-
摘要:
翼身融合(BWB)飞行器满足未来民用航空经济、绿色、低碳的运行需求,是重要的发展方向。针对BWB飞行器的飞行控制系统,对其安全性与系统设计进行了研究。给出基于系统理论的事故模型及过程,与相应的安全性分析,重点对BWB飞行器飞行控制系统内的复杂逻辑关系、不安全控制动作、危害致因进行分析;进行切换系统设计,给出低可靠先进系统和高可靠备用系统的设计过程,并分析切换逻辑;基于设计进行仿真验证。研究结果表明:系统理论过程分析方法能够支持BWB飞行器飞行控制系统复杂逻辑关系的安全隐患分析,同时所设计的飞行控制系统具有一定的安全性与实用性。
Abstract:Blended wing-body (BWB) aircraft can meet the economic, environmentally friendlyand low-carbon operation needs and is one of the key development directions of future civil aviation. Aiming at the flight control system of BWB aircraft, its safety analysis and system design are studied. First, a description of the system-theoretic accident model, processes, and associated safety analysis procedure is provided. The complex logic relationship, unsafe control actions and hazard cause factors in the control system of BWB aircraft are analyzed emphatically. Then the switching system is designed. Analyzing the switching logic, the design process for both the high reliability backup system and the low reliability advanced system is presented. Finally, the simulation is carried out based on the design. The examination of the complicated logic relationships in the BWB flight control system can be understood using the applied safety analysis approach, and the designed flight control system has a certain level of safety and viability.
-
表 1 事故危害分析
Table 1. Accident hazard analysis
事故编号 事故 危害编号 危害 A1 机上人员受伤或
失去生命H1 飞行器失去控制 A2 飞行器受损 H2 飞行器失去控制 A3 飞行任务失败 H3 飞行器失去控制 表 2 不安全控制行为分析
Table 2. Unsafe control action analysis
控制器 控制动作 控制对象 UCA类型1 UCA类型2 UCA类型3 UCA类型4 大气环境 大气环境影响 BWB飞行器 作动器 驱动舵面指令 BWB飞行器 AC 作动器指令 作动器 (NUCA3-N-1)切换至AC工作时未驱动作动器 (NUCA3-P-1)AC工作时指令错误驱动作动器 (NUCA3-T-1)切换至AC工作时,驱动作动器存在延迟X (UCA3-D-1) 切换至BuC工作时,AC工作在X内未结束 飞行员 切换命令 RTM/S (UCA4-N-1) 超出安全边界无自动切换,飞行员未手动切换 (UCA4-P-1) 超出安全边界,飞行员手动切换至AC (UCA4-T-1) 超出安全边界无自动切换,飞行员手动切换命令存在延迟X 飞行员 接通/断开 AC (UCA5-N-1) 飞行员无法手动操纵切换系统时,未手动断开AC (UCA5-P-1) 飞行员无法手动操纵切换系统时,手动接入AC (UCA5-T-1) 飞行员无法手动操纵切换系统时,未手动断开AC延迟X 飞行员 接通/断开 BuC (UCA6-N-1) 飞行员无法手动操纵切换系统时,未手动接入BuC (UCA6-P-1) 飞行员无法手动操纵切换系统时,手动断开BuC (UCA6-T-1) 飞行员无法手动操纵切换系统时,未手动接入BuC延迟X RTM/S 接通/断开 AC (UCA7-N-1) 满足切换条件时,RM/S未断开AC (UCA7-P-1) 不满足切换条件时,RM/S接通AC (UCA7-T-1) 满足切换条件时,RM/S断开AC延迟X RTM/S 接通/断开 BuC (UCA8-N-1) 满足切换条件时,RM/S未接通BuC (UCA8-P-1) 不满足切换条件时,RM/S断开BuC (UCA8-T-1) 满足切换条件时,RM/S接通BuC延迟X BuC 作动器指令 作动器 (UCA9-N-1) 安全边界外,BuC未驱动作动器 (UCA9-P-1) 安全边界外,BuC错误驱动作动器 (UCA9-T-1) 安全边界外,BuC接入延迟X (UCA9-D-1) 未进入安全边界,BuC提前结束工作 注:延迟X单位为s。 表 3 危害致因分析
Table 3. Hazard causal factor analysis
HFC编号 HCF HCF
类型场景描述 HFC编号 HCF HCF
类型场景描述 HCF3-D-1-1 切换条件错误 2 信号切换软化过程过长 HCF7-P-1-3 控制输入错误 1 飞行员手动接入AC HCF4-N-1-1 飞行员对控制状态意识错误 5 飞行员判断当前处于(或已切换至)BuC工作状态 HCF7-T-1-1 切换条件判断
延迟5 飞行状态/作动器反馈存在延迟 HCF4-N-1-2 飞行员对飞行状态意识错误 13 飞行员判断未超出安全边界 HCF8-N-1-1 切换条件失效 5 飞行状态/作动器反馈存在错误 HCF4-P-1-1 飞行员对飞行状态意识错误 5 飞行员判断处于安全边界内 HCF8-N-1-2 切换条件错误 2 切换判断条件存在错误 HCF4-T-1-1 控制传输延迟 7 手动切换控制存在延迟 HCF8-N-1-3 控制输入错误 1 飞行员手动断开BuC HCF4-T-1-2 飞行员对飞行状态判断延迟X 5 传感器存在延迟,或超出安全边界未及时警告飞行员 HCF8-P-1-1 切换条件错误 2 切换判断条件存在错误 HCF4-T-1-3 飞行员对控制模式判断延迟X 5 控制模式存在延迟,或飞行员未能及时发现 HCF8-P-1-2 切换条件失效 5 飞行状态/作动器反馈存在错误,切换条件判断飞行器处于安全边界内 HCF5-N-1-1 飞行员未意识到手动切换故障 5 控制模式未反馈故障信息,或未及时提醒飞行员故障 HCF8-T-1-1 切换条件判断
延迟5 飞行状态/作动器反馈存在延迟 HCF5-P-1-1 飞行员判断在安全边界内,未意识到手动切换故障 5 控制模式未反馈故障信息,或未及时提醒飞行员故障 HCF9-D-1-1 控制输入错误 1 切换系统输入断开,或飞行员手动断开 HCF5-T-1-1 飞行员意识到手动切换故障延迟X 5 控制模式未反馈故障信息存在延迟,或未及时提醒飞行员故障 HCF9-T-1-1 切换条件错误 2 信号切换软化过程过长 HCF6-N-1-1 飞行员未意识到手动切换故障 5 控制模式未反馈故障信息,或未及时提醒飞行员故障 HCF9-T-1-2 反馈存在延迟 5 传感器反馈存在延迟X HCF6-P-1-1 飞行员判断在安全边界内,未意识到手动切换故障 5 控制模式未反馈故障信息,或未及时提醒飞行员故障 HCF9-N-1-1 输入未断开指令信号 1 切换系统输入未接通,或飞行员手动断开 HCF6-T-1-1 飞行员意识到手动切换故障延迟X 5 控制模式未反馈故障信息存在延迟,或未及时提醒飞行员故障 HCF9-N-1-2 作动器错误标记为故障 5 作动器故障反馈错误,不执行驱动故障作动器 HCF7-N-1-1 切换条件失效 5 飞行状态/作动器反馈存在错误 HCF9-P-1-1 BuC重构错误 2 BuC重构算法错误 HCF7-N-1-2 切换条件错误 2 切换判断条件存在错误 HCF9-P-1-2 BuC重构错误 3 BuC算法鲁棒性弱 HCF7-P-1-1 切换条件错误 2 切换判断条件存在错误 HCF9-P-1-3 BuC控制错误 5 飞行状态反馈错误 HCF7-P-1-2 切换条件失效 5 飞行状态/作动器反馈存在错误,切换条件判断飞行器处于安全边界内 HCF9-P-1-4 BuC重构错误 5 作动器故障信息错误 注:延迟X的单位为s。 -
[1] 王刚, 张彬乾, 张明辉, 等. 翼身融合民机总体气动技术研究进展与展望[J]. 航空学报, 2019, 40(9): 623046.WANG G, ZHANG B Q, ZHANG M H, et al. Research progress and prospect for conceptual and aerodynamic technology of blended-wing-body civil aircraft[J]. Acta Aeronautica et Astronautica Sinica, 2019, 40(9): 623046(in Chinese). [2] TYLER L, ENRIC X, GEIR D. L1 adaptive control augmentation system for the X-48B aircraft: AIAA 2009-5619[R]. Reston: AIAA, 2009. [3] 陈勇, 董新民, 薛建平, 等. 多操纵面飞控系统约束自适应控制分配策略[J]. 系统工程与电子技术, 2011, 33(5): 1118-1123. doi: 10.3969/j.issn.1001-506X.2011.05.32CHEN Y, DONG X M, XUE J P, et al. Constrained adaptive control allocation for multi effector flight control system[J]. Journal of Systems Engineering and Electronics, 2011, 33(5): 1118-1123(in Chinese). doi: 10.3969/j.issn.1001-506X.2011.05.32 [4] 王发威, 董新民, 王小平, 等. 基于WPI的多操纵面飞机积分滑模容错控制[J]. 北京航空航天大学学报, 2014, 40(10): 1378-1385. doi: 10.13700/j.bh.1001-5965.2013.0623WANG F W, DONG X M, WANG X P, et al. Fault tolerant control of multi-effectors aircraft using integral sliding model with WPI[J]. Journal of Beijing University of Aeronautics and Astronautics, 2014, 40(10): 1378-1385(in Chinese). doi: 10.13700/j.bh.1001-5965.2013.0623 [5] 朱鹏, 董文瀚. 考虑执行器非线性的多操纵面飞机舵面故障容错控制[J]. 飞行力学, 2019, 37(5): 51-56. doi: 10.13645/j.cnki.f.d.20190617.011ZHU P, DONG W H. Fault-tolerant control for multi-effector aircraft actuator failure with actuator nonlinearity[J]. Flight Dynamics, 2019, 37(5): 51-56(in Chinese). doi: 10.13645/j.cnki.f.d.20190617.011 [6] ANTHONY M A, JOHN F B, JONATHAN R G, et al. Run-time assurance for advanced flight-critical control systems: AIAA 2010-8041[R]. Reston: AIAA, 2010. [7] ASTM. Standard practice for methods to safely bound flight behavior of unmanned aircraft systems containing complex functions: F3269-17[S]. West Conshohocken: ASTM Committee F38, 2017: 1-9. [8] KERIANNE H G, MATTHEW A C, JONATHAN A H, et al. Run-time assurance and formal methods analysis nonlinear system applied to nonlinear system control[J]. Journal of Aerospace Information Systems, 2017, 14(4): 232-246. doi: 10.2514/1.I010471 [9] LOYD R H, MATTHEW C, DAVID S. Certification strategies using run-time safety assurance for part 23 autopilot systems[C]//Proceedings of 2016 IEEE Aerospace Conference. Piscataway: IEEE Press, 2016: 1-10. [10] ALEC B, WILLIAM G, NEHA G. Application of run-time assurance architecture to robust geofencing of SUAS: AIAA 2018-1985 [R]. Reston: AIAA, 2018. [11] REMUS C A, XIAODONG Z, JONATHAN M. Nonlinear adaptive control of quadrotor UAVs with run-time safety assurance: AIAA 2017-1896[R]. Reston: AIAA, 2017. [12] MARK A S, LOYD R H, WES R. Leveraging ASTM industry standard F3269-17 for providing safe operations of a highly autonomous[C]//Proceedings of 2020 IEEE Aerospace Conference. Piscataway: IEEE Press, 2020: 1-10. [13] LEVESON N. A new accident model for engineering safer systems[J]. Safety Science, 2004, 42(4): 237-270. doi: 10.1016/S0925-7535(03)00047-X [14] 吴森堂, 费玉华. 飞行控制系统[M]. 北京: 北京航空航天大学出版社, 2005: 52-62.WU S T, FEI Y H. Flight control system[M]. Beijing: Beihang University Press, 2005: 52-62(in Chinese). [15] 党小为, 唐鹏, 孙洪强, 等. 基于角加速度估计的非线性增量动态逆控制及试飞[J]. 航空学报, 2020, 41(4): 323534.DANG X W, TANG P, SUN H Q, et al. Incremental nonlinear dynamic inversion control and flight test based on angular acceleration estimation[J]. Acta Aeronautica et Astronautica Sinica, 2020, 41(4): 323534(in Chinese). [16] XUERUI W, ERIK-JAN V, QIPING C. Stability analysis for incremental nonlinear dynamic inversion control[J]. Journal of Guidance, Control, and Dynamics, 2019, 42(5): 1116-1129. doi: 10.2514/1.G003791 [17] JAMES E W, JOHN V F. Defining commercial transport loss-of-control: A quantitative approach: AIAA 2004-4811[R]. Reston: AIAA, 2004. -