TY - JOUR
T1 - Validation of decision logic of an autoland system for a UAV using model-based safety-assessment techniques
AU - Kügler, Martin E.
AU - Rhein, Julian
AU - Holzapfel, Florian
N1 - Publisher Copyright:
© 2019, Deutsches Zentrum für Luft- und Raumfahrt e.V.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Software of automatic flight control systems requires thorough verification and validation. Traditionally, this is achieved with elaborate development processes following pertinent industry standards. To reduce the development effort, however, new methods have emerged: a model-based software development process is used at the Institute of Flight System Dynamics of the Technical University of Munich for the design of auto-flight systems with MATLAB/Simulink. Besides, the model-based safety assessment (MBSA) framework ExCuSe has been developed, which implements methods for fault modeling and automatic cut-set extraction using the Simulink Design Verifier. This paper proposes an application of MBSA techniques for the efficient requirements and design validation of decision logic in auto-flight-system software. With ExCuSe, software design models of an investigated decision logic are supplemented by models for off-nominal inputs (e.g., a sensor fault) and for the design requirements. With the analysis, either a formal proof is obtained that the investigated decision logic fulfills the requirements under any circumstances (guaranteed properties), or a counterexample illustrates a requirement violation. The functional principle and applicability of the method are demonstrated by the analysis of decision logic of the autoland system of the SAGITTA Demonstrator UAV. ExCuSe is used to prove that the logic guarantees a timely flare initiation so that a safe touchdown sink rate is achieved despite altitude-measurement inaccuracy and closed-loop flare dynamics uncertainty. As virtually all auto-flight systems feature decision logic, this initial demonstration of the technique opens up many opportunities for further applications in future work.
AB - Software of automatic flight control systems requires thorough verification and validation. Traditionally, this is achieved with elaborate development processes following pertinent industry standards. To reduce the development effort, however, new methods have emerged: a model-based software development process is used at the Institute of Flight System Dynamics of the Technical University of Munich for the design of auto-flight systems with MATLAB/Simulink. Besides, the model-based safety assessment (MBSA) framework ExCuSe has been developed, which implements methods for fault modeling and automatic cut-set extraction using the Simulink Design Verifier. This paper proposes an application of MBSA techniques for the efficient requirements and design validation of decision logic in auto-flight-system software. With ExCuSe, software design models of an investigated decision logic are supplemented by models for off-nominal inputs (e.g., a sensor fault) and for the design requirements. With the analysis, either a formal proof is obtained that the investigated decision logic fulfills the requirements under any circumstances (guaranteed properties), or a counterexample illustrates a requirement violation. The functional principle and applicability of the method are demonstrated by the analysis of decision logic of the autoland system of the SAGITTA Demonstrator UAV. ExCuSe is used to prove that the logic guarantees a timely flare initiation so that a safe touchdown sink rate is achieved despite altitude-measurement inaccuracy and closed-loop flare dynamics uncertainty. As virtually all auto-flight systems feature decision logic, this initial demonstration of the technique opens up many opportunities for further applications in future work.
KW - Automatic landing
KW - Flight control
KW - Model checking
KW - Model-based safety assessment
KW - Software validation
KW - Unmanned aerial vehicle
UR - http://www.scopus.com/inward/record.url?scp=85068159757&partnerID=8YFLogxK
U2 - 10.1007/s13272-019-00401-5
DO - 10.1007/s13272-019-00401-5
M3 - Article
AN - SCOPUS:85068159757
SN - 1869-5582
VL - 11
SP - 93
EP - 110
JO - CEAS Aeronautical Journal
JF - CEAS Aeronautical Journal
IS - 1
ER -