检测飞机电梯控制系统中的故障
此示例显示了如何设计故障检测,隔离和恢复(FDIR)的应用程序,以对由冗余执行器控制的一对飞机电梯进行应用。该模型使用与Aerospace Blabsset™示例的航空电子子系统相同的故障检测控制逻辑HL-20项目带有可选的Flightgear接口(Aerospace Blockset)。
电梯控制系统
一架典型的飞机有两个电梯,一个机身的每一侧都附着在水平尾巴上。为了提高飞机的安全性,电梯控制系统包含以下冗余部分:
Four independent hydraulic actuators (two actuators per elevator).
Three hydraulic circuits that drive the actuators. Each outer actuator has a dedicated hydraulic circuit. The inner actuators share a hydraulic circuit.
两个主要的飞行控制单元(PFCU)。
每个执行器的两个控制模块:全范围控制法和有限/减少范围控制定律。
If the aircraft is flying perfectly level, then the actuator position should maintain a constant value. The fault detection system registers a failure in an actuator if:
执行器的位置从该零点增加或减小10 cm。
执行器迅速改变位置(例如,如果位置在0.01秒内至少变化20 cm)。
故障检测系统还会在一个液压电路中注册故障,如果压力不超出边界或压力迅速变化。在此示例中,故障检测系统检查了:
液压电路的压力在500 kPa至2 MPa之间。
The pressure changes no more than 100 kPa in 0.01 seconds.
故障检测控制逻辑
StateFlow®图表模式逻辑定义了电梯控制系统的故障检测逻辑。该图包含系统中每个执行器的平行取代。每个执行器都可以以五种模式之一:被动的,,,,支持,,,,积极的,,,,离开, 和孤立。这些操作模式表示为平行状态的取代。
默认情况下,外部执行器开始积极的模式和内部执行器开始支持模式。If a failure is detected in the outer actuators or in the hydraulic circuits that are connected to them, the fault detection system responds by disabling the outer actuators and activating the inner actuators.
将故障注入故障检测系统
To experiment with the model, during simulation, you can introduce hydraulic circuit and actuator position failures into the fault detection system through the Failure Injection UI.
例如,要在液压电路1中注入故障,请选择H1复选框,然后单击更新。The UI runs this MATLAB® code to communicate with the 金宝appSimulink® model:
blockname = [mname'/signal调理'...'和故障/液压压力/测量',char(10),...'液压系统1',...'压力/液压/h1_fail'];val = get(handles.h1,'value');
if val set_param(blockname,'value','1');else set_param(blockname,'value','0');结尾
This code turns on a switch in the Signal conditioning subsystem that causes the fault detection system to register a fault in the hydraulic circuit.
The chart Mode Logic responds to failures in the hydraulic circuits and actuators by using truth table functions and event broadcasting. For example, if the fault detection system registers an isolated failure in Hydraulic Circuit 1, then:
真实表功能
L_switch广播活动go_offto the substateLO。取代
LO进入离开模式并发送活动eto the substate李。Because the substate
LO不再在积极的模式,李进入积极的模式。Because the substate
李is now in the active mode,RI进入积极的mode and sends a second eventeto the substatero。取代
ro进入支持模式。
故障检测系统注册液压电路1的故障后,关闭了左外执行器,将右外执行器放置在待机状态,并激活内部执行器。
Recover from Hydraulic Failures
The fault detection control logic enables the system to recover from a hydraulic circuit failure. For example, to bring the Hydraulic Circuit 1 back online, in the Failure Injection UI, clear theH1复选框,然后单击更新。在图表中,条件!u.low_press [0]成为真实的,所以取代LOtransitions from the离开到达支持模式。As a result, the left outer actuator can then be activated in the event that the fault detection system registers another failure later in the simulation.
失败后隔离执行器
当故障检测系统注册一个执行器中的故障时,该执行器将不再被激活。在图表模式逻辑中,执行器的故障由替代表示孤立。This substate has no outgoing transitions so once an actuator enters the孤立state, it remains in that state for the rest of the simulation.
参考
Pieter J. Mosterman and Jason Ghidella, "Model Reuse for the Training of Fault Scenarios in Aerospace," inAIAA®建模和仿真技术会议论文集, CD-ROM, paper 2004-4931, August 16 - 19, 2004, Rhode Island Convention Center, Providence, RI.
Jason R. Ghidella和Pieter J. Mosterman,“将基于模型的设计应用于故障检测,隔离和恢复系统”,军事嵌入式系统,夏季,2006年。
相关话题
