Why Do Airplanes Crash? An Open Source Air Data Inertial Reference Unit Investigation *** 2012 PSU/Galois Capstone Project Chris Andrews, Trang Nguyen,

Slides:



Advertisements
Similar presentations
Flexible Airborne Architecture
Advertisements

Categories of I/O Devices
Chapter 8 Fault Tolerance
Real-time Systems Lab, Computer Science and Engineering, ASU Please Standby Galileo Tech Talk at ASU Will Begin Shortly.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
Chapter 2Test Specification Process. n Device Specification Sheet – Purpose n Design Specification – Determine functionality of design n Test List Generation.
Distributed and Reconfigurable Architecture for Flight Control System EEL Embedded Systems Dept. of Electrical and Computer Engineering University.
Why Do Airplanes Crash? An Open Source Air Data Inertial Reference Unit Investigation *** 2012 PSU/Galois Capstone Project Chris Andrews, Trang Nguyen,
Autonomous Helicopter: James Lyden Harris Okazaki EE 496 A project to create a system that would allow a remote- controlled helicopter to fly without user.
Intraship Integration Control Instructor: TV Prabakar.
Initial Position Orientation Tracking System (IPOTS) Group Members: Keiichi McGuireHenry Pham Marc TakamoriScott Spiro.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Electrical and Computer Systems Engineering Postgraduate Student Research Forum 2001 Design and Development of a Distributed Avionics System for use in.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Design of SCS Architecture, Control and Fault Handling.
Airbus flight control system  The organisation of the Airbus A330/340 flight control system 1Airbus FCS Overview.
Airbus flight control system
CS-334: Computer Architecture
Why Do Airplanes Crash? An Open Source Air Data Inertial Reference Unit Investigation *** 2012 PSU/Galois Capstone Project Chris Andrews, Trang Nguyen,
Patrick Lazar, Tausif Shaikh, Johanna Thomas, Kaleel Mahmood
Sub- Nyquist Sampling System Hardware Implementation System Architecture Group – Shai & Yaron Data Transfer, System Integration and Debug Environment Part.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
1 Fault Tolerance in the Nonstop Cyclone System By Scott Chan Robert Jardine Presented by Phuc Nguyen.
Fault Tolerance via the State Machine Replication Approach Favian Contreras.
1 INS Data Collection System For the Quarterly Review of the NASA/FAA Joint University Program for Air Transportation Research Wednesday October 10 th,
1 CS 501 Spring 2003 CS 501: Software Engineering Lecture 16 System Architecture and Design II.
CHAPTER 3 TOP LEVEL VIEW OF COMPUTER FUNCTION AND INTERCONNECTION
Sérgio Ronaldo Barros dos Santos (ITA-Brazil)
Computer Engineering Group Brandenburg University of Technology at Cottbus 1 Ressource Reduced Triple Modular Redundancy for Built-In Self-Repair in VLIW-Processors.
Autonomous Helicopter James LydenEE 496Harris Okazaki.
Jon Perez, Mikel Azkarate-askasua, Antonio Perez
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Page 1 Analysis of Asynchronous Systems Steven P. Miller Michael W. Whalen {spmiller, Advanced Computing Systems Rockwell.
EEE440 Computer Architecture
Digital Pong Maisee BrownChris AndrewsHoang NguyenOmar Alattar.
Experimental Evaluation of System-Level Supervisory Approach for SEFIs Mitigation Mrs. Shazia Maqbool and Dr. Craig I Underwood Maqbool 1 MAPLD 2005/P181.
Car-to-Car Communication for Accident Avoidance
November 15 Timing is Everything A software approach for a generalized profilometer Dr. John B. Ferris Stephen Chappell Cameron Rainey.
College of Engineering Anchor Nodes Placement for Effective Passive Localization Karthikeyan Pasupathy Major Advisor: Dr. Robert Akl Department of Computer.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
Microprocessor based Design for Biomedical Applications MBE 3 – MDBA XI : Project Outlooks.
Time This powerpoint presentation has been adapted from: 1) sApr20.ppt.
Incoming Power Grid Monitor TEAM #3: JAMES MCCORMICK, ZHIHOUG QIAN, JACOB JEBB, VICTOR EZENWOKO, ALEX LANGE FACILITATOR: DR. ASLAM SPONSOR: GREAT LAKES.
Langley Research Center Why is SPIDER Design Assurance based on Formal Methods? Paul S. Miner NASA Langley Internal Formal Methods.
Advantages of Time-Triggered Ethernet
Daredevil Robot Direction Module (DRDM) Senior Design II Midterm Presentation.
Chapter 11 Fault Tolerance. Topics Introduction Process Resilience Reliable Group Communication Recovery.
Why Do Airplanes Crash? Investigating Air Data Inertial Reference Units Department of Electrical and Computer Engineering INTRODUCTION Modern aircraft.
"... To design the control system that effectively matches the plant requires an understanding of the plant rivaling that of the plant's designers, operators,
Technion – Israel Institute of Technology Department of Electrical Engineering High Speed Digital Systems Lab Part A Presentation System Design Performed.
Middleware for Fault Tolerant Applications Lihua Xu and Sheng Liu Jun, 05, 2003.
Introduction to Fault Tolerance By Sahithi Podila.
A Survey of Fault Tolerance in Distributed Systems By Szeying Tan Fall 2002 CS 633.
Fault Tolerance
Chapter 3 System Buses.  Hardwired systems are inflexible  General purpose hardware can do different tasks, given correct control signals  Instead.
ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.
Fail-Stop Processors UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau One paper: Byzantine.
Chapter 8 Fault Tolerance. Outline Introductions –Concepts –Failure models –Redundancy Process resilience –Groups and failure masking –Distributed agreement.
Quadroter Control System
Directional Driver Hazard Advisory System
Fault Tolerance In Operating System
Fault Tolerance Distributed Web-based Systems
Introduction to Fault Tolerance
CS 501: Software Engineering Fall 1999
Mark McKelvin EE249 Embedded System Design December 03, 2002
Chapter 13: I/O Systems.
Fault Tolerance Techniques of The Boeing 777
Presentation transcript:

Why Do Airplanes Crash? An Open Source Air Data Inertial Reference Unit Investigation *** 2012 PSU/Galois Capstone Project Chris Andrews, Trang Nguyen, Mark Craig, Kayla Seliner

Presentation Outline Air Data Inertial Reference Unit Our Project: building an open source ADIRU. Overview: what is an ADIRU?. Motivation: why are they important?. Fault Tolerance: types of faults. Approach: voting methods. Design: hardware and software architecture. Results. Demonstration Conclusion. 2

The ADIRU is a fault tolerant system that collects and processes sensor values. Accelerometers Gyroscopes Altimeters Airspeed Functions as the sole source of sensor data aboard the aircraft. Autopilot and unstable flight regimes depend upon valid and uninterrupted sensor data for safe flight. Air Data Inertial Reference Units (ADIRU) 3

Benefits of ADIRU Systems Redundant sensors make the system less vulnerable to single sensor failure. Modular design. Fault containment. Deferred maintenance. Improved safety margins. 4

5 Northrup Grumman LTN-101 [1] GEC-Marconi FIN3060 [2] [1] "bug_cause_aussie_a330_plunge". theregister.co.uk 04 June [2] "Chapter 19 Inertial Reference System". oatmedia.com Web. 02 June

How ADIRU Systems Fail Failure of ADIRU may be intermittent and cause cockpit instrumentation to send contradictory warnings (stall and high speed). ADIRU is the root of all sensor data for flight avionics. Failure in the ADIRU can instantly propagate throughout flight control system. Failures of the ADIRU system effect both autopilot and manual flight modes. 6

Failures affecting sensors Mechanical Icing Blocked air tubes Electronic High Energy Particle Electro Magnetic Interference Software Bugs Human error Most system failures have multiple causes 7

Motivation ADIRU failures cause fatal air crashes. Closed source, proprietary system. 8 "Airbus A320 Experience." The Flying Engineer. Web. 03 June 2012.

ADIRU failures are a critical event with serious consequences if the aircraft is not in a visual flight mode. [1] "Final Moments of Flight 447". foxcrawl.com Web. 02 June

Air France Flight 447 On May 31st, 2009, Air France Flight 447 flying from Rio de Janeiro to Paris crashed into the Atlantic ocean killing all passengers. Airspeed sensors ice over, sending faulty airspeed data to ADIRU causing a stall. Pilots unable to recover from stall without verifiable airspeed. 10 "Final Moments of Flight 447". foxcrawl.com Web. 02 June

Qantas Flight 72 An Airbus A330 flying on October 7th, 2008 from Singapore to Perth suffered a malfunction in the ADIRU causing two rapid descents that threw passengers and crew about the cabin. 11 "Qantas Terror Blamed On Computer". stuff.co.nz 02 June

Types of Faults Fail Silent: system fails to send data. Persistent and Transient Faults: System sends arbitrary data. Noise. Symmetric : sender broadcasts same (bad) data to all recipients. 12 Fail SilentFail SymmetricFail Asymmetric

Project Requirements Must exhibit Byzantine fault tolerance. Must include ability to insert faults. Must be expandable. Must follow open source guidelines. Should include Gyroscope Accelerometer Altimeter GPS 13

14 Build a redundant network using Arduino development boards. Use I2C protocol.

Reasons For Choosing Arduino Open source hardware and software. Large community of developers. Libraries included. Lowest hardware entry cost. Quickest start time. 15

Arduino ArduIMU+V3 Atmega328 µP 3D Accelerometer 3D Gyroscope 3D Magnetometer GPS port 1.5” x 1.0” Large development community 16 "arduIMU+V3". diydrones.com 02 June 2012.

17 Bus Implementation There are many bus protocols to choose from including CANbus, SPI, and I2C. These requirements must be met Must implement multi-master. Must be expandable. Should be industry standard.

18 Libraries included within Arduino. No extra hardware required. Expandable. Supports multi-master.

ADIRU “Black Box” 19 I2C and Power Bus. Environmental Enclosure. Separate board for power supply. ArduIMU boards have same orientation.

Implementing Byzantine Fault Tolerance because it can tolerate special case of faults. Must satisfy two conditions Validity If sender is non-faulty, all recipients receive correct value. Agreement All recipients agree on final value. Must have 3N+1 modules to handle N faults. Our system has 4 modules. We can handle 1 Byzantine fault. 20

21

22

23

24

25

26

Sensor reads are interrupt driven. Must synchronize clocks for all modules to compare sensors at time T. 27

One module is dedicated to synchronizing the clocks of all other modules. Clock synchronization is within 8ms. Timing of clock synchronization cycles is set so that each device is synchronized to the master every few seconds. This helps to ensure a tight synchronization as well as lessen the interference of data processing. 28 [1] Zhao, Y., Wang, Y., Huang, J., & Shi, X. (2008). A Stable Clock Synchronization Based on Clock Drift Rate. IFIP Internation Conference on Network and Parallel Computing, (pp ). Beijing, China.

The output displays Original slave clock value Current master clock value Clock value offset New clock value The offset is “0” because a delay of “1” was calculated. 29

For simplicity all output is logged in onboard EEPROM on each individual module. Downside is separate application is required to extract data from EEPROM. 30

31 Demo!

Budget 32 Price to implement Byzantine fault-tolerance is under $500.

Further Work Integrate GPS, magnetometer, altimeter and other sensors into the system. Implement Kalman filters in the SW to smooth out sensor noise. Gather real data with flight testing. Add fault tolerance to clock synchronization. Add external data logging. Signal processing of sensor data. External fault insertion. 33

Lessons Learned Interrupt routines on microcontrollers. Debugging methods. Code development: algorithm>python>C. How to organize a large project involving hardware and software. Documentation and project organization. 34

Acknowledgements *** We would like to thank our sponsors: Dr. Lee Pike and Galois Inc. We also acknowledge the help of our advisor: Dr. Christof Teuscher Portland State University 35

Conclusion Our system exhibits Byzantine fault tolerance. Models an open source ADIRU. System includes fault insertion. System is modular and expandable. Sensor data polled from accelerometers and gyroscopes. Wiki/Code Repo: 36

37

Triple Modular Redundant System Votes on outputs of three redundant sensors. System can tolerate single sensor fault. Relatively simple to implement and diagnose. Byzantine Fault Tolerant System At least 4 different voters each with a sensor. Tolerates fault in sensor or in voter. F faults require 3F+1 voters with sensors. Requires complex voting algorithm. Can survive class of faults not dealt with by TMR. 38

Triple Modular Redundant and Triple Modular Redundant Byzantine Networks. 39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.