=Paper=
{{Paper
|id=Vol-1844/10000569
|storemode=property
|title=Reliability Synthesis for UAV Flight Control System
|pdfUrl=https://ceur-ws.org/Vol-1844/10000569.pdf
|volume=Vol-1844
|authors=Yuriy Pashchuk,Yuriy Salnyk,Serhiy Volochiy
|dblpUrl=https://dblp.org/rec/conf/icteri/PashchukSV17
}}
==Reliability Synthesis for UAV Flight Control System==
https://ceur-ws.org/Vol-1844/10000569.pdf
Reliability Synthesis for UAV Flight Control System
Yuriy Pashchuk1, Yuriy Salnyk1, Serhiy Volochiy2
1National Army Academy, 32 Heroes of Maidan street, Lviv, Ukraine, 79012
(ypashchuk@gmail.com, jurasalnik@ukr.net)
2National University Lviv Polytechnic, Lviv, Ukraine
(volochiy.s@gmail.com)
Abstract. This paper presents the models and methods for reliability synthesis
for components of UAV flight control system: flight computer and navigation
system. The developed reliability models depict different variants of fault-
tolerant designs including designes for systems with complex reliability
behavior. They have a high level of adequacy, since effectiveness of detection
and switching devices was taken into account.
Based on the models, we proposed the reliability synthesis methods for flight
control system components that allows making reasonable design decisions.
As an example of using these methods, the reliability requirements and
recommendations for rational choice of fault-tolerant designs were developed to
meet required reliability level of UAV flight computer and navigation system.
Keywords. Unmanned aerial vehicle (UAV), flight computer, navigation
system, flight control system, reliability model of fault-tolerant system.
Key Terms. Model, Mathematical Modeling, Markov model.
1 Introduction
Although UAV’s reliability has significantly increased for the last 15 years, this
problem is still among the focus issues for manufactures and different branches of
military [1-5]. The current UAV’s failure and accident/mishap rates are much higher
than that of manned air platforms. Approximately a quarter of all UAV’s failures are
caused by flight control system (FCS) failures [1-4]. This system contains three main
components (Fig. 1) [1-3]: navigation system (NS), flight computer (FC) and
autopilot (AP). All these components are failure-critical. In this paper, we choose NS
and FC as research objects due to their complex reliability behavior. Based on the
analysis of reliability measures and characteristics [1-5], the least reliable FC parts are
microprocessors and the least reliable NS parts are gyroscopes and accelerometers.
� Ground control station (GСS)
Navigation system
Onboard Radio command
Pitot tube GPS equipment Power / propulsion
Pressure and
temperature
transdusers
Air data subsystem (ADS)
Microprocessor Power/
(ADS)
Magnetometer MP 1 propulsion
(MM) controller
Microprocessor
Г іроскоп 1 MP 2 Control Unit Autopilot
Gyroscope GX
Microprocessor
Г іроскоп 2
Gyroscope GY MP 3 Servo units
Kalman
Гіроскоп filter Microprocessor
По осі ZG Z
Gyroscope (KF- 1) MP R
Accelerometer A X Voting unit
Payload Flight control
Accelerometer A Y Fault detector surfaces
Accelerometer A Z Kalman filter
( KF-2) Telemetry and GСS
Inertial measurement unit
(IMU)
Flight computer data radio
Fig. 1. UAV flight control system architecture
The researches, aimed to increase FCS reliability on the design stage, are important.
It concerns reliability synthesis for navigation system and flight computer, namely,
reasonable choice of their reliability parameters and fault-tolerant configurations to
meet required reliability level. There are two major approaches for solving these
issues [2-9]: fault avoidance with improvement of failure-critical subcomponents
reliability, and fault tolerance based on redundancy with use of effective detection and
switching devices (DSD). The second approach is used extensively for improving
reliability of military UAVs [2-10]. For instance, the Russian UAV Forpost, which
was shot down in Eastern Ukraine, has dual modular redundancy (DMR) for IMU,
ADS, onboard GPS, FC, AP and other systems.
On the other hand, redundancy may not improve the reliability system if DSD have
a failure rate below the acceptable mimimum level [11-14]. In addition, the number of
the standby modules is limited to meet requirements concerning acceptable weight,
size, power consumption, cost and other UAV characteristics.
Developers are often faced with complex problems as for making important
decisions for systems design within a limited time. For example, it is necessary to
choose the rational structure of FCS among many variants of its components
redundancy and ensure achieving all critical requirements. In the absence of adequate
reliability models answers to such questions are usually given based on either expert
�evaluations or simplified models. For instance, to evaluate reliability of fault tolerant
systems with N-modular redundancy the designers use models without considering
real effectiveness of detection devices [6-9].
Reliability engineers usually perform reliability prediction of the military product
using relevant procedures and methods presented in MIL-HDBK-217, other standards
and reference books. The prediction methods are selected in view of reliability data
availability, i.e., data about the distribution law for the product failure-free operation
time [15-18]. There are specialized software tools (for instance, RAM Commander
developed by ALD Reliability Engineering Ltd.) that support the reliability prediction
procedures. Such software is oriented on the reliability analysis of series and parallel
systems. Optionally, that software can also be used for computing the reliability of
fault tolerant systems with complex reliability behavior, for example, a flight
computer with implementation of majority-voting system 2-out-of-3 microprocessors
and inherent standby microprocessor [10, 19]. For this purpose, engineers should
develop and implement proper Markov reliability models with sufficient level of
adequacy.
The reliability behavior of FCS and its components can be represented in form of
discrete-continuous stochastic system [7, 9-14, 18]. The mathematical representation of
Markov’s model was proposed for reliability synthesis for FCS components. Hence, the
modified space state methods [9, 19, 20] were used to develop reliability models of
FCS components.
2 Rationale for Fault Tolerant Flight Computer Redundancy
2.1 Flight Computer Reliability Model with Account of Detection and
Switching Effectiveness
In this paper, we investigated two variants of fault-tolerant flight computer (FTFC)
design with implementation of majority-voting system (MVS) 2-out-of-3
microprocessors (MPs): 1) no additional standby MPs; 2) with inherent standby
microprocessor as well as detection and switching devices.
A block-diagram of the second variant of FTFC design is depicted in Fig. 2, where
MP is a microprocessor (there are three MPs in MVS core (MP1, MP2, MP3) and one
MPR in standby mode),VU is a voting unit, FD is a fault detector and KF- 2 is a
Kalman filter.
� FD
MP1
MP2 VU KF-2
MP3
MPR
Fig. 2. Block diagram of flight computer with implementation of majority-voting system 2-out-
of-3 microprocessors and inherent standby microprocessor
The fault detector provides failure detection of MVS core microprocessors. It
compares MP’s (MP1, MP2, and MP3) out signals and the KF- 2 input signal. If these
signals are not identical, FD transfers a signal about failure of the certain MP and a
command to the idle MPR to switch to corresponding VU input.
The MP software failure rate is much higher than the MP hardware failure rate [19].
The detection procedure starts when the MP software failure is found. The MP
software is restarted after this procedure. If the MP software restart is successful, the
MP continues information processing. In case of unsuccessful software restart, FD
determines a MP failure.
The Kalman filter KF-2 performs linear quadratic estimation of system state, thus its
reliability is much higher, than for other components. The problem of providing its
fault-tolerance was not considered in the paper.
On the first stage, the model was developed in the form of Markov Chain on the
ground of basic events [9, 20].
1) The basic events (BE) definition: BE-1 “Failure of MP”; BE-2 “Failure of VU”;
BE-3 “Completion of detection procedure”; BE-4 “Completion of MPR switching
procedure”. Since durations of the detection procedure, ТD, and MPR switching
procedure, ТS, much less than the durations of failure-free operation of MP and VU, it
is accepted that ТD ≈ 0 and ТS ≈ 0.
The detection and switching procedures are characterized by effectiveness
measures: the probability of successful failure detection, PD, and probability of
successful completion of MPR switching procedure, PS. Their values are less than 1.
Therefore, in the mathematical model the events BE-3 and BE-4 are concurrent with
BE-1. For these events, we use notations: CBE-3 and CBE-4. For representation of
consequences of these events, the probabilities of successful and unsuccessful
detection and switching are taken into account. In addition, the model includes next
measures: MP – failure rate of MPs and VU – failure rate of VU.
2) Rationale for components of state vector, which represent state of research object.
State vector consists of three components: V1; V2 and V3. Component V1
represents a current value of number of operating MPs in MVS core: V1 = 3 (three
operating MPs); V1 = 2 (two operating MPs), V1 = 1 (one operating MP); initial
�value V1 = 3. V2 represents a state of VU: V2 = 1 (operating), V2 = 0 (failed); initial
value V2 = 1. V3 represents a state of MPR: V3 = 1 (operating), V3 = 0 (failed); initial
value V3 = 1. The system is in critical failure (CF) state, when there is one operating
MP or the failed VU: (V1 = 1) OR (V2 = 0).
3) Development of state space diagram on the ground of basic events (Table 1).
The input data are the basic events of reliability behavior algorithm of FTFC;
components of state vector; reliability measures of MPs and VU; measures of DSD
effectiveness.
Table 1. State space diagram for flight computer
Probability of Next State Transition
alternative Computational
Previous state after BE from
Step continuation V1 V2 V3 State formula for
and actual BE State to
of process the BE rate
State
1 Initial State – 3 1 1 1 – –
2 1–Рd 2 1 1 2 12 3MP(1–Рd)
1BE-1 (CBE-
РdРs 3 1 0 3 13 3MPРdРs
3, CBE-4)
Рd(1–Рs) 2 1 1 2 12 3MPРd(1–Рs)
3 1BE-2 – 3 0 1 CF 1 CF VU
4 1–Рd 1 1 1 CF 2 CF 2MP(1–Рd)
2BE-1 (CBE-
РdРs 2 1 0 4 24 2MPРdРs
3, CBE-4)
Рd(1–Рs) 1 1 1 CF 2 CF 2MPРd(1–Рs)
5 2BE-2 – 2 0 1 CF 2 CF VU
6 3BE-1 (CBE- – 2 1 0 4 34 3MP
3, CBE-4)
7 3BE-2 – 3 0 0 CF 3 CF VU
8 4BE-1 (CBE- – 1 1 0 CF 4 CF 2MP
3, CBE-4)
9 4BE-2 – 2 0 0 CF 4 CF VU
On the second stage, FTFC structural-automaton model (SAM) was developed. The
input data were the basic events and state space diagram. In accordance with methods
presented in [9, 20], the following components of SAM were defined (Table 2):
Table 2. Structural-automaton model of fault-tolerant flight computer
Events Formalized presentation of situations CFER RMC
BE-1.1 1. (V1=3) AND (V2=1) AND (V3=1) 3MP(1 – Рd) V1:=2
3MPРdРs V3:=0
3MPРd(1 – Рs) V1:=2
BE-1.2 2. (V1=2) AND(V2=1) AND (V3=1) 2MP(1 – Рd) V1:=1
2MPРdРs V3:=0
2MPРd(1 – Рs) V1:=1
BE-1.3 3. (V1=3) AND (V2=1) AND (V3=0) 3MP V1:=2
BE-1.4 4. (V1=2) AND (V2=1) AND (V3=0) 2MP V1:=1
BE-2 1. ((V1 = 2) OR (V1 = 3)) AND (V2 = 1) VU V2:=0
AND ((V3 = 0) OR (V3=1))
� formalized description of all situations, in which each of the basic events can take
place (BE-1 takes place in four separate situations: BE-1.1; BE-1.2; BE-1.3; BE-1.4);
computational formulas for the basic event rate (CFER);
rules of modification of components of state vector (RMC).
The third stage of development of FTFC reliability model is an automated building
of state space diagram using SAM and specialized software “ASNA-1”. Based on the
verified state space diagram, the mathematical reliability model of FTFC in the form
of system of differential Chapman - Kolmogorov equations (1) was formed
dP1 ( t )
dt P1 ( t ) 3 MP PD РS 3 MP ( 1 РS ) PD 3 MP ( 1 PD ) VU ,
dP2 ( t ) P ( t ) 2 1 Р 2 ( 1 Р ) P 2 P P
dt 2 MP D MP S D MP D S VU
P ( t ) 3 ( 1 Р ) P 3 ( 1 P ) , (1)
1 MP S D MP D
dP3 ( t )
dt P3 ( t ) VU 3 MP P1 ( t ) 3 MP Р S PD ,
dP4 ( t ) P ( t ) 2 P ( t ) 2 Р P P ( t ) 3 ,
dt 4 VU MP 2 MP S D 3 MP
dP
5 ( t )
VU P1 ( t ) ( VU 2 MP РS PD 2 MP )P2 ( t ) VU P1 ( t ) ( VU 2 MP )P4 ( t )
dt
where Pі ( t ) is probability of system being in State i ( і 1, ... , 5 ) at time t.
2.2 Reliability Synthesis Methods for Fault-Tolerant Flight Computer
Reliability synthesis for fault-tolerant flight computer focuses primary on solving two
problems: 1) rationale for choice of FTFC design; 2) rationale for reasonable
reliability measures of FTFC components. Proposed methods (Fig. 3) are developed
to aid in solving these problems and based on reliability model of FTFC.
An example of practical use of proposed methods is given below.
The problem statement:
1) FC components and units have constant failure rates;
2) failure rates of MPs in MVS core equal MP R failure rate;
3) required reliability level is a minimum allowable value of FC reliability PFCmin
during the time interval 0 to T1;
4) four measures Pj ( t ) ( j 1, ... , 4 ), where P1 = MP, P2 = VU, P3 = PD, P4 = PS;
5) two above mentioned variants of FTFC design.
� Fig. 3. Flowchart of reliability synthesis for fault-tolerant flight computer
We assumed that a designer uses following input data: T1 = 500 hours (mean time of
UAV’s overhaul life is 500 hours); PFCmin = 0,999; and initial values of measures:
MP = 1,8e-5 hr-1; VU = 2,9e-6 hr-1; PD = PS = 0,999.
The computation results (Fig. 4) reveal that during the time interval 0 to T1 the value
of FC reliability:
for the 1st variant of FTFC design PFC(500) = PFC1 = 0,99881 is less than PFCmin that
does not meet the set requirements;
for the 2nd variant of FTFC design PFC(500) = PFC2 = 0,99904 is more than PFCmin.
�Fig. 4. Graphs of flight computer reliability: 1 – no additional standby microprocessors; 2 –
with inherent standby microprocessor
The researches, using the above-mentioned input data, allow rationalizing reliability
requirements to FTFC components and drawing next conclusions:
1. In order to maintain required reliability level of FTFC without standby MPs in
MVS core, it is necessary to rise reliability requirements to MPs (MP ≤ 8e-5 hr-1) or
VU (VU ≤ 2,3e-6 hr-1) reliability.
2. FTFC design with implementation of MVS 2-out-of-3 MPs and inherent MP as
well as DSD allows increasing reliability to required level without changing
requirements to reliability of MPs and VU. In addition, it is possible to scale back
requirements to DSD effectiveness.
3. Using the proposed methods and set input data, we can advise the UAV designer
two above examined variants of FTFC as its reasonable configurations.
3 Reliability Synthesis for Fault-Tolerant Navigation System
Components
3.1 Rationale for Navigation System Components Redundancy
Reliability block diagrams for two navigation system configurations: 1) without
redundancy; 2) with dual modular redundancy (DMR) for gyroscopes and
accelerometers in inertial measurement unit (IMU), are depicted in Fig. 5. The
denotation IS was used for the integrated subsystem, which includes two parts: air
data subsystem (ADS); magnetometer (MM).
� GPS GPS
IMU IMU
Gx Gy Gz Ax Ау Аz KF-1 Gx1 Gy1 Gz1 Аx1 Ау1 Аz1 KF-1
Gx2 Gy2 Gz2 Аx2 Ау2 Аz2
IS
IS
1) 2)
Fig. 5. Reliability block diagram of navigation system: 1) without redundancy for gyroscopes
and accelerometers; 2) with dual redundancy for gyroscopes and accelerometers
Multi-sensor information redundancy is implemented in NS. It should provide
required level of reliability. The task is to define the expedient values of reliability
measures of NS components. Failure rates of NS components are chosen as reliability
measures: 1 is failure rate of the onboard GPS; 2 = 3 = 4 = G – failure rates of
gyroscopes (Gx, Gy, Gz); 5 = 6 = 7 = A – failure rates of accelerometers (Ax, Ay,
Az); 8 is failure rate of IS (sum of failure rates of ADS, MM and PS); 9 is failure
rate of KF-1. Since main and standby gyroscopes and accelerometers have the same
circuitry, so their failure rates are equal.
Kalman Filter KF-1 performs linear quadratic estimation and integration of the data
from GPS, IMU and IS [12]. A failure of KF-1 causes a failure of navigation system.
That is why there is a necessity to rationalize using KF-1 fault-tolerant design, for
example, dual redundant Kalman Filter or implementation of majority-voting
structure.
Onboard GPS is a main source of the navigation data [3, 4, 12]. It is accepted that a
signal from global GPS comes securely. If onboard GPS is failed and IMU is in
operating state, the navigation data comes from IMU. When onboard GPS and IMU
are failed, integrated subsystem supplies the navigation data.
Reliability calculation was conducted for two above-mentioned variants of NS
structure (Fig. 5). For the second configuration it considered that DSDs perform their
functions with probability of successful failure detection PD = 1 and probability of
successful completion of switching procedure PS = 1. It was assumed that duration of
all processes and procedures, which take place in NS, are distributed according to an
exponential law.
It considered that the designer uses the next input data for reliability synthesis for
NS: time interval T1 = 500 hours; minimum allowable value of NS reliability
PNSmin = 0,999; initial values of failure rates of NS components: 1 = 3e-4 hr-1;
G = 9e-5 hr-1; A = 6e-5 hr-1; 8 = 4e-4 hr-1, 9 = 1,6e-6 hr-1.
The computation results for two variants of NS proved expediency of DMR for
gyroscopes and accelerometers in IMU. Reliability value for the 1st variant of NS is
PNS(500) = PNS1 = 0,99411 that less than PNSmin. Implementation of dual redundancy
for gyroscopes and accelerometers allows to increase NS reliability to the value
PNS(500) = PNS2 = 0,99903 and provide required reliability level on the interval of
T2 = 845 hr. These conclusions were drawn considering that DSD perform their
�functions with probability equals 1. To raise adequacy of NS reliability model it was
proposed to develop a reliability model of fault-tolerant unit with dual modular
redundancy and taking into account the real DSD effectiveness: PD < 1 and PS < 1.
3.2 Reliability Model of Fault-Tolerant Unit with Dual Redundancy and
Taking into Account Detection and Switching Devices Effectiveness
A reliability model was developed according to the methods presented in [9, 20]:
1) Forming a verbal model of fault-tolerant unit (FTU).
The model includes reliability measures (M – failure rate of the main part and R –
failure rate of standby part of FTU) and DSD effectiveness measures (probability of
successful completion of detection procedure – PD and probability of successful
completion of switching procedure – PS).
A detection device controls continuously operability of the main FTU part. If
detection procedure is successful (the detection device defines a failure of the main
part), the detection device will transfer a signal to the switching device that unhooks
the main part and hooks up the standby part.
If detection procedure is unsuccessful, fault-tolerant unit will come to state of
critical failure. In addition, FTU will come to state of critical failure, if detection
procedure is successful but the switching procedure is unsuccessful.
2) The state vector consists of two components: V1 – a state of main part (1, 0;
initial value V1 = 1); V2 – a state of standby part (1, 0; initial value V2 = 1).
The basic events of reliability behavior of FTU: BE-1 – “Failure of main part”; BE-
2 – “Completion of detection procedure”; BE-3 – “Completion of switching
procedure”; BE-4 – “Failure of standby part”.
3) The fault-tolerant unit is in critical failure state, when there is a failed main part
and standby part is not hooked up: V1 = 0.
The developed state space diagram for the investigated FTU with dual redundancy
and taking into account DSD effectiveness is presented in Table 3.
The model simplification was used on the basis that the research object is described
by one group of procedures with long duration and another group of procedures with
much less duration. This condition simplifies the model however reduces the degree
of its adequacy. The detection procedure is auxiliary in the structure of FTU. If do not
take into account duration of procedure in 20 ms, computation of FCS reliability for
the UAV flight time interval (up to 10 hours) brings not significant error. For the
proposed mathematical model, the next simplifications were done: duration of
detection procedure TD = 0 and switching procedure – TS = 0. Accordingly, the basic
events BE-2 and BE-3 are concurrent with BE-1 and got denotations CBE-2 and
CBE-3.
Table 3. State space diagram for fault-tolerant unit with dual modular redundancy and taking
into account detection and switching effectiveness
Previous Probability of Next Transition Computational
Step State and alternative State State from State to formula for the BE
actual BE continuation of after BE State rate
� process
V1 V2
1 Initial state 1 1 1
1BE-1 (1–PD) 0 1 CF 1 → CF λM(1–PD)
2 (CBE-2, PDPS 1 0 2 1→2 λMPDPS
CBE-3) PD(1–PS) 0 1 CF 1 → CF λMPD(1–PS)
3 1BE-4 1 0 2 1→2 λR
2BE-1 (1–PD) 0 0 CF 2 → CF λM(1–PD)
4
(CBE-2) PD 0 0 CF 2 → CF λMPD
It was taken into account that the duration of all procedures in research object are
random variables having an exponential distribution, and a number of events on the
observation interval is defined by the Poisson distribution. In accordance with the
methods presented in [9, 20], the components of FTU structural-automaton model
were formed (Table 4).
Table 4. Structural-automaton model of fault-tolerant unit with dual modular redundancy and
taking into account detection and switching effectiveness
Basic event Formalized presentation of
CFER RMC
(concurrent basic events) situations
BE-1 “Failure of main part” 1. (V1=1) AND (V2=1) λMPDPS V2:=0
(CBE-2, CBE-3) λM(1 – PD) V1:=0
λMPD(1 – PS) V1:=0
2. (V1=1) AND (V2=0) λMPD V1:=0
λM(1 – PD) V1:=0
BE-4 “Failure of standby part” 1. (V1=1) AND (V2=1) λR V2:=0
The mathematical reliability model of fault-tolerant unit (2) was formed
dP1( t )
dt ( M R )P1( t ),
dP2 ( t )
( M PD РS R )P1( t ) M Р2 ( t ), (2)
dt
dP3( t )
dt M ( 1 PD РS )P1( t ) M P2 ( t ).
where Pі ( t ) is probability of system being in State i ( і 1, ... ,3 ) at time t.
3.3 Estimation of Reliability Measures for Navigation System and its
Components in view of Detection and Switching Effectiveness
The same assumptions and input data were used as in the section 3.1. Results of
reliability estimation for the 2nd variant of NS and its components (units of gyroscopes
�(UG) and accelerometers (UA)) with perfect and non-perfect DSD are presented in
Table 5.
Table 5. Results of reliability estimation for the 2nd variant of NS and its components in view
of detection and switching effectiveness
Input data Output data
DSD PS PD PUG(500) PUA(500) PNS2(500)
perfect 1 1 0,9981 0,9991 0,99903
non-perfect 0,999 0,999 0,9979 0,9989 0,99901
0,99 0,99 0,9974 0,9982 0,99892
0,94 0,99 0,9957 0,9978 0,99871
0,98 0,98 0,9967 0,9979 0,99884
The graphs of UG reliability at different values of DSD effectiveness are shown in
Fig. 6.
Fig. 6. Graphs of UG reliability at different values of PD and PS: 1 – PD = PS = 1; 2 –
PD = PS = 0,999; 3 – PD = PS = 0,99; 4 –PD = PS = 0,98
The results, presented in Table 5 and Fig. 6, confirm that reliability depends on the
detection and switching effectiveness. The proposed model gives an opportunity to
rationalize necessary values of measures of DSD effectiveness.
3.4 Reliability Synthesis Methods for Navigation System Components
Proposed reliability synthesis methods are developed for fault-tolerant NS
components. They are based on reliability models of NS components and use of
�specialized software ASNA-1. The main difference of these methods from the
mentioned above methods (section 2.2) is that for reliability synthesis for NS we can
investigate rational variants of fault-tolerant modules (units). Using reliability
synthesis methods for FC we evaluated fault-tolerant units with DMR for gyroscopes,
accelerometers, Kalman Filter (KF-1). We used following input data: T1 = 500 hours;
PNSmin = 0,999. The computation results, which indicate reasonable reliability
measures of NS components, are presented in Table 6.
Table 6. Rational reliability measures of NS components at different values of PD and PS
Input data Output data
PS PD G , hr -1 А, hr -1 9, hr -1
0,98 0,99 6,4e-5 3,7e-5 2,4e-5
0,96 0,99 5,5e-5 2,8e-5 1,7e-5
0,94 0,99 4,4e-5 2,4e-5 1,3e-5
0,92 0,98 3,7e-5 1,8e-5 9,1e-6
0,9 0,97 2,6e-5 1,6e-5 7,4e-6
Hence, these methods allow adjusting with designer the acceptable values of
reliability measures of NS components as well as measures of DSD effectiveness.
4 Conclusions
1. A necessity and actuality of improvement of existent models and methods of
reliability synthesis for fault-tolerant systems have been rationalized in making
decisions on design of UAV flight control system.
2. The developed reliability models of navigation system and flight computer
represent the different variants of fault-tolerant designs and have a high level of
adequacy.
3. Based on the models, we proposed the reliability synthesis methods for
components of UAV flight control system. Automation of multiple analysis
procedures allows quickly (during a few hours) making reasonable design decisions.
4. Reliability requirements and recommendations for rational choice of fault-tolerant
designs of navigation system and flight computer have been developed to meet
required reliability level.
5. We are planning further research studies to investigate reliability of UAV
autopilot and its fault-tolerant modules, availability of all FCS components as well as
solving optimization problems.
References
1. Unmanned Aerial Vehicle Reliability Study, 20-21, 29 (2003)
� 2. 21st Century Unmanned Aerial Vehicles (UAV). Unmanned Aerial Vehicle Reliability
Study. Office of the Secretary of Defense. OSD UAV Reliability Study Executive
Summary, 9-26 (2010)
3. Shawn Reimann, Jeremy Amos, Erik Bergquist, Jay Cole, Justin Phillips, Simon Shuster.
UAV for Reliability – Aerospace Vehicle Design, 2, 5-13, 18-21 (2013)
4. Greg Caswell and Ed Dodd. Improving UAV Reliability. DfR Solutions, 1-5 (2014)
5. Peck Michael. Pentagon Unhappy About Drone Aircraft Reliability. National Defence
Magazine, May 2003 (2003)
6. Israel Koren, C. Mani Krishn. Fault tolerant systems. Morgan Kaufmann Publishers is an
imprint of Elsevier, 11-33, (2007)
7. Dubrova E. Fault tolerant design: an introduction. Department of Microelectronics and
Information Technology Royal Institute of Technology Stockholm, Sweden. Kluwer
Academic Publishers, 1-4, 14, 27-41, 27-55 ( 2007)
8. Yinong Chen, Tinghuai Chen. Implementing Fault-Tolerance via Modular Redundancy
with Comparison. IEEE Transactions on reliability, vol. 39, № 2, 217–225 (1990)
9. B. Volochiy. Modelling Technology of Information Systems Behavior. Monograph. Lviv
Polytechnic National University Publ., 59-102 (2004) [in Ukrainian]
10. C. B. Feldstein and J. C. Muzio. Development of a Fault Tolerant Flight Control System.
University of Victoria, Victoria, British Columbia, Canada (2004)
11. Rudaba Khan, Paul Williams, Paul Riseborough, Asha Rao, Robin Hill. Active Fault
Tolerant Flight Control System Design - A UAV Case Study. Available at:
https://arxiv.org/abs/1610.03162v1 (2016)
12. Ducard, Guillaume J. J. Fault-tolerant Flight Control and Guidance Systems. Practical
Methods for Small Unmanned Aerial Vehicles. 2009, XXII, 264 p. Hardcover.
13. Yuta Kobayashi and Masaki Takahashi. Design of Intelligent Fault-Tolerant Flight Control
System for Unmanned Aerial Vehicles. Keio University. Japan. Nihon Kikai Gakkai
Ronbunshu, C Hen/Transactions of the Japan Society of Mechanical Engineers, Part C,
2301-2310 (2009)
14. Xiao-Lin ZHANG1, Hai-Sheng Li2, Dan-Dan YUAN. Dual Redundant Flight Control
System Design for Microminiature UAV. 2nd International Conference on Electrical,
Computer Engineering and Electronics. (2015).
15. MIL-HDBK-217 F Notice 2. Reliability Prediction of Electronic Equipment. Deparment of
Defence. Washington DC. Appendix A (1995)
16. Reliability/Availability of Electrical & Mechanical Systems for C4ISR Facilities.
Department of the Army, TM 5-698-1, 14-18, 20-22, 27-34 (2003)
17. Vesely William, Michael Stamatelatos, Joanne Dugan, Joseph Fragola, Joseph Minarick
III, Jan Railsback. Fault Tree Handbook with Aerospace Applications. NASA
Headquarters: Washington, 195-202 (2002)
18. Joanne Bechta Dugan. Fault trees and Markov models for reliability analysis of fault
tolerant systems. Reliability Engineering & System Safety. Vol. 39, 291-307 (1993)
19. B. Volochiy, L. Ozirkovkyy, M. Zmysnyi, I. Kulyk. Designing of Fault-Tolerant Radio
Electronic Systems with Complex Majority Structures. Radioelectronic and Computer
Systems. Kharkiv. National Aerospace University, № 6 (80), 120-129 (2016)
20. D. Fedasyuk, S. Volochiy. Method of Developing of Structural-Automaton Models of
Fault-Tolerant systems. 14th International Conference. The Experience of Designing and
Application of CAD Systems in Microelectronics. Proceeding, 22 26 (2017)
�