink simulation, the graphical tool can be used for realizing conversion among various states, and the problem of complex monitoring logic is solved. The method can realize graphical modeling and simulation of a complex system based on the finite-state machine theory, design, develop and determine the detected control system, and modify the design, evaluate the result and verify the performance of the system more easily at different stages of the design. The state of the art.
Disclosure of Invention
The purpose of the invention is as follows:
while the onboard electromechanical integrated management system gains enormous benefits, a series of problems are brought about, including development, design and integration difficulties introduced by the increase in the scale of the system, "domino effect" caused by failure in reliability, and re-evaluation of safety from loose coupling to tight coupling.
The aviation industry department urgently needs to establish an airborne electromechanical comprehensive management system by adopting an advanced and scientific method. The modeling and simulation technology is an effective means, the complexity of the design of the airborne electromechanical integrated management system can be reduced through modeling/simulation, the comprehensibility degree of the model is far higher than that of documents and codes, and the communication difficulty of requirements, design and realization of related engineers is reduced; secondly, the design defects of the system can be found at the early stage of product development through modeling/simulation, the high repair cost is reduced, and the product delivery cycle is shortened; and thirdly, forming a standard system designed for the airborne electromechanical comprehensive management system through modeling/simulation, standardizing the design flow and guiding the electromechanical system designer.
The technical scheme of the invention is as follows:
in order to achieve the purpose of the invention, the technical scheme adopted by the invention is as follows: redundancy management method of the airborne electromechanical integrated management system based on Stateflow.
The redundancy management method of the airborne electromechanical integrated management system based on Stateflow comprises the following three steps: establishing an airborne electromechanical integrated management system architecture model; designing a state machine model of an electromechanical integrated management computer; and designing redundancy management logic based on a truth table.
Step 1, establishing an airborne electromechanical integrated management system architecture model
And according to the actual condition of the electromechanical system, using Chart of Stateflow to establish an architecture model for detecting and processing faults of the airborne electromechanical system. Each state represents an electromechanical integrated management computer, and the priority relationship of all the electromechanical integrated management computers is up, down, left and right.
Step 2, designing a state machine model of the electromechanical integrated management computer
And (3) designing a state machine model of the electromechanical comprehensive management computer on the basis of the step 1. Each state in the Stateflow represents one electromechanical integrated management computer, each electromechanical integrated management computer is composed of 5 sub-states, passive, standby, off and Isolated, and the 5 sub-states respectively represent different modes of the electromechanical integrated management computer.
Passive: the method comprises the steps that an initialization state of a periodic task is entered after an electromechanical comprehensive management computer is powered on;
active: indicating that the electromechanical integrated management computer is in an active state, namely that the IEMC is in master control;
the standby state indicates that the electromechanical comprehensive management computer is in a backup state and does not output instructions;
off, representing the fault state of the electromechanical integrated management computer, and entering a detection state once the electromechanical integrated management computer detects an instantaneous fault;
and e, the isolated state represents the isolated state, and according to the specific logic of the system, when the instantaneous fault reaches a certain threshold value, the isolated state is entered, and the system takes safety measures.
On the basis of step 2, firstly, establishing a migration relationship of a child state in each parent state, including from an initial state to a Passive state, from the Passive state to an Active or Standby state, and from the Standby state to the Active state. Off state to Isolated state. The condition for the Passive/Standby state to the Active state of the IEMSC is that the IEMSC is currently in the Passive state. The condition for the Passive/Active/Standby state to the Off state of the IEMSC is go Off (i.e., the system detects a failure). The condition of the Off state to the Isolated state of the IEMSC is [ failures > = n ], i.e., the failures are accumulated up to n times. The Off-to-Off state condition of the IEMSC is go Off [ failures < n ], i.e. the IEMSC1 is still in the Off state when the number of consecutive failures is less than n.
And (3) adopting a truth table of Stateflow as input according to a monitoring result of the airborne electromechanical integrated management system to realize redundancy management logic of the airborne electromechanical management computer. The truth table includes a condition table and an action table. In the Condition table, each Condition in the Condition column is determined whether the monitoring signal is valid (T) or invalid (F) first. Each Decision column implies an AND operation of various conditions. The last decision in the table is called the default decision, which contains all other decisions except the previously listed decisions. The Action (Action) represents the result of the decision. The action table is a concrete action of the condition table, and the action needs to specifically represent the number of valid values of the monitoring signal. As shown in tables 1 and 2.
TABLE 1 Fault processing Condition Table for airborne electromechanical comprehensive management System
| Description of the preferred embodiment | Conditions of | D1 (decision 1) | D2 | D3 | …… | DM (default decision) | |
| 1 | Validity[1] | T | T | F | …… | - | |
| 2 | Validity[2] | F | T | F | …… | - | |
| 3 | Validity[3] | F | T | F | …… | - | |
| …… | …… | …… | …… | …… | …… | …… | …… |
| N | Validity[N] | …… | - | ||||
| Movement of | 1 | 2 | 3 | …… | X |
TABLE 2 airborne electromechanical integrated management system action table
| Description of the invention | Movement of | |
| 1 | num=1 | |
| 2 | ||
| …… | …… | …… |
| X | num=x |
Drawings
FIG. 1 architecture model for on-board electromechanical system fault detection and handling
FIG. 2 is a computer state machine model for airborne electromechanical integrated management
Detailed Description
The landing gear retraction control system is taken as a case, an RIU (remote interface unit) receives an operation instruction (retraction/extension/emergency extension) of a pilot, the RIU controls valves of different types in a landing gear system, meanwhile, an IEMSC (integrated electromechanical management computer) with dual redundancy receives landing gear switching signals collected by the RIU, the IEMSC votes the switching signals with redundancy, monitors the effectiveness of the switching signals, sends a voting value and a monitoring result to the RIU and continuously controls a landing gear mechanical device. The present invention will be described in further detail with reference to the accompanying drawings and examples.
1. Establishing airborne electromechanical integrated management system architecture model
Because the electromechanical integrated management system in the case is dual-redundancy, an architecture model for detecting and processing faults of the airborne electromechanical system is established by using Chart of Stateflow, and the two states of the architecture model are IEMSC1 and IEMSC2. Each state represents an electromechanical integrated management computer, as shown in fig. 1, with IEMSC1 at the upper left of IEMSC2, i.e. with IEMSC1 as the master node and IEMSC2 as the slave node.
2. State machine model for designing electromechanical integrated management computer
And designing a state machine model of the electromechanical comprehensive management computer. Each state in the Stateflow represents one electromechanical integrated management computer, each electromechanical integrated management computer is composed of 5 sub-states, and the 5 sub-states represent different states of the electromechanical integrated management computer respectively.
3. Designing truth table based redundancy management logic
And establishing a migration relationship of the child states in each parent state IEMSC, wherein the migration relationship comprises a state from an initial state to a Passive state, a Passive state to an Active state or a Standby state, and a Standby state to an Active state. Off state to Isolated state. The specific migration relationships are shown in table 1.
Table 3 details the migration relationships for the different states in this case. The condition for the Passive/Standby state to Active state of IEMSC1 is that IEMSC2 is currently in the Passive state. The condition of the Passive/Active/Standby state to the Off state of IEMSC1 is go Off (i.e. the system detects a failure). The condition of the Off state to the Isolated state of the IEMSC1 is [ fail > =3], that is, the failure is accumulated up to 3 times. The Off-to-Off state condition of the IEMSC1 is go Off <3, i.e. the IEMSC1 is still in the Off state when the number of consecutive failures is less than 3.
And (3) realizing redundancy management logic of the airborne electromechanical management computer by adopting a truth table of Stateflow and inputting dual-redundancy RIU. The truth table includes a condition table and an action table. In the condition table 4, a Front lifting Door drop-in-place end switch 1 (Front _ Door _ delay _ State 1) and a Front lifting Door drop-in-place end switch 2 (Front _ Door _ delay _ State 2) are used as inputs. Action 1 is triggered when Front _ Door _ delay _ State1 is true and Front _ Door _ delay _ State2 is true. Action 2 is triggered when Front _ Door _ delay _ State1 is false and Front _ Door _ delay _ State2 is true. Action 3 is triggered when Front _ Door _ delay _ State1 is true and Front _ Door _ delay _ State2 is false. Action 4 is triggered when Front _ Door _ delay _ State1 is false and Front _ Door _ delay _ State2 is false. In the action table of table 5, action 1 is the default action and is null. Action 2 represents that the onboard electromechanical integrated management computer 1 has an instantaneous fault, send (go _ off, iemsc. Iemscc 1); action 3 represents that the onboard electromechanical integrated management computer 2 has an instantaneous fault, send (go _ off, iemsc. Iemscc 2); action 4 indicates that instantaneous fault occurs in both the onboard electromechanical integrated management computers 1 and 2, send (go _ off, iemsc. Iemscc 1), send (go _ off, iemsc. Iemscc 2).
TABLE 3 electromechanical integrated management computer state relationship
| Initial state | Passive | Active | Standby | Off | Isolated | |
| Initial state | \ | Automatic | \ | \ | go_off[!in(off)] | \ |
| Passive | \ | \ | !IEMSC2_act() | IEMSC2_act() | go_off[!in(off)] | 、 |
| Active | \ | \ | \ | IEMSC2_act() | go_off[!in(off)] | \ |
| Standby | \ | \ | !IEMSC2_act() | \ | go_off[!in(off)] | \ |
| Off | [validity1] | \ | \ | \ | go_off[fails<3] | [fails>=3] |
| Isolated | \ | \ | \ | \ | \ | \ |
Surface 4 undercarriage retraction-oriented airborne electromechanical integrated management system fault handling condition table
| Description of the invention | Conditions of | D1 | D2 | D3 | D4 | |
| 1 | Forward-lift cabin door put-down in-place terminal switch 1 | Front_Door_Deploy_State1 | T | F | T | F |
| F | Forward-lift cabin door put-down in-place terminal switch 2 | Front_Door_Deploy_State2 | T | T | F | F |
| Movement of | 1 | 2 | 3 | 4 |
Surface 5 undercarriage-oriented airborne electromechanical integrated management system fault handling action table
Claims (2)
1. A redundancy management method of an airborne electromechanical integrated management system based on Stateflow is characterized by comprising the following steps: the method comprises the following three steps: establishing an airborne electromechanical integrated management system architecture model; designing a state machine model of an electromechanical integrated management computer; designing redundancy management logic based on a truth table; the method comprises the following specific steps:
step 1: establishing airborne electromechanical integrated management system architecture model
According to the actual situation of the electromechanical system, using Chart of Stateflow to establish a system structure model for detecting and processing faults of the airborne electromechanical integrated management system; each state represents an electromechanical integrated management computer, and the priority relations of all the electromechanical integrated management computers are up, down, left and right;
and 2, step: state machine model for designing electromechanical integrated management computer
Designing a state machine model of the electromechanical integrated management computer on the basis of the step 1; each state in the Stateflow represents an electromechanical integrated management computer, each electromechanical integrated management computer is composed of 5 sub-states, and the 5 sub-states respectively represent different modes of the electromechanical integrated management computer;
the Passive: the method comprises the steps that an initialization state of a periodic task is entered after an electromechanical comprehensive management computer is powered on;
the Active: indicating that the electromechanical integrated management computer is in an active state, namely that the IEMC is in master control;
the Standby represents that the electromechanical comprehensive management computer is in a backup state and does not output instructions;
the Off represents the fault state of the electromechanical integrated management computer, and the electromechanical integrated management computer enters a detection state once detecting an instantaneous fault;
the Isolated state represents an isolation state, and according to the specific logic of the system, when the instantaneous fault reaches a certain threshold value, the system enters the isolation state and takes safety measures;
and step 3: designing truth table based redundancy management logic
On the basis of the step 2, firstly establishing a migration relationship of a child state in each parent state, wherein the migration relationship comprises a state from an initial state to a Passive state, a state from the Passive state to an Active state or a state from the Standby state to the Active state, and a state from the Standby state to the Active state; off state to Isolated state; the condition from the Passive/Standby state to the Active state of the IEMSC is that the IEMSC is currently in the Passive state; the condition from Passive/Active/Standby state to Off state of the IEMSC is go Off, i.e. the system detects a failure; the condition from the Off state to the Isolated state of the IEMSC is [ fail > = n ], i.e. the fault accumulation reaches n times; the Off-to-Off state condition of the IEMSC is go Off [ failures < n ], i.e. when the number of consecutive failures is less than n, the IEMSC1 is still in the Off state;
and (3) adopting a truth table of Stateflow as input according to a monitoring result of the airborne electromechanical integrated management system to realize redundancy management logic of the airborne electromechanical management computer.
2. The Stateflow-based airborne electromechanical integrated management system redundancy management method according to claim 1, characterized in that: the truth table comprises a condition table and an action table; in the Condition table, each Condition in the Condition column is to determine whether the monitoring signal is valid (T) or invalid (F) first; each Decision column implies an AND operation of various conditions; the last decision in the table, called the default decision, contains all other decisions except the previously listed decision; the Action (Action) represents the result of the decision; the action table is a concrete action of the condition table, and the action needs to specifically represent the number of valid values of the monitoring signal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710728850.7A CN109426675B (en) | 2017-08-23 | 2017-08-23 | Stateflow-based redundancy management method for airborne electromechanical integrated management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710728850.7A CN109426675B (en) | 2017-08-23 | 2017-08-23 | Stateflow-based redundancy management method for airborne electromechanical integrated management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109426675A CN109426675A (en) | 2019-03-05 |
| CN109426675B true CN109426675B (en) | 2023-01-13 |
Family
ID=65498530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710728850.7A Active CN109426675B (en) | 2017-08-23 | 2017-08-23 | Stateflow-based redundancy management method for airborne electromechanical integrated management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109426675B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110866335A (en) * | 2019-11-05 | 2020-03-06 | 中国航空工业集团公司沈阳飞机设计研究所 | AnyLogic-based comprehensive guarantee simulation method and equipment |
| CN112073278A (en) * | 2020-08-25 | 2020-12-11 | 中国航空工业集团公司沈阳飞机设计研究所 | Airborne electromechanical integrated management system |
| CN112685888B (en) * | 2020-12-25 | 2024-04-09 | 中国航空工业集团公司沈阳飞机设计研究所 | Three-redundancy fly-pipe system and information stream processing method thereof |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482753A (en) * | 2009-02-11 | 2009-07-15 | 北京华力创通科技股份有限公司 | Real-time simulation apparatus and system of redundancy flight control computer |
| CN102270253A (en) * | 2011-06-15 | 2011-12-07 | 北京航空航天大学 | Built-in test modeling simulation method based on state diagram |
| CN102508437A (en) * | 2011-09-14 | 2012-06-20 | 中国航空工业集团公司西安飞机设计研究所 | Multifunctional electromechanical system simulation method for simulation of airplane power supply control management system |
| CN103955556A (en) * | 2014-03-27 | 2014-07-30 | 北京交通大学 | Fault logical modeling method for high speed railway train operation control vehicle-mounted system |
| CN104573182A (en) * | 2014-12-09 | 2015-04-29 | 南京航空航天大学 | Designing method for multimode control system of aircraft |
| CN104573193A (en) * | 2014-12-18 | 2015-04-29 | 北京控制工程研究所 | Rapid designing method for GNC (Guidance, Navigation and Control) system of spacecraft |
| CN105550053A (en) * | 2015-12-09 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Redundancy management method for improving availability of monitoring pair based fault tolerant system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8406945B2 (en) * | 2007-10-26 | 2013-03-26 | GM Global Technology Operations LLC | Method and apparatus to control logic valves for hydraulic flow control in an electro-mechanical transmission |
-
2017
- 2017-08-23 CN CN201710728850.7A patent/CN109426675B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482753A (en) * | 2009-02-11 | 2009-07-15 | 北京华力创通科技股份有限公司 | Real-time simulation apparatus and system of redundancy flight control computer |
| CN102270253A (en) * | 2011-06-15 | 2011-12-07 | 北京航空航天大学 | Built-in test modeling simulation method based on state diagram |
| CN102508437A (en) * | 2011-09-14 | 2012-06-20 | 中国航空工业集团公司西安飞机设计研究所 | Multifunctional electromechanical system simulation method for simulation of airplane power supply control management system |
| CN103955556A (en) * | 2014-03-27 | 2014-07-30 | 北京交通大学 | Fault logical modeling method for high speed railway train operation control vehicle-mounted system |
| CN104573182A (en) * | 2014-12-09 | 2015-04-29 | 南京航空航天大学 | Designing method for multimode control system of aircraft |
| CN104573193A (en) * | 2014-12-18 | 2015-04-29 | 北京控制工程研究所 | Rapid designing method for GNC (Guidance, Navigation and Control) system of spacecraft |
| CN105550053A (en) * | 2015-12-09 | 2016-05-04 | 中国航空工业集团公司西安航空计算技术研究所 | Redundancy management method for improving availability of monitoring pair based fault tolerant system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109426675A (en) | 2019-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109426675B (en) | Stateflow-based redundancy management method for airborne electromechanical integrated management system | |
| CN105550053A (en) | Redundancy management method for improving availability of monitoring pair based fault tolerant system | |
| EP2876519B1 (en) | Safety analysis of a complex system using component-oriented fault trees | |
| CN103473156B (en) | Hot backup fault-tolerance method based on real-time operating systems and used for three satellite borne computers | |
| JP2019031272A (en) | Fault coverage for multiple failures in redundant systems | |
| CN102736630A (en) | Triplex redundancy-based realization method for fly-by-light fight control system | |
| CN104217048A (en) | Method for managing complex spacecraft three-dimensional model | |
| CN103970024A (en) | Real-time simulation system of large aircraft hydraulic system | |
| CN103640692A (en) | Handle-based autonomous control method of training plane undercarriage system | |
| CN111124927B (en) | Testing method for multi-partition airborne software | |
| Yang et al. | Aviation PHM system research framework based on PHM big data center | |
| Jiang et al. | MBSE-based functional hazard assessment of civil aircraft braking system | |
| CN112073278A (en) | Airborne electromechanical integrated management system | |
| CN107590339B (en) | Comprehensive modular avionics system performance degradation modeling and simulation method | |
| CN103926885B (en) | Centralised arrangement, method, computer-readable medium and aircraft | |
| Sghairi et al. | Distributed and reconfigurable architecture for flight control system | |
| Deng et al. | The study of aircraft fault diagnosis method based on the integration of case and rule reasoning | |
| RU133508U1 (en) | MAIN AIRCRAFT WITH THE CONTROL SYSTEM OF THE GENERAL AIRCRAFT EQUIPMENT AND AIRCRAFT SYSTEMS | |
| Xi et al. | Design consideration of civil aircraft IMA system state management function | |
| CN109583036B (en) | Distribution method for fault detection rate of integrated fault | |
| CN108459582B (en) | IMA system-oriented comprehensive health assessment method | |
| Guo et al. | An Architecture Modeling and Simulation Methods of Integrated Electromechanical Management System | |
| Jiao et al. | Fault Propagation of Aircraft Avionics System Based on SDG | |
| Cheng et al. | Research on Safety Assessment Method on Integrated Modular Avionics Based on Cascading Effect Analysis | |
| Rong et al. | Model Based Interaction Hazards Analysis of Integrated Modular Avionics System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |