CN106599352B - Reliability analysis method for airplane telex control system - Google Patents

Reliability analysis method for airplane telex control system Download PDF

Info

Publication number
CN106599352B
CN106599352B CN201610969751.3A CN201610969751A CN106599352B CN 106599352 B CN106599352 B CN 106599352B CN 201610969751 A CN201610969751 A CN 201610969751A CN 106599352 B CN106599352 B CN 106599352B
Authority
CN
China
Prior art keywords
transition
library
sim
reliability
num
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610969751.3A
Other languages
Chinese (zh)
Other versions
CN106599352A (en
Inventor
王瑶
孙秦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN201610969751.3A priority Critical patent/CN106599352B/en
Publication of CN106599352A publication Critical patent/CN106599352A/en
Application granted granted Critical
Publication of CN106599352B publication Critical patent/CN106599352B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/10Geometric CAD
    • G06F30/15Vehicle, aircraft or watercraft design

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

A reliability analysis method for an airplane telex control system provides a system reliability modeling and reliability calculation method based on a system function schematic diagram on the basis of a dynamic stochastic Petri network theory. The method converts the system function schematic diagram into the dynamic stochastic Petri network with highly consistent topological structure for system reliability analysis, the Petri network can effectively avoid interference of subjective factors of modeling personnel, can correctly calculate the system reliability, and has important value for improving the reliability evaluation level of the complex engineering system.

Description

Reliability analysis method for airplane telex control system
Technical Field
The invention belongs to the field of engineering system reliability analysis, and particularly relates to a system reliability modeling and system reliability calculation method for converting a functional schematic diagram of an airplane telex control system into a stochastic Petri network.
Background
Reliability is an important technical attribute for the use efficiency of complex engineering systems. The high-level reliability analysis technology has important engineering technical value and significance for discriminating system weak links in the airplane, improving design defects, reducing the total life cycle cost, improving the functional application efficiency and the like. The core of the work in the reliability field is a fault, and the occurrence of the fault not only can seriously affect the exertion of the functions of the system, but also can cause personal casualties and property loss. In recent years, with the continuous development of the integration of the fly-by-wire control system of the airplane, the system design becomes more and more complex, the reliability problem becomes more and more prominent, and the occurrence of various accidents further highlights the importance and the necessity of the reliability analysis work of the fly-by-wire control system.
The defect correction of a complex engineering system in an airplane usually has the basic characteristic of 'pulling a whole body', hidden design defects can lead to endless aftereffects in application, and in order to enable the reliability of the system to reach the specified design requirement, the most fundamental approach is to fully develop reliability modeling and analysis work in the design stage in the system development process, so that good reliability is given to weaponry in the system design stage. However, at present, in the design stage of the fly-by-wire control system of the airplane, the following problems exist in developing the reliability analysis and evaluation work:
(1) and (5) reliability analysis and evaluation of the efficiency of the work. In the process of developing a complex engineering system at present, two technical systems are used for a system design specialty and a reliability specialty, and the system design specialty only concerns about functions of the system and components thereof and does not concern about faults of the system and the components thereof. Specifically, in the system design process, designers pay attention to how to organically combine system components into a system with the capability of completing specific functions, after the system design is finished, the system design professional submits a system functional schematic diagram obtained by the system design professional to the reliability professional, and then the reliability professional analyzes the fault influence of the system and the components thereof: and the reliability professional establishes a system reliability model for describing the fault logic relationship of the system and elements thereof according to the system functional schematic diagram, and then analyzes and evaluates the system reliability according to the system reliability model. However, when the reliability professional finds that the reliability does not meet the design requirement or the design is unreasonable, the design needs to be changed by the system design professional, and after the design professional finishes the design change, the design professional gives the reliability professional again to perform the reliability modeling and the reliability evaluation until the reliability index meets the requirement.
That is, in engineering practice, functional design work and reliability analysis work are performed relatively independently in sequence, and system design work is mainly performed around a functional space and reliability evaluation work is mainly performed around a fault space. In the existing system reliability modeling method, when a functional space is converted into equivalent fault logic description, a topological structure is often changed greatly, and a reliability modeling worker needs to manually give fault influences of a system and component elements on the basis of analyzing a system functional schematic diagram, so that the reliability evaluation efficiency is low. If the method capable of directly converting the functional space described by the system functional schematic diagram into the system fault propagation model with highly consistent topological structure exists, the evaluation efficiency of the system reliability in the system design process can be effectively improved, and the system development period is finally shortened.
(2) Correctness of the reliability model. Currently, there are a variety of modeling methods for reliability analysis and evaluation, which, while relying to some extent on functional schematics of systems, still require technicians with significant engineering experience to participate in the modeling. Especially in the modeling process of a large complex system, too much human subjective factor intervention exists in the modeling process, even if the same type of model is adopted to model the same system, the models built by different modelers are likely to be different, and the modelers are easily limited by the cognition level and the analysis level, so that the occurrence of cognition and human errors is difficult to avoid. If the reliability evaluation and the function design can be combined mechanically, the objective fact of the system can be reflected to the maximum extent when the established reliability model is consistent with the system principle function diagram as high as possible, errors caused by the intervention of too many artificial subjective factors are avoided, and the correctness of the model is ensured.
(3) And (5) analyzing and calculating the problem of the reliability model. The main purpose of establishing a system reliability model is to effectively calculate the reliability of the system. Furthermore, the method for calculating the reliability of the system represented by the model is also different for different types of models. For example, a reliability model established by using a fault bayesian network needs to adopt a bayesian network inference technology to perform reliability calculation; the reliability model established by the fault tree is generally used for calculating the reliability of the system by adopting Boolean theory. Therefore, when any system reliability modeling method is proposed, a corresponding reliability calculation method needs to be given, otherwise, the proposed modeling method loses the existing significance.
In summary, in order to solve the above three problems, improve the work cooperation degree of the two specialties of the reliability analysis and the system function design of the fly-by-wire control system, and shorten the system design and development period, a method capable of directly converting the system function schematic diagram into a system reliability model highly consistent with the topological structure thereof and effectively calculating the system reliability is required.
Disclosure of Invention
In order to overcome the defects of low reliability evaluation efficiency, low model correctness and poor applicability in the prior art, the invention provides a reliability analysis method for an airplane telex control system.
The specific process of the invention is as follows:
step 1, counting the number Num of elements: the number of the statistical elements Num is the number Num of the statistical elements in the functional schematic diagram of the airplane telex control system, and a library for representing normal state and a library for representing state fault are established for each element. Specifically, the following operations are sequentially performed for each element:
for the ith element in the functional schematic diagram of the fly-by-wire control system of the airplane, establishing a library station for the ith element, indicating the normal state of the ith element, and numbering P for the library stationi.up。PiIn up, P represents a library place, i represents a component number, i satisfies a condition of 1. ltoreq. i.ltoreq. Num, and up represents normal.
For the ith element in the functional schematic diagram of the fly-by-wire control system of the airplane, establishing a library post for the ith element, indicating the state fault of the ith element, and numbering P for the library posti.down。PiIn down, P represents a library, i represents a component number, i satisfies a condition 1. ltoreq. i.ltoreq. Num, and down represents a failure.
And 2, establishing the relation between each state normal library and each corresponding state fault library.
The library indicating that the state of each element is normal in step 1 is directed to a library site indicating that the state of each element is failed. The method comprises the following steps:
establishing a unique delay transition t for the element i with the value range of 1-NumiAnd the delay transition associated parameter is the failure rate lambda of the element ii. The element i refers to the ith element in the functional schematic diagram of the system, tiNumbering of established time-delayed transitions, lambdaiIs the failure rate of element i.
Drawing a connecting line: and drawing a connecting line between the normal state library of the element i and the delay transition of the associated parameter and a connecting line between the delay transition of the associated parameter and the state of the fault library of the element i.
And 3, establishing a library place representing the fault state of the system.
Considering the system as an element, a library P is created which represents its fault statusNum+1Down. At PNum+1In down, P denotes a library station, down denotes a failure state, and Num +1 denotes the number of the currently established library station indicating the failure state.
So far, the library for reliability analysis is constructed, wherein all Num +1 libraries representing fault states are constructed, and all Num libraries representing normal states are constructed.
And 4, connecting the library of the fault states of the elements.
According to the connection form of each element, the number P in each element is connectediAnd each station of the down, wherein the value range of i is more than or equal to 1 and less than or equal to Num +1, so as to establish a reliability model which is constructed based on the stochastic Petri network theory and has the same structure as the functional schematic diagram of the system.
When the library of the fault states of each element is connected:
the symbol In _ N represents the total number of the upstream input elements of the ith element, and In the static logic expression mode, the functional logic relationship of the ith element and N input elements In the In _ N input elements upstream of the ith element exists In three basic forms of AND or vote, wherein N is less than or equal to In _ N. With the symbol j1、j2…jnNumber of n upstream input elements in the system, j, representing the ith element1、j2…jnSatisfies the condition 1. ltoreq. j1、j2…jnNum +1 is less than or equal to. Bank post P indicating i-th element failureiDown and a library station indicating n element failures upstream of the element
Figure GDA0002227365950000041
The connection method by transient transition is divided into three cases according to three forms of and or and voting.
And 5, solving the reliability of the system by applying a Monte Carlo simulation method. The solving process is as follows:
the simulation times Sim _ N are set, and Sim _ N is set to any value greater than 0.
And establishing a variable Sim _ n for recording the simulation process, and initializing Sim _ n to be 1. And the Sim _ N is the number of times of simulation in execution, and when the Sim _ N is greater than the Sim _ N, the simulation of the established system reliability model is finished.
And establishing an array SYS for recording the system failure time in the simulation process. The number of elements in the array SYS is equal to the set simulation times Sim _ N, and the time of system failure in the 1 st simulation process and the 2 st simulation process 2 … Sim _ N is recorded in sequence.
The system state is initialized. The initial state of the system refers to that Num elements in the system are all in a normal state at the initial moment of the system. In the system reliability model established by the invention, the implementation method for initializing the system state comprises the following steps: establishing a variable T representing system timesysIs equal to 0 and is numbered PiSequentially placing a Token in each library of the up, wherein the value range of i is more than or equal to 1 and less than or equal to Num.
And sequentially obtaining delay time of all ignitable delay transitions in the system by an inverse sampling method. The method for judging whether the delayed transition is ignitable or not is shown in step 1, and the ith delayed transition t is obtained by an inverse sampling methodiDelay time X ofiThe calculation method of (2) is as follows:
i) generating random numbers U-U (0,1) which are uniformly distributed according to [0,1 ];
ii) let Xi=-InU/λi,λiFor time-delayed transition tiThe parameter (c) of (c).
And the ignition operation is carried out on the delayed transition to promote the operation of the system in the simulation process of the Sim _ n times, and the steps are as follows:
first, the obtained delay time X is comparediSorting, taking the delay transition corresponding to the minimum time, using the symbol TminAnd t' represents the minimum time and its corresponding delay transition, respectively. Secondly, ignition operation is carried out on the delayed transition t': updating system time Tsys=Tsys+TminAnd shifting the Token in the front set of the transition t 'into the rear set of the transition t'.
And (3) promoting the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the transient transition, wherein the steps are as follows:
first, a transient transition of ignitable in the system is determined, and a method for judging whether the transient transition is ignitable or not is referred to step 1. Secondly, the ignitable transient transition is subjected to an ignition operation: the tobogn in the pre-library of ignitable transient transitions is unchanged, and one tobogn is placed in each element of the post-set of ignitable transient transitions.
And circularly executing to promote the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the transient transition until any one of the following two conditions is met, and ending the operation:
condition 1: there is no ignitable transient transition in the established system reliability model;
condition 2: depot PNum+1Down exists.
According to depot PNum+1Down state, judging whether the Sim _ n simulation is finished. The judgment method comprises the following steps:
if PNum+1Down, repeating the step of sequentially obtaining delay time of all ignitable delay transitions in the system by an anti-sampling method, and continuously executing the simulation for the first Sim _ n time;
if PNum+1Down exists token, ends the Sim _ n simulation, and let Sim _ n be Sim _ n +1, let SYS [ Sim _ n [ ]]=TsysAnd repeatedly initializing the system state and starting the next simulation of the system.
After the processes ④ - ⑧ are executed in an accumulated mode for Sim _ N times, the system reliability R is counted, and the statistical formula of the reliability of the system at the time tau is as follows:
Figure GDA0002227365950000051
in the formula, delta marks whether the system fails, and when delta is 1, the system fails; when δ is 0, the system does not malfunction.
The airplane telex control system is provided with a plurality of rate gyroscopes, flight control computers, servo actuators, cockpit instruction sensors, control plane displacement sensors and control planes. The flight control system comprises a flight control computer, a flight control plane, a speed gyroscope, a cockpit instruction sensor, a control plane displacement sensor, a flight control plane controller and servo actuators, wherein the speed gyroscope, the cockpit instruction sensor and the control plane displacement sensor respectively provide speed information, driver operation instruction information and control plane position information to the flight control computer, the flight control computer calculates effective control signals according to the received information, then the control signals are respectively transmitted to the servo actuators, and finally the servo actuators jointly drive the control plane to deflect so as to control the movement of the airplane.
The representation states established for the elementsNormal library is PiUp; the library established for each element representing the state failure is Pi.down。
The transition firing rules include:
delay transition firing rule: when the delayed transition preamble set is present, the transition may ignite. An ignitable delayed transition ignition process comprising: and after a delay time, shifting the Token in the pre-set of the delay transition to the post-set, wherein the delay time obeys exponential distribution, and the parameter of the exponential distribution is equal to the parameter of the delay transition.
Transient transition firing rules: the transition may ignite when there is a token in the pre-set and no token in the post-set of transient transitions. An ignitable transient transition ignition process is: the pre-concentration of transitions does not change in the tobogn distribution, and one tobogn is placed in each element that does not have a tobogn in the ignitable transient transition post-concentration.
The functional logic relationship of AND means that the function of the ith element can be normally executed if and only if the n input elements of the ith element are all functional normally. The functional logic relationship "or" means that when any one of the n input elements of the ith element performs normally, the function of the ith element can be performed normally. The functional logic relationship "k/n voting" means that when at least k elements in the n input elements of the ith element perform normally, the function of the ith element can be performed normally.
The connection mode of the three functional logics of AND, OR and voting, and the storehouse PiDown and depot
Figure GDA0002227365950000061
Figure GDA0002227365950000062
The connection methods by transient transition are respectively as follows:
when the functional logic relationship between the ith element and n elements at the upstream of the element is AND, establishing an AND bank
Figure GDA0002227365950000063
N transient transitions in one-to-one correspondence, and drawing n directed line segments: from n libraries
Figure GDA0002227365950000064
Respectively pointing to the n established transient transitions; continuously drawing n directed line segments: respectively pointing to the libraries P by the n transient transitions establishedi.down。
When the functional logic relationship between the ith element and the n elements at the upstream of the element is OR, establishing a transient transition, and drawing n directed line segments: from depot
Figure GDA0002227365950000065
Pointing to the established transient transitions, respectively; and continuously drawing the directed line segment: directing the library P by the created transient transitionsi.down。
When the functional logic relationship between the ith element and the n input elements upstream of the element is "k/n voting", then establishing
Figure GDA0002227365950000066
And (c) instantaneous transition, wherein k is more than or equal to 1 and less than or equal to n. For a library of n input elements
Figure GDA0002227365950000067
Figure GDA0002227365950000068
From which n-k +1 banks are taken and combined, the number of combinations being
Figure GDA0002227365950000069
Is composed ofEach of the combinations is operated as follows:
i establishing a transient transition; ii, respectively drawing a directed line segment pointed by the library and instantaneously changed in the i for each library in the combination; iii drawing a transient transition point library in the IPiDown directed line segments.
The invention provides a system reliability modeling and reliability calculation method based on a functional schematic diagram of an airplane telex control system on the basis of a stochastic Petri network theory. The method can convert the functional schematic diagram of the fly-by-wire control system into the stochastic Petri network with the highly consistent topological structure and used for system reliability analysis, the Petri network can effectively avoid interference of subjective factors of modeling personnel, can correctly calculate the reliability of a static system, and has important value for improving the reliability evaluation level of a complex engineering system.
Compared with the prior art, the invention has the beneficial effects that:
(1) the operability of the model is closely related to the representation method of the model, and the representation method which is close to the physical structure and the functional schematic diagram of the system generally has better operability. The reliability modeling method provided by the invention is highly consistent with the functional schematic diagram, so that the reliability modeling method has good maneuverability in the modeling process.
FIG. 8 of the drawings is a fault propagation description of an aircraft fly-by-wire control system in an embodiment from a conventional fault tree modeling perspective; correspondingly, fig. 7 in the drawings is a description of fault propagation of an airplane fly-by-wire control system in an embodiment according to the modeling method provided by the invention. Fig. 4 is a functional schematic diagram of an aircraft fly-by-wire control system in an embodiment. Comparing fig. 7 with fig. 4, and comparing fig. 8 with fig. 4, it can be known from the two group comparison that the structure of the reliability model obtained by applying the modeling method provided by the present invention is consistent with the system functional schematic diagram, and the structure of the fault tree model obtained by the conventional modeling method is greatly different from the system structural schematic diagram. Therefore, compared with the traditional modeling method, the modeling method provided by the invention can be highly consistent with a system functional schematic diagram, and has good operability in the modeling process.
(2) The modeling method provided by the invention can completely reserve the system working principle information, avoids the reprocessing process of product development information by system analysts to a certain extent, and has more objective description on the system.
Comparing the topologies of fig. 4 and fig. 7, it can be seen that the topologies of both are completely identical. That is, the system working principle information contained in fig. 4 can be completely retained in fig. 7 constructed by the modeling method provided by the present invention, so that the "reprocessing" process of the product development information by the system analyst can be avoided in the modeling process, the description of the system is more objective, and the errors caused by human experience in the traditional modeling method can be effectively avoided.
(3) The method provided by the invention can directly convert the system function schematic diagram in the system design stage into the reliability analysis model and carry out reliability calculation, thereby effectively improving the analysis efficiency of the system reliability in the design stage and being an effective auxiliary means for the reliability analysis in the system design stage.
If the method capable of directly converting the functional space described by the system functional schematic diagram into the system fault propagation model with highly consistent topological structure exists, the evaluation efficiency of the system reliability in the system design process can be effectively improved, and the system development period is finally shortened. Compared with the graph shown in fig. 7 and fig. 8, the modeling method provided by the invention can directly convert the system function schematic diagram into the fault propagation model with highly consistent topological structure, so that the modeling method provided by the invention has the potential of improving the system design efficiency. However, when any system reliability modeling method is proposed, a corresponding reliability calculation method needs to be provided, otherwise, the proposed modeling method loses the existing significance. Therefore, aiming at the stochastic Petri network for system reliability analysis, the invention provides a system reliability simulation calculation method for calculating the stochastic Petri network model. FIG. 9 is a graph comparing the results obtained by the simulation method of the present invention with the results obtained by the conventional precise calculation method. As can be seen from the curve shown in FIG. 9, as the simulation times increase, the system reliability calculated according to the method of the present invention converges to an accurate solution, which is consistent with the law of large numbers in probability theory, and the correctness of the simulation method of the present invention is verified. Therefore, the method provided by the invention not only can directly convert the system function schematic diagram in the system design stage into the reliability analysis model, but also can effectively perform reliability simulation calculation, and has important value for improving the analysis efficiency of the system reliability in the design stage.
Drawings
FIG. 1 shows a library P when the logical relationship of the functions is ANDiDown and its pre-set connection;
FIG. 2 shows that when the functional logic relationship is "OR", the library post PiDown and its pre-set connection;
FIG. 3 shows the library P when the functional logic relationship is "voteiDown and its pre-set connection;
FIG. 4 is a functional schematic diagram of an aircraft fly-by-wire control system;
FIG. 5 is a stochastic Petri net for reliability analysis of an aircraft fly-by-wire control system;
FIG. 6 is the situation after initialization of the stochastic Petri net shown in FIG. 5;
FIG. 7 is a fault propagation portion of the stochastic Petri net shown in FIG. 5;
FIG. 8 is a fault tree for an aircraft fly-by-wire control system;
FIG. 9 is a reliability curve for an aircraft fly-by-wire control system;
fig. 10 is a flow chart of the present invention.
Detailed Description
The embodiment is a method for analyzing the reliability of an airplane telex control system based on a stochastic Petri network.
The system refers to the combination of elements having an associative relationship to each other to form an organic whole capable of performing a specific function as required.
In this embodiment, the system is an airplane fly-by-wire control system, and fig. 4 is a functional schematic diagram of the system. In fig. 4, there are 3 rate gyros, 1 flight control computer, 2 servo actuators, a left cockpit command sensor, a right cockpit command sensor, a control surface displacement sensor, and a control surface, for a total of 10 elements. The 3 rate gyros respectively provide rate information to the flight control computer, and when at least two of the 3 rate gyros work normally, the flight control computer can receive the rate information of the airplane; simultaneously with the pilotThe operating instruction can be transmitted to the flight control computer through the instruction sensor, and when the left or right cockpit instruction sensor can work normally, the flight control computer can correctly receive the operating instruction of a driver; the flight control computer calculates an effective control signal according to the speed information, the pilot operation instruction and the control plane information from the control plane displacement sensor, and then transmits the control signal to the two servo actuators respectively, and when any one of the two servo actuators can work normally, the flight control computer can drive the control plane to deflect normally; the normal deflection of the control surface indicates that the fly-by-wire control system is normal. In addition, the failure rates of the 3 rate gyros are all 3 multiplied by 10-6The failure rate of flight control computer is 5 x 10-6Failure rates of both servo actuators are 2 × 10-6The failure rates of the left and right cockpit command sensors are both 0.7 × 10-6The failure rate of the control surface displacement sensor is 0.8 multiplied by 10-6Failure rate of control surface is 2 x 10-6
In the drawing, 1 is a bold circle indicating a library station in a failure state, and the number P of the bold circle in the drawing1、P2…P11Together with ". Down" form the number in the stochastic Petri net in which the library represented by the circle is located, i.e. the number P1.down、P2.down…P11Down; 2 is an unshaped circle representing the library station of the normal state of the element, and the number P of the unshaped circle in the figure1、P2…P10Together with ". up" form the number in the stochastic Petri net in which the library represented by the circle is located, i.e. the number P1.up、P2.up…P11Up; 3 is a rectangle representing a time delay transition; 4 is a vertical line, representing a transient transition; 5 is Token in the depot; 6 is the reliability of the system shown in fig. 4 calculated by applying the simulation method of the present invention, wherein the simulation times is 1000; 7 is the reliability of the system shown in fig. 4 calculated by applying the simulation method of the present invention, wherein the simulation number is 100000; 8 is a reliability accuracy solution of the system shown in fig. 4 obtained by applying a conventional reliability analysis method; the abscissa of the graph shown in fig. 9 is the system time in units of hours, and the ordinate is the system reliability.
With reference to the drawings, the specific process of this embodiment is:
step 1, counting the number Num of elements in a functional schematic diagram of the fly-by-wire control system of the airplane, and establishing a library place for representing normal state and a library place for representing state fault for each element. Specifically, the following operations are sequentially performed for each element:
① for the ith element in the functional schematic diagram of the fly-by-wire control system, a library station indicating its normal state is established for the element, and the library station is numbered Pi.up。PiIn up, P represents a library place, i represents a component number, i satisfies a condition of 1. ltoreq. i.ltoreq. Num, and up represents normal.
② for the ith element in the functional schematic diagram of the fly-by-wire control system, a library station indicating the state fault of the element is established for the element and is numbered Pi.down。PiIn down, P represents a library, i represents a component number, i satisfies a condition 1. ltoreq. i.ltoreq. Num, and down represents a failure.
According to the functional schematic diagram of the system shown in fig. 4, the number Num of elements in this example is 10.
10 normal libraries are established, which are respectively as follows: p1.up、P2.up、P3.up、P4.up、P5.up、P6.up、P7.up、P8.up、P9Up and P10And up, which sequentially and respectively represent the normal states of a 1# rate gyro, a 2# rate gyro, a 3# rate gyro, a flight control computer, a 1# servo actuator, the work of the 2# servo actuator, a left cockpit instruction sensor, a right cockpit instruction sensor, a control surface displacement sensor and a control surface in the figure 4.
Secondly, 10 fault libraries are established, which are respectively as follows: p1.down、P2.down、P3.down、P4.down、P5.down、P6.down、P7.down、P8.down、P9Down and P10Down, which sequentially and respectively represents the fault states of the 1# rate gyro, the 2# rate gyro, the 3# rate gyro, the flight control computer, the 1# servo actuator, the 2# servo actuator, the left cockpit instruction sensor, the right cockpit instruction sensor, the control surface displacement sensor and the control surface in fig. 4.
The design purpose of the fly-by-wire control system of the airplane is to organically connect elements according to the functions of the elements from the viewpoint of function flow so as to realize the functions of the system and finally form a functional schematic diagram of the system. The functional schematic of the system refers to a description of the functional flow between the system and its constituent elements from a topological point of view. The functional schematic diagram of the system comprises nodes representing the system and the constituent elements thereof, and line segments representing the functional flow.
The library refers to a graphic element representing the state of the system and its elements in a stochastic Petri net. The random Petri network for system reliability analysis, which is constructed based on the system function schematic diagram, is a 6-tuple: SPN ═ M (P, T, F, K)0λ), SPN is an abbreviation for stochastic Petri nets, where:
(1) p refers to a collection of libraries, represented in the graph by the circle "○". The state represented by a library occurs when there is a token in the library and does not occur when there is no token in the library;
(2) t refers to a transition set, and the transition comprises two types of delay transition and transient transition. In the graph, the delayed transition and the instantaneous transition are represented by a rectangle "□" and a vertical line "|" respectively;
(3) f is a directed flow connecting the library and the transition and is represented as a directed line segment in the graph;
(4) λ is the average excitation rate set of the delayed transitions. In the stochastic Petri network, each delay transition corresponds to an average excitation rate, the rate is called as a delay transition parameter and represents the ignition times of an ignitable delay fire transition in unit time;
(5)M0the initial state of the network is the Token distribution condition of each library at the initial time of the system;
(6) p → {0,1}, K being a function of the capacity of the pools in the network, i.e., the number of Tokens that may be present in the pools in the network, P → {0,1} meaning that the number of Tokens in each pool in the network is 0 or 1.
The complete Petri net should have a definite transition firing rule. The transition ignition rule in the stochastic Petri network is as follows:
delay transition firing rule: when the delayed transition preamble set is present, the transition may ignite. An ignitable delayed transition ignition process comprising: and after a delay time, shifting the Token in the pre-set of the delay transition to the post-set, wherein the delay time obeys exponential distribution, and the parameter of the exponential distribution is equal to the parameter of the delay transition.
Transient transition firing rules: the transition may ignite when there is a token in the pre-set and no token in the post-set of transient transitions. An ignitable transient transition ignition process is: the pre-concentration of transitions does not change in the tobogn distribution, and one tobogn is placed in each element that does not have a tobogn in the ignitable transient transition post-concentration.
The pre-set and post-set are defined as follows:
let x ∈ P ∪ T be any element in SPN, let x ═ { y | (y ∈ P ∪ T) ^ ((y, x) ∈ F) } and x ═ y | (y ∈ P ∪ T) ^ ((x, y) ∈ F) }, refer to x and x as the pre-set and post-set of x, respectively.
And 2, establishing the relation between each state normal library and each corresponding state fault library.
The library indicating that the state of each element is normal in step 1 is directed to a library site indicating that the state of each element is failed. The method comprises the following steps:
① for the element i whose value range is 1-Num, a unique delay transition t is establishediAnd the delay transition associated parameter is the failure rate lambda of the element ii. The element i refers to the ith element in the functional schematic diagram of the system, tiNumbering of established time-delayed transitions, lambdaiIs the failure rate of element i.
②, drawing the connection between the normal state library of the element i and the delay transition of the associated parameter, and the connection between the delay transition of the associated parameter and the state of the failure library of the element i.
In this embodiment, the operation process of step 2 is as follows:
① in FIG. 4, the serial numbers of 10 elements of the 1# rate gyro, the 2# rate gyro, the 3# rate gyro, the flight control computer, the 1# servo actuator, the 2# servo actuator, the left cockpit instruction sensor, the right cockpit instruction sensor, the control surface displacement sensor and the control surface are 1, 2, 3, 4, 5,6, 7, 8, 9 and 10 in turn, and corresponding time delay transition t is respectively established in turn for each element of the 1# rate gyro, the 2# rate gyro, the 3# rate gyro, the flight control computer, the 1# servo actuator, the 2# servo actuator, the left cockpit instruction sensor, the right cockpit instruction sensor, the control surface displacement sensor and the control surface1、t2、t3、t4、t5、t6、t7、t8、t9And t10And respectively associating the fault rates of corresponding elements for 10 time-delay transitions, wherein the fault rates of the 1# rate gyroscope, the 2# rate gyroscope, the 3# rate gyroscope, the flight control computer, the 1# servo actuator, the 2# servo actuator, the left cockpit instruction sensor, the right cockpit instruction sensor, the control surface displacement sensor and the control surface are lambda in sequence1=3×10-6、λ2=3×10-6、λ3=3×10-6、λ4=5×10-6、λ5=2×10-6、λ6=2×10-6、λ7=0.7×10-6、λ8=0.7×10-6、λ9=0.8×10-6And λ10=2×10-6. Therefore, for the time-delayed transition t1、t2、t3、t4、t5、t6、t7、t8、t9And t10The associated parameters are respectively lambda1=3×10-6、λ2=3×10-6、λ3=3×10-6、λ4=5×10-6、λ5=2×10-6、λ6=2×10-6、λ7=0.7×10-6、λ8=0.7×10-6、λ9=0.8×10-6And λ10=2×10-6
② for a rate 1 gyro,drawing places P1Up pointing to transition t1And drawing from the transition t1Point to the depot P1Down connection. For 2# Rate Gyroscope, plot library P2Up pointing to transition t2And drawing from the transition t2Point to the depot P2Down connection. For 3# Rate Gyroscope, plot library P3Up pointing to transition t3And drawing from the transition t3Point to the depot P3Down connection. For flight control computer, draw institute P4Up pointing to transition t4And drawing from the transition t4Point to the depot P4Down connection. For # 1 Servo actuator, draw library P5Up pointing to transition t5And drawing from the transition t5Point to the depot P5Down connection. For # 2 Servo actuator, draw library P6Up pointing to transition t6And drawing from the transition t6Point to the depot P6Down connection. For the left cockpit command sensor, draw the place of storage P7Up pointing to transition t7And drawing from the transition t7Point to the depot P7Down connection. For the right cockpit command sensor, draw the place of storage P8Up pointing to transition t8And drawing from the transition t8Point to the depot P8Down connection. For the control surface displacement sensor, a place P is drawn9Up pointing to transition t9And drawing from the transition t9Point to the depot P9Down connection. For the control surface, drawing a place P10Up pointing to transition t10And drawing from the transition t10Point to the depot P10Down connection.
And 3, establishing a library place representing the fault state of the system.
Considering the system as an element, a library P is created which represents its fault statusNum+1Down. At PNum+1In down, P denotes a library station, down denotes a failure state, and Num +1 denotes the number of the currently established library station indicating the failure state.
So far, the library for reliability analysis is constructed, wherein all Num +1 libraries representing fault states are constructed, and all Num libraries representing normal states are constructed.
In this embodiment, the fly-by-wire control system is considered as an element, and a library P representing the fault status of the fly-by-wire control system is established11Down. At present, all 11 banks representing fault states are established, all 10 banks representing normal states of elements are established, and 21 banks are calculated. Thus far, in the present embodiment, a library for reliability analysis is constructed.
And 4, connecting the library of the fault states of the elements.
According to the connection form of each element, the number P in each element is connectediThe value range of i in each down library is more than or equal to 1 and less than or equal to Num + 1. The symbol In _ N represents the total number of the upstream input elements of the ith element, and In the static logic expression mode, the functional logic relationship of the ith element and N input elements In the In _ N input elements upstream of the ith element exists In three basic forms of AND or vote, wherein N is less than or equal to In _ N. With the symbol j1、j2…jnNumber of n upstream input elements in the system, j, representing the ith element1、j2…jnSatisfies the condition 1. ltoreq. j1、j2…jnNum +1 is less than or equal to. The connection method is divided into the following three cases according to three forms of AND or AND voting:
1) when the functional logic relationship between the ith element and n elements at the upstream of the element is AND, establishing an AND bank
Figure GDA0002227365950000121
N transient transitions in one-to-one correspondence, and drawing n directed line segments: from n libraries
Figure GDA0002227365950000122
Respectively pointing to the n established transient transitions; continuously drawing n directed line segments: respectively pointing to the libraries P by the n transient transitions establishediDown. Figure 1 shows a functional logicIf the edit relation is AND and n is 3, the library PiDown and its preamble.
The functional logic relationship is AND, which means that the function of the i-th element can be normally executed if and only if the n input elements of the i-th element are all functional normally.
2) When the functional logic relationship between the ith element and the n elements at the upstream of the element is OR, establishing a transient transition, and drawing n directed line segments: from depot
Figure GDA0002227365950000123
Pointing to the established transient transitions, respectively; and continuously drawing the directed line segment: directing the library P by the created transient transitionsiDown. FIG. 2 shows the library P with the logical relationship "OR" and n equal to 3iDown and its preamble.
The functional logic relationship is "or" means that when any one of the n input elements of the ith element performs normally, the function of the ith element can be performed normally.
3) When the functional logic relationship between the ith element and the n input elements upstream of the element is "k/n voting", then establishing
Figure GDA0002227365950000131
And (c) instantaneous transition, wherein k is more than or equal to 1 and less than or equal to n. For a library of n input elements
Figure GDA0002227365950000132
From which n-k +1 banks are taken and combined, the number of combinations being
Figure GDA0002227365950000134
Is composed ofEach of the combinations is operated as follows:
i) building (2)Setting up a transient transition; ii) drawing a directed line segment pointed by the library and instantaneously transitioned in i) for each library in the combination; iii) drawing a library P pointed to by the transient transitions in i)iDown directed line segments.
FIG. 3 shows that when the functional logic relationship is "2/3 vote", the library post PiDown and its preamble.
The function logic relationship is "k/n voting", which means that when at least k elements in the n input elements of the ith element perform normally, the function of the ith element can be performed normally.
In addition, when n is equal to 1, the three logic of and, or and voting are equivalent, so that the three connection methods described in the three cases of and, or and voting are completely equivalent, and the connection operation can be performed on the ith element and the upstream input element thereof in any one of the three cases.
And establishing a reliability model which is constructed based on the stochastic Petri network theory and has the same structure as the functional schematic diagram of the system.
For this embodiment, the specific implementation process described in step 4 is as follows:
in the functional schematic diagram of the flight control computer system shown in fig. 4, the flight control computer and three input elements 1 in its upstream: 1# rate sensor, element 2: 2# rate sensor and element 3: the functional logic relationship of the 3# rate sensor is 2/3 voting, when n is 3 and k is 2, and according to the condition that the functional logic relationship between the ith element and the n input elements upstream of the element is "k/n voting", the method establishes
Figure GDA0002227365950000136
The principle of transient transition is established
Figure GDA0002227365950000137
And (4) transient transition. For a library P of 3 input elements1.down、P2Down and P3Down, combining 2 libraries from it, the number of combinations being
Figure GDA0002227365950000138
The combination of 3 is as follows in sequence: { P2.down、P3.down}、{P1.down、P3Down and { P1.down、P2.down}。
For combination 1{ P2.down、P3Down } the following operations are performed:
i) establishing a transient transition t11(ii) a ii) to the depository P2Down and P3Down, respectively drawing a transition t pointed by the library11A directed line segment of (a); iii) drawing a transition t11Point to the depot P4Down directed line segments.
Is a combination of 2{ P1.down、P3Down } the following operations are performed:
i) establishing a transient transition t12(ii) a ii) to the depository P1Down and P3Down, respectively drawing a transition t pointed by the library12A directed line segment of (a); iii) drawing a transition t12Point to the depot P4Down directed line segments.
Is a combination of 3{ P1.down、P2Down } the following operations are performed:
i) establishing a transient transition t13(ii) a ii) to the depository P1Down and P2Down, respectively drawing a transition t pointed by the library13A directed line segment of (a); iii) drawing a transition t13Point to the depot P4Down directed line segments.
The flight control computer has two input element elements 7 in its upstream: left cockpit command sensor and element 8: the functional logic relationship of the right cockpit command sensor is or, at the time, n is 2, and an instantaneous transition is established according to the principle that when the functional logic relationship between the ith element and n elements at the upstream of the ith element is or, an instantaneous transition is established, and n directed line segments are drawn: transient transition t as shown in FIG. 514Drawing 2 directed line segments: by depot P indicating failure of command sensor of left cockpit7Down pointing to transition t14Directed line segment of (2) and a library P of indications of right cockpit command sensor faults8Down pointing to transition t14Directed line segment ofAnd continuously drawing the directed line segment: from transition t14To a depot P indicating a fault in the flight control computer4.down。
The flight control computer and an input element 9 in its upstream: the functional logic relationship of the control surface displacement sensor is any one of AND logic or 1/1 voting logic. At the moment, n is equal to 1, and according to the principle that the three logic equivalence of AND and voting is realized when n is equal to 1, a library post P which represents the fault of the flight control computer by establishing transient transition connection according to any one connection method of the three conditions that the function logic is AND or AND voting4Down and a library P indicating a failure of a component 99Down. Here, the library P is connected to the time base according to the function logic relationship4Down and depot P9Down for the connection. Based on the logical relationship between the ith element and n elements upstream of the ith element, an AND bank is established
Figure GDA0002227365950000141
The principle of n transient transitions in one-to-one correspondence requires the establishment of a place P 91 transient transition corresponding to down: transient transition t as shown in FIG. 515 Drawing 1 directed line segment: from depot P9Down pointing to the established transient transition t15(ii) a Continuously drawing 1 directed line segment: transient transition t established by said15Point to the depot P4.down。
Storehouse P for indicating flight control computer fault4Down is connected to its preamble in the manner shown in figure 5.
In fig. 4, there are only 1 input element in the # 1 servo actuator: and (3) a flight control computer, wherein n is 1, and the flight control computer and an input element 9 in the upstream are as follows: method for establishing transient migration and drawing connecting line for control surface displacement sensor and establishing transient migration t16Drawing a connecting line: by depot representing flight control computer failure4Down pointing to transition t16Drawing a connecting line: from transition t16Pointing to a depot P representing a # 1 servo actuator failure5.down。
In FIG. 4, 2# servoThere are only 1 input element to the actuator: and (3) a flight control computer, wherein n is 1, and the flight control computer and an input element 9 in the upstream are as follows: method for establishing transient migration and drawing connecting line for control surface displacement sensor and establishing transient migration t17Drawing a connecting line: by depot representing flight control computer failure4Down pointing to transition t17Drawing a connecting line: from transition t17Directing a library P representing a # 2 servo actuator failure6.down。
In fig. 4, there are 2 input elements to the control surface: the control surface and the function logic relationship of 2 input elements are in an OR state, n is 2, and an instant transition is established according to the principle that when the function logic relationship of the ith element and n elements at the upstream of the element is in the OR state, n directional line segments are drawn: transient transition t as shown in FIG. 518Drawing 2 directed line segments: by the depot P indicating failure of # 1 servo actuator5Down pointing to transition t18And a library P indicating 2# servo actuator failure6Down pointing to transition t18Continuously drawing the directed line segment: from transition t18To a depot P indicating failure of the control surface10.down。
According to the fact that the control surface can deflect normally, the fact that the telex control system is normal is indicated, when the system is regarded as one element, only 1 input element exists in the system: the control plane, where n is 1, is determined by the flight control computer and an input element 9 in the upstream of the flight control computer: method for establishing transient migration and drawing connecting line for control surface displacement sensor and establishing transient migration t19Drawing a connecting line: by depot indicating failure of control surface P10Down pointing to transition t19Drawing a connecting line: from transition t19Pointing to a depot P representing a system failure11.down。
In fig. 4, there are only 1 input element of the control surface displacement sensor: the control plane, where n is 1, is determined by the flight control computer and an input element 9 in the upstream of the flight control computer: the control surface displacement sensor establishes instantaneous transition and drawsMethod of line, establishing a transient transition t20Drawing a connecting line: by depot indicating failure of control surface P10Down pointing to transition t20Drawing a connecting line: from transition t20To a depot P indicating failure of a control surface displacement sensor9.down。
So far, the establishment of the reliability model which is constructed based on the stochastic Petri network theory and has the same structure as the functional schematic diagram of the system is completed, as shown in FIG. 5.
And 5, solving the reliability of the system by applying a Monte Carlo simulation method. The solving process is as follows:
① sets the simulation times Sim _ N to any value greater than 0.
②, a variable Sim _ N for recording simulation process is established, Sim _ N is initialized to be 1, the Sim _ N is the number of times of simulation is executed, and when Sim _ N is larger than Sim _ N, the simulation of the established system reliability model is finished.
③, establishing an array SYS for recording the system failure time in the simulation process, wherein the number of elements in the array SYS is equal to the set simulation times Sim _ N, and sequentially recording the system failure time in the 1 st and 2 … Sim _ N simulation processes.
④ initializing the system state, which means that Num elements in the system are all in normal state at the initial time of the system, in the system reliability model established by the invention, the implementation method for initializing the system state comprises establishing a variable T representing the system timesysIs equal to 0 and is numbered PiSequentially placing a Token in each library of the up, wherein the value range of i is more than or equal to 1 and less than or equal to Num.
⑤ obtaining delay time of all ignitable delay transitions in the system by inverse sampling method, the method for judging whether the delay transitions are ignitable is referred to step 1, the ith delay transition t is obtained by inverse sampling methodiDelay time X ofiThe calculation method of (2) is as follows:
i) generating random numbers U-U (0,1) which are uniformly distributed according to [0,1 ];
ii) let Xi=-InU/λi,λiFor time-delayed transition tiThe parameter (c) of (c).
⑥, the system is operated in the Sim _ n simulation process by igniting the delay transition, the steps are as follows:
first, the obtained delay time X is comparediSorting, taking the delay transition corresponding to the minimum time, using the symbol TminAnd t' represents the minimum time and its corresponding delay transition, respectively. Secondly, ignition operation is carried out on the delayed transition t': updating system time Tsys=Tsys+TminAnd shifting the Token in the front set of the transition t 'into the rear set of the transition t'.
⑦ the system is operated in the Sim _ n simulation process by igniting the transient transition, the steps are as follows:
first, a transient transition of ignitable in the system is determined, and a method for judging whether the transient transition is ignitable or not is referred to step 1. Secondly, the ignitable transient transition is subjected to an ignition operation: the pre-concentration of transitions does not change in the tobogn distribution, and one tobogn is placed in each element that does not have a tobogn in the ignitable transient transition post-concentration.
And circularly executing to promote the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the transient transition until any one of the following two conditions is met, and ending the operation:
condition 1: there is no ignitable transient transition in the established system reliability model;
condition 2: depot PNum+1Down exists.
⑧ according to depot PNum+1Down state, judging whether the Sim _ n simulation is finished. The judgment method comprises the following steps:
if PNum+1Down, repeating the step of sequentially obtaining delay time of all ignitable delay transitions in the system by an anti-sampling method, and continuously executing the simulation for the first Sim _ n time;
if PNum+1Down exists token, ends the Sim _ n simulation, and let Sim _ n be Sim _ n +1, let SYS [ Sim _ n [ ]]=TsysRepeatedly initializing system state and starting next simulation of systemTrue.
⑨, after the processes ④ - ⑧ are executed in an accumulated mode for Sim _ N times, the system reliability R is counted, and the statistical formula of the reliability of the system at the time tau is as follows:
Figure GDA0002227365950000171
in the formula, delta marks whether the system fails, and when delta is 1, the system fails; when δ is 0, the system does not malfunction.
In this embodiment, the specific implementation process of step 5 is as follows:
① sets the simulation number Sim _ N to 10.
② sets up a variable Sim _ n that records the simulation history and initializes Sim _ n to 1.
③ sets up an array SYS [10] that records the time to failure of the system during the simulation.
④ initialize the system state, a variable T representing the system time is establishedsys0, and is in depot P1.up、P2.up、P3.up、P4.up、P5.up、P6.up、P7.up、P8.up、P9Up and P10One token is placed in sequence in the up. The initialized system is shown in fig. 6.
⑤ the delay time of all ignitable delay transitions in the system is obtained in turn by an inverse sampling method.
For ignitable time-delayed transitions tiCalculating the delay time X thereofiThe implementation method comprises the following steps:
i) generating random numbers U-U (0,1) which are uniformly distributed according to [0,1 ];
ii) let Xi=-InU/λi,λiFor time-delayed transition tiThe parameter (c) of (c).
When random numbers U-U (0,1) which obey [0,1] uniform distribution are generated, the random numbers which obey [0,1] uniform distribution can be generated by applying matlab and C programming software. In this embodiment, C programming software is used to perform random number extraction. Since the method proposed by the present invention is based on random sampling, the random number obtained by each sampling may be different. In this embodiment, the method of the present invention is illustrated by way of example only with respect to one possible sampling result, which is illustrative of the present invention and not limiting.
According to the step 1, the method for judging whether the delayed transition is ignitable or not is as follows: when the delayed transition preamble set is present, the transition may ignite. Current system time TsysTime delay transition t ═ 0iP, wherein i takes the values 1, 2 … 10 in turn, so that t1~t10A total of 10 delay transitions can be fired.
A delay time is extracted for each ignitable time-delayed transition, with the following results:
for ignitable time-delayed transitions t1I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.41368; ii) let X1=-In0.41368/λ1=-In0.41368/3×10-6=127778.49;
For ignitable time-delayed transitions t2I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.725871; ii) let X2=-In0.725871/λ2=-In0.725871/3×10-6=46380.18;
For ignitable time-delayed transitions t3I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.225378; ii) let X3=-In0.225378/λ3=-In0.225378/3×10-6=215696.16;
For ignitable time-delayed transitions t4I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.198322; ii) let X4=-In0.198322/λ4=-In0.198322/5×10-6=140525.82;
For ignitable time-delayed transitions t5I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.829819; ii) let X5=-In0.829819/λ5=-In0.829819/2×10-6=40508.31;
For ignitable time-delayed transitions t6I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.915635; ii) let X6=-In0.915635/λ6=-In0.915635/2×10-6=19138.81;
For ignitable time-delayed transitions t7I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.324589; ii) let X7=-In0.324589/λ7=-In0.324589/0.7×10-6=698094.57;
For ignitable time-delayed transitions t8I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.018562; ii) let X8=-In0.018562/λ8=-In0.018562/0.7×10-6=2473393.19;
For ignitable time-delayed transitions t9I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.637526; ii) let X9=-In0.637526/λ9=-In0.637526/0.8×10-6=244377.62;
For ignitable time-delayed transitions t10I) random decimation obeys [0,1]The uniformly distributed random numbers are 0.397021; ii) let X10=-In0.397021/λ10=-In0.397021/2×10-6=200593.26。
⑥ ignition operation on the delayed transition facilitates operation of the system during the 1 st simulation when Sim _ n is equal to.
The minimum ignitable time obtained by extracting a delay time for each ignitable time delay transition is 19138.81, the minimum time corresponding to the time delay transition being t6To t6Carrying out an ignition operation: updating system time Tsys=Tsys+ 19138.81-0 + 19138.81-19138.81, transition t6Front set P6Token transfer-in transition t in up6Postset P of6In down.
⑦ ignition operation on ignitable transient transitions facilitates operation of the system during 1 st simulation of Sim _ n.
The condition for determining whether the transient transition is ignitable is that when there is a Token in the pre-set and there is no Token in the post-set of the transient transition, the transient transition is ignitable, and when the ignition operation for the delayed transition is performed in step ⑥, the operation of the system in the simulation process where the Sim _ n is 1 is promotedAfter the line is finished, the current Tsys=19138.81,PiOnly P in the down library6Down, where i is greater than or equal to 1 and less than or equal to 11, and the instantaneous transition t is known according to the ignitable judgment condition of the instantaneous transition11~t20And all the devices are not ignitable, the ending condition 1 is met, namely, the established system reliability model does not have ignitable transient transition, so that the ignition operation on the ignitable transient transition is ended to push the system to run in the simulation process of 1 st time (Sim _ n).
⑧ according to depot P11Down state, whether the 1 st simulation is finished or not is judged.
Current depot P11Down, without Token, to successively obtain delay times of all ignitable delay transitions in the system by an inverse sampling method, and continuing to execute the 1 st simulation until the depot P11When there is a token in the down, the 1 st simulation ends with the Sim _ n being 1: sim _ n +1 is 2, let SYS [ Sim _ n ═ 2]=Tsys. The process is finished, the system is switched to the initialized state, and the 2 nd simulation of the system is started.
⑨ repeating the process ④ - ⑧ to accumulate and execute Sim _ N10 times, and then counting the system reliability according to the array SYS.
After 10 times of simulation is performed on the present embodiment by applying the processes ① to ⑨ of the present step, the 10 data in the array SYS are sequentially {25792.78,575975.40,483755.57,201469.86,83803.35,60638.59,65332.32,180655.60,96740.00,1030240.37 }.
By statistical formula of the reliability of the system at the time tau:
Figure GDA0002227365950000191
the reliability of the system at the time tau is obtained as follows:
number of data less than or equal to τ in R (τ) ═ 1-array SYS ÷ total number of times of simulation Sim _ N
If τ is 100000, the data less than 100000 in the array SYS is 25792.78, 83803.35,60638.59,65332.32 and 96740.00, which are 5 in total, so that R (τ is 100000) is 1-5 ÷ 10 ═ 0.5.
In the above, the method for determining the reliability of the system by using the statistical formula of the reliability of the system at the time τ is described by taking Sim _ N as 10 and τ as 100000 as examples.
The method provided by the invention is based on random sampling, so that when the Monte Carlo simulation method is used for solving the system reliability, the system reliability obtained by different analysts is slightly different. However, according to the theorem of majorities, as the simulation times Sim _ N increase, the reliability of the system obtained necessarily converges to the true solution. FIG. 9 is a graph of the reliability of the system over time when Sim _ N takes different values.
Therefore, simulation calculation of the electric reliability of the fly-by-wire control system of the airplane is completed.
As can be seen from the curve shown in fig. 9, as the simulation times increase, the reliability of the system calculated according to the method of the present invention converges to a stable value, which is the true solution. In order to verify the correctness and superiority of the method of the present invention, the present embodiment is analyzed by applying the existing fault tree analysis method.
First, according to the existing fault tree construction method, a fault tree constructed for the telex aircraft telex control system according to the present embodiment is shown in fig. 8. In FIG. 8, XiA bottom event indicating that the ith element in the system fails, wherein i is more than or equal to 1 and less than or equal to 10; g1 represents an intermediate event of failure of the rate gyro subsystem consisting of element 1, element 2 and element 3; g2 represents an intermediate event of failure of the servo actuation subsystem consisting of element 5 and element 6; g3 represents an intermediate event of failure of the cockpit command sensor subsystem formed by element 7 and element 8; g4 represents an intermediate event of an anomaly in the external cross-link signal received by the flight control computer; top event T represents a failure of the fly-by-wire aircraft fly-by-wire control system described in this embodiment.
Essentially, the fault tree shown in fig. 8 describes the fault propagation process of the system through logic gates, and correspondingly, the stochastic Petri net for the system reliability analysis proposed by the present invention is through PiDown class depot, PiTransient transitions between down libraries and directed line segment pair systemThe barrier propagation process is described as shown in fig. 7.
Comparing fig. 7 with fig. 4, and comparing fig. 8 with fig. 4, it can be known from the two group comparison that the structure of the reliability model obtained by applying the modeling method provided by the present invention is consistent with the system functional schematic diagram, and the structure of the fault tree model obtained by the conventional modeling method is greatly different from the system structural schematic diagram. Therefore, compared with the traditional modeling method, the stochastic Petri network model for the system reliability analysis can completely retain the system working principle information, so that the reprocessing process of product development information by system analysts can be avoided in the modeling process, the description of the system is more objective, and errors caused by manual experience in the traditional modeling method can be effectively avoided.
Secondly, according to the fault tree analysis method, the calculation formula of the reliability R (tau) of the system at the time of tau is as follows:
R(τ)=R(G2)R(G4)R4R10
wherein R (G2) ═ 1- (1-R)5)(1-R6),R(G4)=R(G1)R(G3)R9;R(G3)=1-(1-R7)(1-R8);
Figure GDA0002227365950000201
Symbol RiThe reliability of the ith element in the system is referred to, and the calculation formula is as follows:
Figure GDA0002227365950000202
τ is the system time, λiIs the failure rate of element i.
Adopting a system reliability calculation formula R (tau) ═ R (G2) R (G4) R4R10The system reliability of the system at 30 times, such as 100 and 200 … 3000, can be calculated, and the calculation result is shown in fig. 9.
Comparing the calculation result of the fault tree analysis method in fig. 9 with the calculation result of the simulation method of the present invention, it can be known that the reliability model provided by the present invention can be correctly calculated by the simulation method provided by the present invention as the simulation times increase. Therefore, the method provided by the invention not only can directly convert the system function schematic diagram in the system design stage into the reliability analysis model, but also can effectively perform reliability simulation calculation, and has important value for improving the analysis efficiency of the system reliability in the design stage.

Claims (3)

1. A reliability analysis method for an airplane telex control system is characterized by comprising the following specific processes:
step 1, counting the number Num of elements:
the number Num of the statistical elements is the number Num of the statistical elements in the functional schematic diagram of the fly-by-wire control system of the airplane, and a library station for representing normal state and a library station for representing state fault are established for each element; specifically, the following operations are sequentially performed for each element:
for the ith element in the functional schematic diagram of the fly-by-wire control system of the airplane, establishing a library station for the ith element, indicating the normal state of the ith element, and numbering P for the library stationi.up;PiIn the up, P represents a library place, i represents a component serial number, i satisfies the condition that i is more than or equal to 1 and less than or equal to Num, and up represents normal;
for the ith element in the functional schematic diagram of the fly-by-wire control system of the airplane, establishing a library post for the ith element, indicating the state fault of the ith element, and numbering P for the library posti.down;PiIn down, P represents a library station, i represents a component serial number, i satisfies a condition 1 ≤ i ≤ Num, and down represents a fault;
step 2, establishing the relation between each state normal library and each corresponding state fault library:
the library which shows that the state of each element is normal in the step 1 is pointed to a library place which shows that the state of each element is failed; the method comprises the following steps: establishing a unique delay transition t for the element i with the value range of 1-NumiAnd the delay transition associated parameter is the failure rate lambda of the element ii
Drawing a connecting line: drawing a connecting line between the normal state library of the element i and the delay transition of the associated parameter and a connecting line between the delay transition of the associated parameter and the state of the fault library of the element i;
step 3, establishing a library place representing the system fault state:
considering the system as an element, a library P is created which represents its fault statusNum+1Down; at PNum+1In down, P represents a library station, down represents a fault state, and Num +1 represents the number of the currently established library station representing the fault state;
so far, the construction of a library for reliability analysis is completed, wherein the number of the built libraries which represent fault states is all Num +1, and the number of the built libraries which represent normal states is all Num;
step 4, connecting the library places of the fault states of all the elements;
according to the connection form of each element, the number P in each element is connectediEach station of the down, wherein the value range of i is more than or equal to 1 and less than or equal to Num +1, so as to establish a reliability model which is constructed based on a random Petri network theory and has the same structure with a system functional schematic diagram;
when the library of the fault states of each element is connected:
the symbol In _ N represents the total number of the upstream input elements of the ith element, and In the static logic expression mode, the functional logic relationship between the ith element and N input elements In the In _ N input elements upstream of the ith element exists In three basic forms of AND or vote, wherein N is less than or equal to In _ N; with the symbol j1、j2…jnNumber of n upstream input elements in the system, j, representing the ith element1、j2…jnSatisfies the condition 1. ltoreq. j1、j2…jnNum +1 or less; bank post P indicating i-th element failureiDown and a library station indicating n element failures upstream of the element
Figure FDA0002227365940000021
Figure FDA0002227365940000022
The connection method through instantaneous transition is divided into three conditions according to and or and voting;
the functional logic relationship of AND means that the function of the ith element can be normally executed if and only if the n input elements of the ith element are all functional normally; the functional logic relationship "or" means that when any one of the n input elements of the ith element performs normally, the function of the ith element can be performed normally;
step 5, solving the system reliability by applying a Monte Carlo simulation method:
the solving process is as follows:
setting simulation times Sim _ N, wherein Sim _ N is set to any value larger than 0;
establishing a variable Sim _ n for recording a simulation process, and initializing the Sim _ n to be 1; the Sim _ N is the number of times of simulation in execution, and when the Sim _ N is greater than the Sim _ N, the simulation of the established system reliability model is finished;
establishing an array SYS for recording system failure time in the simulation process; the number of elements in the array SYS is equal to the set simulation times Sim _ N, and the time of system failure in the 1 st simulation process and the 2 st simulation process 2 … Sim _ N is recorded in sequence;
initializing a system state; the system initial state refers to that at the system initial moment, Num elements in the system are all in a normal state; in the system reliability model established by the invention, the implementation method for initializing the system state comprises the following steps: establishing a variable T representing system timesysIs equal to 0 and is numbered PiSequentially placing a Token in each warehouse of the up, wherein the value range of i is more than or equal to 1 and less than or equal to Num;
sequentially obtaining delay time of all ignitable delay transitions in the system by an inverse sampling method; the method for judging whether the time delay transition can be ignited or not comprises the following steps:
delay transition firing rule: when the delay transition prefix set exists in the Token, the transition can be ignited; an ignitable delayed transition ignition process comprising: after a delay time, shifting the Token in the pre-set of the delay transition to a post-set, wherein the delay time obeys exponential distribution, and the parameter of the exponential distribution is equal to the parameter of the delay transition;
obtaining the ith delay transition t by an inverse sampling methodiDelay time X ofiThe calculation method of (2) is as follows:
i) generating random numbers U-U (0,1) which are uniformly distributed according to [0,1 ];
ii) let Xi=-InU/λi,λiFor time-delayed transition tiThe parameters of (1);
and the ignition operation is carried out on the delayed transition to promote the operation of the system in the simulation process of the Sim _ n times, and the steps are as follows:
first, the obtained delay time X is comparediSorting, taking the delay transition corresponding to the minimum time, using the symbol TminAnd t' respectively represents the minimum time and the corresponding time delay transition; secondly, ignition operation is carried out on the delayed transition t': updating system time Tsys=Tsys+TminMoving the Token in the front set of the transition t 'into the rear set of the transition t';
and (3) promoting the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the transient transition, wherein the steps are as follows:
firstly, determining the transient transition which can be ignited in the system, wherein the method for judging whether the transient transition can be ignited or not comprises the following steps: transient transition firing rules: when the prepositive set of the transient transition has the Token and the postpositive set has the elements without the Token, the transient transition can be ignited; an ignitable transient transition ignition process is: the distribution of the front centralized Token of the transition is not changed, and one Token is placed in each element without the Token in the ignitable instantaneous transition rear centralized;
secondly, the ignitable transient transition is subjected to an ignition operation: placing a Token in each element of an ignitable transient transition postset without changing the Token in the front-end library of the ignitable transient transition;
and circularly executing to promote the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the transient transition until any one of the following two conditions is met, and ending the operation:
condition 1: there is no ignitable transient transition in the established system reliability model;
condition 2: depot PNum+1Down exists in tokken;
according to depot PNum+1Judging whether the simulation of the Sim _ n th time is finished or not according to the down state; the judgment method comprises the following steps:
if PNum+1Down, repeating the step of sequentially obtaining delay time of all ignitable delay transitions in the system by an anti-sampling method, and continuously executing the simulation for the first Sim _ n time;
if PNum+1Down exists token, ends the Sim _ n simulation, and let Sim _ n be Sim _ n +1, let SYS [ Sim _ n [ ]]=TsysRepeatedly initializing the system state and starting the next simulation of the system;
sequentially obtaining delay time of all ignitable delay transitions in the system for initializing the system state by an inverse sampling method, promoting the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the delay transitions, promoting the operation of the system in the simulation process of the Sim _ n times by carrying out ignition operation on the instantaneous transitions and according to the place P of the libraryNum+1Judging whether the simulation of the Sim _ n th time is finished or not according to the down state;
after the Sim _ N times of accumulated execution, counting the system reliability R; the statistical formula of the reliability of the system at the time tau is as follows:
Figure FDA0002227365940000041
in the formula, delta marks whether the system fails, and when delta is 1, the system fails; when δ is 0, the system does not malfunction.
2. The method for analyzing the reliability of the fly-by-wire control system of an aircraft according to claim 1, wherein a plurality of rate gyros, flight control computers, servo actuators, cockpit command sensors, control surface displacement sensors, and control surfaces are present in the fly-by-wire control system; the flight control system comprises a flight control computer, a flight control plane, a speed gyroscope, a cockpit instruction sensor, a control plane displacement sensor, a flight control plane controller and servo actuators, wherein the speed gyroscope, the cockpit instruction sensor and the control plane displacement sensor respectively provide speed information, driver operation instruction information and control plane position information to the flight control computer, the flight control computer calculates effective control signals according to the received information, then the control signals are respectively transmitted to the servo actuators, and finally the servo actuators jointly drive the control plane to deflect so as to control the movement of the airplane.
3. The method for analyzing the reliability of the fly-by-wire control system of an aircraft according to claim 1, wherein the connection mode of the three functional logics of AND OR AND voting is a storehouse PiDown and depotThe connection methods by transient transition are respectively as follows:
when the functional logic relationship between the ith element and n elements at the upstream of the element is AND, establishing an AND bankN transient transitions in one-to-one correspondence, and drawing n directed line segments: from n libraries
Figure FDA0002227365940000044
Respectively pointing to the n established transient transitions; continuously drawing n directed line segments: respectively pointing to the libraries P by the n transient transitions establishedi.down;
When the functional logic relationship between the ith element and the n elements at the upstream of the element is OR, establishing a transient transition, and drawing n directed line segments: from depot
Figure FDA0002227365940000045
Pointing to the established transient transitions, respectively; and continuously drawing the directed line segment: directing the library P by the created transient transitionsi.down;
When the functional logic relationship between the ith element and the n input elements upstream of the element is "k/n voting", then establishing
Figure FDA0002227365940000046
Instantaneous transition, where k is greater than or equal to 1 and less than or equal to n; for a library of n input elements
Figure FDA0002227365940000047
Figure FDA0002227365940000048
From which n-k +1 banks are taken and combined, the number of combinations beingIs composed ofEach of the combinations is operated as follows:
i) establishing an instantaneous transition; ii) drawing a directed line segment pointing to the instant transition in the i from the library for each library in the combination; iii) drawing a library P pointed to by the transient transition in iiDown directed line segments.
CN201610969751.3A 2016-11-07 2016-11-07 Reliability analysis method for airplane telex control system Expired - Fee Related CN106599352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610969751.3A CN106599352B (en) 2016-11-07 2016-11-07 Reliability analysis method for airplane telex control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610969751.3A CN106599352B (en) 2016-11-07 2016-11-07 Reliability analysis method for airplane telex control system

Publications (2)

Publication Number Publication Date
CN106599352A CN106599352A (en) 2017-04-26
CN106599352B true CN106599352B (en) 2020-02-14

Family

ID=58590750

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610969751.3A Expired - Fee Related CN106599352B (en) 2016-11-07 2016-11-07 Reliability analysis method for airplane telex control system

Country Status (1)

Country Link
CN (1) CN106599352B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107766610B (en) * 2017-09-08 2021-12-24 中国飞行试验研究院 Civil aircraft airworthiness approval test flight reliability monitoring method
CN109508260B (en) * 2018-10-31 2021-11-12 西北工业大学 Reliability modeling and analyzing method for self-repairing processor to lockstep system
CN110135040B (en) * 2019-05-04 2022-08-16 西北工业大学 3K planetary reducer reliability evaluation method based on neural network
CN110489862A (en) * 2019-08-19 2019-11-22 重庆大学 A kind of complex electromechanical systems life-span prediction method
CN112699492B (en) * 2021-01-08 2023-09-15 北京空间飞行器总体设计部 Space station life guarantee and extension method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104298843A (en) * 2014-05-22 2015-01-21 北京航空航天大学 Complex mechanism dynamic cascading reliability modeling method based on colored stochastic Petri network
CN104504210A (en) * 2014-12-30 2015-04-08 西安交通大学 Complex electromechanical system reliability modeling method based on Petri network
CN105488537A (en) * 2015-12-11 2016-04-13 中国航空工业集团公司西安飞机设计研究所 Method for representing component fault attributes based on Petri net

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9431829B2 (en) * 2013-10-09 2016-08-30 John S. Youngquist Aircraft instrument and backup power therefor provided by magneto P-lead

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104298843A (en) * 2014-05-22 2015-01-21 北京航空航天大学 Complex mechanism dynamic cascading reliability modeling method based on colored stochastic Petri network
CN104504210A (en) * 2014-12-30 2015-04-08 西安交通大学 Complex electromechanical system reliability modeling method based on Petri network
CN105488537A (en) * 2015-12-11 2016-04-13 中国航空工业集团公司西安飞机设计研究所 Method for representing component fault attributes based on Petri net

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于Petri网的飞机复杂系统可靠性分析方法研究;郭鹏;《航空工程进展》;20160531;第174-180页 *

Also Published As

Publication number Publication date
CN106599352A (en) 2017-04-26

Similar Documents

Publication Publication Date Title
CN106599352B (en) Reliability analysis method for airplane telex control system
CN112131760B (en) CBAM model-based prediction method for residual life of aircraft engine
EP3792768A1 (en) Method for constructing test scenario library, electronic device and medium
CN106250631B (en) Fault diagnosis method based on fault-test correlation matrix
CN103472820B (en) Method for diagnosing propulsion system failure based on partial least squares algorithm
CN108256173B (en) Gas circuit fault diagnosis method and system for dynamic process of aircraft engine
CN103279793B (en) A kind of unmanned vehicle formation method for allocating tasks determined under environment
CN102903263B (en) Method and device used for removing flight conflicts and based on packet mode
CN109709934B (en) Fault diagnosis redundancy design method for flight control system
CN103983453A (en) Differentiating method of fault diagnosis of executing mechanism of aeroengine and sensor
CN104986347B (en) Real-time detection method for civil aircraft airline pilot operation errors
CN102298329A (en) Small-size unmanned rotary wing aircraft dynamic model identification method based on adaptive genetic algorithm
CN107272639A (en) Detection, estimation and its adjusting method of rigid spacecraft reaction wheel failure
CN106295020A (en) A kind of interactive controlling model solution method and system towards man-machine interactive system constraint
CN105183624B (en) A kind of emulation back method based on Data Matching
CN111680823A (en) Wind direction information prediction method and system
CN112464496A (en) Design mode reliability analysis method based on probability model inspection
CN106250623B (en) A kind of semi physical rapid simulation method steadily switched based on state
CN106168760B (en) Uncertain time-delayed systems determination of stability method based on convex polyhedron fault model
CN102788955A (en) Remaining lifetime prediction method of ESN (echo state network) turbine generator classification submodel based on Kalman filtering
CN113408158B (en) Implementation method suitable for carrier rocket stage-to-stage cold separation
CN108280043A (en) A kind of method and system of fast prediction flight path
Li et al. Predicting remaining useful life of industrial equipment based on multivariable monitoring data analysis
CN111191770A (en) Rocket system health state evaluation method based on fuzzy neural network
CN110866607A (en) Machine learning-based penetration behavior prediction algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200214

Termination date: 20201107

CF01 Termination of patent right due to non-payment of annual fee