Aircraft Operational Reliability -...

Aircraft Operational Reliability - A Model-based Approach

Formal Methods Forum, January 26, 2016

Kossi Tiassou, Mohamed Kaâniche, Karama Kanoun, Chris Papadopoulos, Christel Seguin

Project: @Most

2

Context

Context & Objectives

☞  Growing interest in air transportation

☞  Competitiveness

Contribution: Reinforce the role of dependability assessment in aircraft operation

☞  Enhance service delivery and minimize operation and maintenance costs

Passenger

Freight

Aircraft Dependability Modeling & Assessment

Safety and availability oriented models

Common practice: during system design and development

3

Support for System architecture definition Long-term objectives

⇒


Future: usable during system operation - in addition -

Models for assessment in operation

Adjust aircraft operationaccording to the current operational conditions and changes

⇒

Short-term objectives

☞  Whenever necessary

4

☞  To avoid as much as possible disruptions/interruptions Delay, Cancellation, In-flight turn back, Diversion

→ Continue → Plan maintenance → Mission interruption

Mission planning

Mission start

Unforeseen event: -  Failure - Mission re-definition

Mission end

Assessment to support mission

definition Re-assessment →

Objectives: Dependability Assessment in Operation


⇒  Evaluate the probability to operate without operational disruption/interruption until a given time or location

5

Means

☞  Develop a model-based dependability assessment framework usable in operation

☞  Forecast operational reliability with regard to disruptions caused by failures and maintenance issues


Operational Dependability Measures

•  System Reliability, SR(t): Probability to meet minimum requirements related to the system, during flight duration

•  Mission Reliability, MR(t): Probability to achieve a specific mission without interruption

6 Context & Objectives

M1

In Operation

M2

Event / Change

Operators and Maintainers

M Model

Content definition

Model calibration & analysis

Dependability Modeling

Dependability analysis specialist

Measure

Model content

definition M0

During the design phase

Modeling Specialist and System Builders

7

To Achieve the Objectives

☞  Identification of relevant information for the model construction

☞  Modeling basis that facilitates:

•  Model construction

•  Model update in operation

☞  Validation on case studies


�  Relevant Information Identification

�  Modeling Approach: Meta Model and Stochastic Model

�  Stochastic Modeling in the Context of @Most

�  Case Study •  Stochastic Model •  Results

Outline

8

9

Flight achievement

Flight phase

Ground phase

Mission & Mission Dispatch

☞  Mission Dispatch Decision

1 Relevant Information Identification

Mission = sequence of flights

Dispatch ? Dispatch ? .....

Next Flight Dispatch Decision

1 Relevant Information Identification 10

Go

Failure

All Ok

Goif

NoGo

Dispatch status

Goif-o Operational Limitation

Goif-m Maintenance Procedures

Corrective Actions

Delay or Cancellation

Acceptable? Feasible?

Relevant Information - 1


Go

Failure

All Ok

Goif

NoGo

Dispatch status

Goif-o Operational Limitation

Goif-m Maintenance Procedures

Corrective Actions

Delay or Cancellation

Acceptable? Feasible?

System component state

Requirements

Maintenance

12

Ground Flight 1 Ground Flight 2 Ground … Flight n Mission Profile

Requirements Min_Sys_R M_Prof_ R Maintenance


Subsystem Subsystem Subsystem

Aircraft systems System Behavior

Component failure modes, rates etc

Mission dependent Information

Core Information

MR

SR

Relevant Information - 2





Outline

13

14

Changes and modeling constraints

☞  Changes to be Taken into Account •  Changes in the states of the system components

§  Failure, Maintenance activities

•  Failure distributions of the components

•  Mission profile

2 Modeling Approach: Meta Model and Stochastic Model

☞  Modeling constraints •  Model construction during the design and development phase

•  Model update in operation by non-modeling specialist

Diagnosis & Prognosis

Mission profile & maintenance data

Implementation

Operational dependability model

Model update interface

Stochastic Model Petri Net, AltaRica, SAN

no$fica$on

Configura$ondata

Processing Module

Model Processing

Assessmentmanager

15

SR(t) MR(t)


Model Construction and Update Process

16

Up-to-date Model

Stochastic Model

Petri Net, AltaRica, SAN

Model Tuning

up-to-date data


Meta-model

Modeling Aircraft specific

Information

17

Meta-model

A320Stochastic

ModelSPN

A340Stochastic

ModelAltaRica

A380Stochastic

ModelSAN

Benefits of the Meta-model

☞  Abstracts and structures model content

☞  Aircraft families

Model generation


Example of Meta-model: System Components


19

From Meta-model to Stochastic Model

☞  Dynamic models – state-based models Petri Net

C_failure


C_state

Exponential λ=v





¥  Conclusion and Perspectives

Outline

20

21

nodeComponentflowstateOk:bool:out;power:bool:in;statestatus:{ok,failed};eventfailure,initstatus:=ok;transstatus=okandpower|-failure

->status:=failed;assertstateOk=(status=ok);externlaw<eventfailure>=

exponen$al(2.0E-4);edon

AltaRica model

λ=2.10-4

stateOk=Status

status=failed

Status=ok and power

failure

C.StateOK

Basic Component

C.power

stateOk

status failureIGFailureAssert_updateIG_assert

SAN model

Predicate: (status->Mark() =1) && power->Mark()

Function: status ->Mark() =0;

Predicate: (stateOk->Mark()) != (status->Mark()=1) Function: stateOk->Mark() = (status->Mark()=1);

powerExponential: λ=2.10-4

AltaRica and SAN

3 Stochastic Modeling in the Context of @Most

S1

P1

P2

P3

BCM

BPS_B BPS_Y

ServoCtrl_G

ServoCtrl_B ServoCtrl_Y Su

rface

SL

PL1

PL2

PL3

BCL

Control Lines

Initially: PL1, PL2, PL3 activated

After failures of P1, P2 and P3: activation of S1

After failures of P1, P2, P3 and S1: activation of BCM, BPS_B, BPS_Y

22

Min_Sys_R = (PL2 =ok ∧ BCL =ok ∧ (PL1 =ok ∨ (PL3 =ok ∧ SL =ok)) ∧ (PL3 =ok ∨ (PL1 =ok ∧ SL =ok)) ∧ (SL =ok ∨ (PL1 =ok ∧ PL3 =ok))

4 Case Study

Case Study: The Rudder Control Subsystem

23

PC BC SC

Core Model

Mission Dependent Model

4 Case Study

Global Model Structure

Interface: Requirements expression

Min_Sys_R = (PL2 =ok ∧ BCL =ok ∧ (PL1 =ok ∨ (PL3 =ok ∧ SL =ok)) ∧ (PL3 =ok ∨ (PL1 =ok ∧ SL =ok)) ∧ (SL =ok ∨ (PL1 =ok ∧ PL3 =ok))

4 Case Study 24

Taxing_to_Takeoff To_air In_Flight Flying Landing

To_groundDiversionCondition

DiversionDiverted

AbortCondition

AbortBack To Ramp

CP_FlightDeparture

Flight Phases

LandedEstimated_duration Ground

preparationDelay or cancellation

Pending Departure

Max_tolerated_time

Dispatchability Scheduled_maintenance

ProfNext flight

Next_flight preparation

Allow

Unscheduled_maintenance

No_Dispatch

Require_maintenance

Dispatch condition

Ready

Ground Period

SM_Time

CP_MsetM

MProg

inhibitM

MPR

Min_Sys_R

4 Case Study 25

The Core Model

Min_Sys_R FulfilledNot_Fulfilled

IGFul

IGN

PC SC BC

PL3PL1 PL2 SL BCL

CP

InternalInterface

P1_failureIGPxF

P1

P1_maintenance IGMPxCP

SCG_failureIGSCGFServoCtrl_GSCG_maintenance IGMP1IGPL1PL1

Elec

HydsetPL1

Control line PL1 sub-model

26

☞  Parameter setting of model in operation

☞  All system components considered initially operational

☞  Exponential distribution for the failure events

•  Failure rates between 10-6/FH and 10-4/FH

☞  Deterministic durations for flight phases and ground activities

4

Assessment

Case Study

27

☞  Initial assessment & re-assessment after major changes •  Failure - Maintenance •  Distribution change •  Mission profile changes

→ Continue → Plan maintenance → Mission adjustment

Mission preparation Mission start Changes Mission end

Initial assessment

Model update &

re-assessment →

4 Case Study

Re-assessment During Missions

MR(t) evaluated before the start of the mission Mission: 7 days, 4 flights/day, 3 hours each

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1 0

1 2 3 5 4 6 7 day

284 Case Study

Initial Assessment

Minimum Mission Reliability Requirement MMRR

294 Case Study

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1

1 2 3 5 4 6 7 day

Failure of P1 after 4 days

MMRR

0

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1 0

1 2 3 5 4 6 7 0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1 0

1 2 3 5 4 6 7

1

304 Case Study


day

MMRR

Re-assessment

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1 0

1 2 3 5 4 6 7 0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1 0

1 2 3 5 4 6 7

2

314 Case Study


day

MMRR

Re-assessment

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1

1 2 3 5 4 6 7

0

3

324 Case Study

Maintenance Planning

Failure in day 2, repair end of day 3

MMRR

day

Re-assessment

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1

1 2 3 5 4 6 7

0

4

334 Case Study


MMRR


day

0,96

0,965

0,97

0,975

0,98

0,985

0,99

0,995

1

1 2 3 5 4 6 7

5

344 Case Study


MMRR

day


0

☞ Aircraft Operational dependability modeling for an assessment while in service: • Feasible • Relevant

☞ Modeling approach coherent with Airbus processes

☞ Probabilistic dispatch decision integrating multiple flights

☞ Optimization of maintenance cost

35

Conclusion

Aircraft Operational Reliability -...

Documents

Transcript of Aircraft Operational Reliability -...