TY - GEN
T1 - Runtime Monitoring of Flight Control with Incremental Nonlinear Dynamic Inversion
AU - Hofsäß, Hannes
AU - Holzapfel, Florian
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Runtime monitoring of flight control is an alternate approach for safety assurance, if the absence of design errors in the software of a nominal control law is not fully assured during design. A backup controller is engaged by the system after a failure of the nominal controller has been detected. Due to a lack of experience with novel aircraft configurations, the backup controller may be engaged due to unforeseen disturbances or system failures. As the backup controller provides only degraded flight control, its engagement then imposes an additional risk. In this paper, a novel concept for monitoring of a nominal controller's outputs is proposed. It allows the nominal controller to retain actuator control authority if the aircraft leaves the safety envelope of the backup controller due to exogenous disturbances. The design bases on barrier function theory, while model dependency is reduced through an incremental formulation of the correlation between the envelope's boundary and the control limits. Validation is provided by analysis of missed detections and false alarms in a simulative use case.
AB - Runtime monitoring of flight control is an alternate approach for safety assurance, if the absence of design errors in the software of a nominal control law is not fully assured during design. A backup controller is engaged by the system after a failure of the nominal controller has been detected. Due to a lack of experience with novel aircraft configurations, the backup controller may be engaged due to unforeseen disturbances or system failures. As the backup controller provides only degraded flight control, its engagement then imposes an additional risk. In this paper, a novel concept for monitoring of a nominal controller's outputs is proposed. It allows the nominal controller to retain actuator control authority if the aircraft leaves the safety envelope of the backup controller due to exogenous disturbances. The design bases on barrier function theory, while model dependency is reduced through an incremental formulation of the correlation between the envelope's boundary and the control limits. Validation is provided by analysis of missed detections and false alarms in a simulative use case.
UR - http://www.scopus.com/inward/record.url?scp=85211193409&partnerID=8YFLogxK
U2 - 10.1109/DASC62030.2024.10748693
DO - 10.1109/DASC62030.2024.10748693
M3 - Conference contribution
AN - SCOPUS:85211193409
T3 - AIAA/IEEE Digital Avionics Systems Conference - Proceedings
BT - DASC 2024 - Digital Avionics Systems Conference, Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 43rd AIAA DATC/IEEE Digital Avionics Systems Conference, DASC 2024
Y2 - 29 September 2024 through 3 October 2024
ER -