Aircraft Operational Reliability - A Model-based Approach Kossi - - PowerPoint PPT Presentation

Aircraft Operational Reliability - 
 A Model-based Approach 


Formal Methods Forum, January 26, 2016

Kossi Tiassou, 
 Mohamed Kaâniche, Karama Kanoun, Chris Papadopoulos, Christel Seguin

Project: @Most

2

Context

Context & Objectives

☞ Growing interest in air

transportation

☞ Competitiveness

Contribution: Reinforce the role of dependability assessment in aircraft operation

☞ Enhance service delivery

and minimize operation and maintenance costs

Passenger

Freight

Aircraft Dependability Modeling & Assessment

Safety and availability

• riented models

Common practice: during system design and development

3

Support for System architecture definition Long-term objectives

⇒

Context & Objectives

Future: usable during system operation - in addition -

Models for assessment in

• peration

Adjust aircraft operation according to the current

• perational conditions and

changes

⇒

Short-term objectives

☞ Whenever necessary

4

☞ To avoid as much as possible disruptions/interruptions

Delay, Cancellation, In-flight turn back, Diversion

→ Continue → Plan maintenance → Mission interruption Mission planning Mission start Unforeseen event:

• Failure
• Mission re-definition

Mission end Assessment to support mission definition Re-assessment →

Objectives: Dependability Assessment in Operation

Context & Objectives

⇒ Evaluate the probability to operate without operational disruption/ interruption until a given time or location

5

Means

☞ Develop a model-based dependability assessment framework

usable in operation

☞ Forecast operational reliability with regard to disruptions caused by

failures and maintenance issues

Context & Objectives

Operational Dependability Measures

• System Reliability, SR(t): Probability to meet minimum requirements

related to the system, during flight duration

• Mission Reliability, MR(t): Probability to achieve a specific mission

without interruption

6 Context & Objectives

M1 In Operation M2 Event / Change

Operators and Maintainers

M Model Content definition Model calibration & analysis

Dependability Modeling

Dependability analysis specialist

Measure Model content definition M0 During the design phase

Modeling Specialist and System Builders

7

To Achieve the Objectives

☞ Identification of relevant information for the model

construction

☞ Modeling basis that facilitates:

• Model construction
• Model update in operation

☞ Validation on case studies

Context & Objectives

Relevant Information Identification Modeling Approach: Meta Model and Stochastic Model Stochastic Modeling in the Context of @Most Case Study

• Stochastic Model
• Results

Outline

8

9

Flight achievement

Flight phase Ground phase

Mission & Mission Dispatch

☞ Mission Dispatch Decision

1 Relevant Information Identification

Mission = sequence of flights Dispatch ? Dispatch ? .....

Next Flight Dispatch Decision

1 Relevant Information Identification 10

Go

Failure All Ok

Goif NoGo

Dispatch status

Goif-o

Operational Limitation

Goif-m

Maintenance Procedures Corrective Actions Delay or Cancellation Acceptable? Feasible?

Relevant Information - 1

11 1 Relevant Information Identification

Go

Failure All Ok

Goif NoGo

Dispatch status

Goif-o

Operational Limitation

Goif-m

Maintenance Procedures Corrective Actions Delay or Cancellation Acceptable? Feasible?

System component state Requirements

Maintenance

12

Ground Flight 1 Ground Flight 2 Ground … Flight n Mission Profile Requirements Min_Sys_R M_Prof_ R Mainte nance

1 Relevant Information Identification

Subsystem Subsystem Subsystem Aircraft systems System Behavior

Component failure modes, rates etc

Mission dependent Information Core Information MR SR

Relevant Information - 2

Relevant Information Identification Modeling Approach: Meta Model and Stochastic Model Stochastic Modeling in the Context of @Most Case Study

• Stochastic Model
• Results

Outline

13

14

Changes and modeling constraints

☞ Changes to be Taken into Account

• Changes in the states of the system components

§ Failure, Maintenance activities

• Failure distributions of the components
• Mission profile

2 Modeling Approach: Meta Model and Stochastic Model

☞ Modeling constraints

• Model construction during the design and development phase
• Model update in operation by non-modeling specialist

Diagnosis & Prognosis Mission profile & maintenance data

Implementation

Operational dependability model

Model update interface

Stochastic Model

Petri Net, AltaRica, SAN

no$fica$on Configura$on data Processing Module Model Processing

Assessment manager

15

SR(t) MR(t)

2 Modeling Approach: Meta Model and Stochastic Model

Model Construction and Update Process

16

Up-to-date Model Stochastic Model

Petri Net, AltaRica, SAN

Model Tuning up-to-date data

2 Modeling Approach: Meta Model and Stochastic Model

Meta- model Modeling Aircraft specific Information

17

Meta- model

A320 Stochastic Model

SPN

A340 Stochastic Model

AltaRica

A380 Stochastic Model

SAN

Benefits of the Meta-model

☞ Abstracts and structures model content ☞ Aircraft families

Model generation

2 Modeling Approach: Meta Model and Stochastic Model

Example of Meta-model: System Components

18 2 Modeling Approach: Meta Model and Stochastic Model

19

From Meta-model to Stochastic Model

☞ Dynamic models – state-based models

Petri Net

C_failure 2 Modeling Approach: Meta Model and Stochastic Model C_state Exponential λ=v

Relevant Information Identification Modeling Approach: Meta Model and Stochastic Model Stochastic Modeling in the Context of @Most Case Study

• Stochastic Model
• Results

¥ Conclusion and Perspectives

Outline

20

21

node Component flow stateOk : bool : out ; power: bool : in; state status : {ok,failed} ; event failure, init status := ok ; trans status=ok and power |- failure

• > status:=failed;

assert stateOk=(status=ok); extern law <event failure> = exponen$al(2.0E-4); edon AltaRica model λ=2.10-4 stateOk=Status status=failed Status=ok and power failure C.StateOK Basic Component C.power stateOk status failure IGFailure Assert_ update IG_assert SAN model

Predicate: (status->Mark() =1) && power->Mark() Function: status ->Mark() =0; Predicate: (stateOk->Mark()) != (status->Mark()=1) Function: stateOk->Mark() = (status->Mark()=1);

power Exponential: λ=2.10-4

AltaRica and SAN

3 Stochastic Modeling in the Context of @Most

S1 P1 P2 P3 BCM BPS_B BPS_Y ServoCtrl_G ServoCtrl_B

ServoCtrl_Y

Surface SL PL1 PL2 PL3 BCL Control Lines

Initially: PL1, PL2, PL3 activated After failures of P1, P2 and P3: activation of S1 After failures of P1, P2, P3 and S1: activation of BCM, BPS_B, BPS_Y

22

Min_Sys_R = (PL2 =ok ∧ BCL =ok ∧ (PL1 =ok ∨ (PL3 =ok ∧ SL =ok)) ∧ (PL3 =ok ∨ (PL1 =ok ∧ SL =ok)) ∧ (SL =ok ∨ (PL1 =ok ∧ PL3 =ok))

4 Case Study

Case Study: The Rudder Control Subsystem

23

PC BC SC Core Model Mission Dependent Model

4 Case Study

Global Model Structure

Interface: Requirements expression

Min_Sys_R = (PL2 =ok ∧ BCL =ok ∧ (PL1 =ok ∨ (PL3 =ok ∧ SL =ok)) ∧ (PL3 =ok ∨ (PL1 =ok ∧ SL =ok)) ∧ (SL =ok ∨ (PL1 =ok ∧ PL3 =ok))

4 Case Study 24 Taxing_to_Takeoff To_air In_Flight Flying Landing To_ground DiversionCondition Diversion Diverted AbortCondition Abort Back To Ramp CP_Flight Departure Flight Phases Landed Estimated_duration Ground preparation Delay or cancellation Pending Departure Max_tolerated_time Dispatchability Scheduled_ maintenance Prof Next flight Next_flight preparation Allow Unscheduled_maintenance No_Dispatch Require_maintenance Dispatch condition Ready Ground Period SM_Time CP_M setM MProg inhibitM MPR Min_Sys_R

4 Case Study 25

The Core Model

Min_Sys_R Fulfilled Not_Fulfilled IGFul IGN PC SC BC PL3 PL1 PL2 SL BCL

CP

Internal Interface

P1_failure IGPxF P1 P1_maintenance IGMPx CP SCG_failure IGSCGF ServoCtrl_G SCG_maintenance IGMP1 IGPL1 PL1 Elec Hyd

setPL1

Control line PL1 sub-model

26

☞ Parameter setting of model in operation ☞ All system components considered initially operational ☞ Exponential distribution for the failure events

• Failure rates between 10-6/FH and 10-4/FH

☞ Deterministic durations for flight phases and ground

activities

4

Assessment

Case Study

27

☞ Initial assessment & re-assessment after major changes

• Failure - Maintenance
• Distribution change
• Mission profile changes

→ Continue → Plan maintenance → Mission adjustment Mission preparation Mission start Changes Mission end Initial assessment Model update & re-assessment → 4 Case Study

Re-assessment During Missions

MR(t) evaluated before the start of the mission Mission: 7 days, 4 flights/day, 3 hours each

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

day 28 4 Case Study

Initial Assessment

Minimum Mission Reliability Requirement

MMRR

29 4 Case Study

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

day

Failure of P1 after 4 days

MMRR

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7 0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

1 30 4 Case Study

Failure of P1 after 4 days

day

MMRR

Re-assessment

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7 0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

2 31 4 Case Study

Failure of P1 after 2 days

day

MMRR

Re-assessment

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

3 32 4 Case Study

Maintenance Planning

Failure in day 2, repair end of day 3

MMRR

day

Re-assessment

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

4 33 4 Case Study

Maintenance Planning

MMRR

Failure in day 2, repair end of day 4

day

0,96 0,965 0,97 0,975 0,98 0,985 0,99 0,995 1 1 2 3 5 4 6 7

5 34 4 Case Study

Maintenance Planning

MMRR

day

Failure in day 2, repair end of day 5

☞ Aircraft Operational dependability modeling for an

assessment while in service:

• Feasible
• Relevant

☞ Modeling approach coherent with Airbus processes ☞ Probabilistic dispatch decision integrating multiple

flights

☞ Optimization of maintenance cost

35

Conclusion