Loughborough Universiy Insiuional Reposiory Mone Carlo simulaion modelling of aircraf dispach wih known fauls This iem was submied o Loughborough Universiy's Insiuional Reposiory by he/an auhor. Ciaion: PRESCOTT, D.R. and ADREWS, J.D., 2009. Mone Carlo simulaion modelling of aircraf dispach wih known fauls. I: Kang, R.... e al (eds). Proceedings of 2009 8h Inernaional Conference on Reliabiliy, Mainainabiliy and Safey (ICRMS 2009), Chengdu, China, 20-24 July, pp. 532-535. Addiional Informaion: This is a conference paper [ c IEEE]. I is also available from: hp://ieeexplore.ieee.org/ Personal use of his maerial is permied. However, permission o reprin/republish his maerial for adverising or promoional purposes or for creaing new collecive works for resale or redisribuion o servers or liss, or o reuse any copyrighed componen of his work in oher works mus be obained from he IEEE. Meadaa Record: hps://dspace.lboro.ac.uk/2134/5482 Version: Published Publisher: c Insiue of Elecrical and Elecronics Engineers (IEEE) Please cie he published version.
This iem was submied o Loughborough s Insiuional Reposiory (hps://dspace.lboro.ac.uk/) by he auhor and is made available under he following Creaive Commons Licence condiions. For he full ex of his licence, please go o: hp://creaivecommons.org/licenses/by-nc-nd/2.5/
Mone Carlo Simulaion Modelling of Aircraf Dispach wih Known Fauls Darren PRESCOTT, John ADREWS Deparmen of Aeronauical and Auomoive Engineering Loughborough Universiy Loughborough, LE11 3TU, UK E-mail: D.R.Presco@lboro.ac.uk; J.D.Andrews@lboro.ac.uk Absrac Time-Limied Dispach (TLD) allows usage of redundancy wihin aircraf engine conrol sysems in order o dispach aircraf wih fauls presen in hese sysems for limied periods. Such degraded-redundancy dispach enables aircraf operaors o reduce delays and cancellaions of aircraf flighs hrough efficien mainenance scheduling. When TLD is applied cerificaion requiremens mus be me, which ensure ha sysem failure raes do no exceed specified levels. This paper presens a Mone Carlo simulaion approach o obaining he required sysem failure raes and oulines advanages of he approach in ensuring cerificaion requiremens are me. Keywords- Mone Carlo simulaion; Time-Limied Dispach; degraded redundancy I. ITRODUCTIO Time-Limied Dispach (TLD) came ino exisence following he inroducion of Full Auhoriy Digial Engine Conrol (FADEC) sysems o commercial aircraf in he mid- 1980s. FADEC sysems are elecronic engine conrol sysems which regulae engine hrus from he beginning of fuel meering o he poin of fuel shuoff. When inroduced, FADEC sysems replaced hydromechanical conrol (HMC) sysems and i was o be he firs ime ha pilos would have no access o a (HMC) sysem in he even of elecronic sysem failure [1]. FADEC sysems are based around a dual channel conrol sysem. They conain reliable elecronic componens and are designed in such a way ha criical loops and funcions are covered by a degree of redundancy. Despie expecaions ha hese feaures would be posiive, here was an iniial negaive impac on aircraf dispach following he inroducion of FADEC sysems. This was due o he imposiion of he dispach crieria ha were applied o HMC sysems, which, i urned ou, were overly resricive. There was scope o ake advanage of redundancies o reduce unwelcome fligh delays and cancellaions due o FADEC sysem fauls. This was he basis of TLD, which was inroduced o allow dispach of aircraf wih fauls presen in heir FADEC sysems for limied periods, afer which he faul mus be repaired in order for furher dispach o be allowed. A. Cerificaion Requiremens Before TLD may be applied o a FADEC sysem, here are a number of cerificaion requiremens ha mus be me. These relae o he levels of reliabiliy demanded of he sysem, and in paricular o Loss of Thrus Conrol (LOTC) raes relaed o he sysem [2]. The average LOTC rae of he sysem mus no exceed 10 failures per 10 6 fligh hours, a level se o mach ha required of HMC sysems prior o he inroducion of FADEC sysems. In addiion o his here are resricions placed on he insananeous LOTC rae, which is calculaed when he FADEC sysem is operaing wih fauls presen and mus no exceed 100 failures per 10 6 fligh hours. There are four dispach caegories ha relae o TLD fauls: Do o Dispach (DD), Shor Time Dispach (STD), Long Time Dispach (LTD), Manufacurer/Operaor Defined Dispach (MDD). By definiion, DD fauls prohibi aircraf dispach when hey are presen and herefore any faul saes from which he insananeous LOTC rae exceeds 100 failures per 10 6 fligh hours mus be caegorised as DD. The oher dispach caegories have associaed dispach inervals, measured in aircraf fligh hours. When a faul ha is relaed o one of hese dispach caegories occurs, he aircraf may be dispached wih ha faul for up o he lengh of he associaed dispach inerval before i mus be cleared from he sysem. The insananeous failure rae o LOTC when dispaching wih LTD and STD fauls mus no exceed 75 and 100 failures per 10 6 fligh hours respecively. MDD fauls eiher do no fall ino any of he oher caegories or do no affec he sysem LOTC raes. For any fauls, more resricive dispach caegories han hose deermined using he insananeous LOTC raes may be applied. B. Mainenance Sraegies 978-1-4244-4905-7/09/$25.00 2009 IEEE 532
dispach inerval 1 2 Figure 1. MEL mainenance. A B 1 2 Figure 3. Muliple fauls (MEL mainenance). dispach inerval T LTD LTD STD I 1 1 I 2 2 f A B 3 1 2 Figure 2. PIR mainenance. Figure 4. The combinaion of muliple fauls (MEL mainenance). There are wo mainenance sraegies ha can be used when TLD is applied, Minimum Equipmen Lis (MEL) mainenance and Periodic Inspecion and Repair (PIR) mainenance. MEL mainenance is a ime-since-faul repair sraegy ha may be used when sysem fauls are revealed, i.e. he ime of occurrence of he faul is known. Figure 1 illusraes MEL mainenance, where a faul occurs a ime 1, a which ime a dispach inerval is iniiaed and he faul mus be cleared from he sysem by 2, a he end of he dispach inerval. PIR mainenance, Figure 2, involves periodically inspecing he sysem for fauls. When a faul occurring a f is discovered a an inspecion he ime ha i occurred will no be known. I is assumed o have occurred a he midpoin ( 1 ) of he inerval beween he curren inspecion (I 2 ) and he previous one (I 1 ) and he dispach inerval is iniiaed a his poin. The inspecion inerval may be adjused o allow dispach for a cerain period T afer he inspecion and he faul mus be cleared by ime 2. C. Muliple Fauls When more han one faul is presen in he sysem i is possible o ake advanage of he applicaion of TLD o allow flexible repair sraegies a mainenance. This could, for example, allow an opimisaion of he number of mainenance operaions ha mus ake place, or allow aircraf dispach unil appropriae pars are available. In order o illusrae some of he opions, wo examples of muliple faul occurrences relaing o MEL mainenance are now presened. Figure 3 depics he occurrence of wo fauls, A and B, wih dispach inervals ending a 1 and 2 respecively. Upon reaching ime 1 faul A mus be cleared from he sysem. Faul B could also be cleared, allowing dispach unil furher fauls occur or faul B may be lef in he sysem, allowing furher dispach unil ime 2, when i mus be cleared from he sysem. Figure 4 shows a similar scenario, where he presence of A or B alone leads o he applicaion of a LTD inerval (ending a 1 for A and 2 for B). In his case he simulaneous presence of boh A and B wihin he sysem leads o an increase in insananeous LOTC rae such ha a STD inerval (ending a 3 ) mus be applied. A ime 3 here are a number of mainenance opions. A alone may be cleared, leaving B in he sysem and hus allowing dispach unil 2, when A mus be cleared. B alone may be cleared, leaving A in he sysem and allowing dispach unil 1, when B mus be cleared. The final alernaive is ha boh fauls are cleared from he sysem. II. MODELLIG TLD Before applying TLD o a sysem i is necessary o demonsrae ha he cerificaion requiremens for he average and insananeous LOTC raes can be me using a suiable reliabiliy analysis echnique. Dispach crieria (TLD caegories for fauls) mus be assigned o all dispachable fauls and he lengh of dispach inervals mus also be se. Sandard models such as he kineic ree heory of Faul Tree analysis [3] or Markov analysis of convenional Markov models are unsuiable; he former due o he dependencies inroduced by TLD and is associaed mainenance and he laer due o he problem of sae space explosion. A. Recommended Models There are wo recommended approaches o modelling TLD [4] and compuing he average LOTC rae for a sysem given dispach crieria (dispach caegories for fauls) and lenghs of he dispach inervals. The firs is a ime-weighed averages (TWA) approach, which looks o compue he LOTC rae by averaging he LOTC raes of he sysem from each of is dispachable configuraions. The second is a simple Markov model conaining a reduced number of sysem saes, which overcomes problems associaed wih a sae space explosion and means analysis is possible. Boh of hese models consider only full-up sysem saes (wih no fauls presen) and dispachable (STD and LTD) TLD faul saes. However, boh of hese models require he calculaion of wo ses of failure raes: failure raes ino he dispachable sysem faul saes and failure raes o LOTC from he dispachable sysem faul saes (on which he sysem dispach crieria are dependen). The calculaion of hese failure raes is no necessarily a sraighforward ask, and i is his calculaion ha may ulimaely hamper any aemp o gain accurae resuls from hese models. Due o he limied space available in his paper he recommended models are no discussed in greaer deail here, bu furher deails can be found in references [4-8]. References [5-8] show some applicaions of he models o simple sysems. Figure 5 shows he required model inpus, furher inpus ha mus be calculaed and also he model oupu. B. Proposed Mone Carlo Simulaion Model Previous work has shown ha Mone Carlo simulaion is well-suied o modelling TLD [5-8]. I is a flexible modelling approach ha can easily handle dependencies inroduced by 533
TLD, he differen possible mainenance sraegies and ordering of fauls. An ouline of a Mone Carlo simulaion algorihm for calculaing he LOTC rae of a sysem is given in Figure 6. The basic premise is ha a number of sysem lifeimes are modelled and TLD fauls and mainenance of Sysem Represenaion FURTHER Failure raes ino TLD Faul Saes he insananeous failure raes o LOTC from each of he dispachable sysem faul saes. Differen sysem lifeimes may be modelled, as can differen fligh imes. MEL or PIR mainenance can be modelled, eiher exclusively (for example, boh STD and LTD fauls covered by MEL mainenance) or in OUTPUT Average LOTC rae Componen Failure Daa Dispach Inervals Insananeous LOTC raes Sysem Dispach Crieria Figure 5. Recommended model inpus and oupus. START inpu sysem daa, zero LOTC couner and oal simulaion couner iniialise for single simulaion generae failure imes and add o schedule remove firs even from schedule carry ou required repairs, new failure imes needed check TLD crieria, if needed add mainenance deadline sysem lifeime reached? add one o oal simulaion couner basic even occurrence? LOTC? LOTC rae converged? mainenance deadline, hus carry ou repairs add one o LOTC couner ED hose fauls are considered. Sysem componen failure disribuions are sampled o provide he imes o failure during single simulaions and he dispach inervals relaed wih TLD caegories are used o deermine for how long he sysem can be dispached wih specific fauls presen. A record is kep of he number of LOTC evens ha occur and he oal sysem lifeime ha is modelled. This allows he calculaion of a LOTC rae for he sysem. A compuer code has been developed ha incorporaes his basic algorihm. The developed Mone Carlo code also has he capabiliy o compue Figure 6. Overview of an algorihm for finding he sysem LOTC rae. combinaion (such as LTD fauls covered by PIR mainenance and STD fauls covered by MEL mainenance). The code also allows consideraion of differen repair sraegies a mainenance, such as hose oulined when considering muliple fauls in Secion I-C. This degree of flexibiliy is no offered by he recommended approaches. An ieraive procedure has also been developed, which akes advanages of he possibiliy o compue insananeous LOTC raes from he individual faul saes and allows he 534
dispach crieria o be se accordingly. I works by iniially assuming ha all TLD fauls will be reaed as LTD fauls. The sysem is hen modelled and any of he insananeous LOTC raes for hese fauls ha do no saisfy he cerificaion aircraf. The approach doe s no require calculaions o be made prior o TLD modelling, which is in conras o he recommended approaches, which require he calculaion of failure raes ino he TLD faul saes and ou of hem o he Sysem Represenaion Componen Failure Daa Dispach Inervals FURTHER OUTPUTS Average LOTC rae Insananeous LOTC raes Sysem Dispach Crieria Mainenance Approaches Figure 7. Mone Carlo approach inpus and oupus. requiremens are seleced and he dispach caegory se o he appropriae faul caegory according o he insananeous LOTC rae observed. Anoher se of simulaions are hen run. The process ses lower order faul caegories firs, hen works up hrough higher order faul caegories and coninues unil all TLD fauls have insananeous LOTC raes ha saisfy he cerificaion requiremens of he dispach caegory applied o hem. In his way i is possible o model he applicaion of TLD o a sysem and se he dispach crieria for ha sysem whils ensuring ha all cerificaion requiremens relaing o average and insananeous LOTC raes are me. Figure 7 shows he required model inpus and oupus available when using he Mone Carlo simulaion approach. III. COMPARISO OF THE TWO MODELLIG APPROACHES Comparing Figures 5 and 7 gives a feel for how he recommended approaches differ from he developed Mone Carlo approach. Considering he inpus, boh use a sysem represenaion and componen failure daa. The recommended models require his daa o be used o calculae furher inpus: he failure raes ino he TLD faul saes and he LOTC raes from hese faul saes. This is no necessarily a simple ask. The Mone Carlo approach does no need his he sysem represenaion and componen failure daa are used wihin simulaions o check for LOTC evens and produce componen failure imes respecively. The insananeous LOTC raes are produced as an oupu in he MCS approach. oe how, because of his, i is possible o produce he sysem dispach crieria as oupus whereas hey are inpus o he recommended models. Boh approaches also require he lengh of he dispach inervals (for STD and LTD fauls) o be defined. In addiion he Mone Carlo approach can ake oher inpus, such as he mainenance approaches used, which is shown in Figure 7 and oher quaniies such as sysem lifeime and fligh lengh. IV. COCLUSIOS Presened in his paper is a brief overview of a Mone Carlo simulaion approach o modelling he applicaion of TLD o LOTC sae. This herefore gives he Mone Carlo approach an advanage in ha i offers an inegraed approach o modelling TLD, specifying dispach crieria ha saisfy cerificaion requiremens and modelling differen mainenance sraegies. However, he recommended approaches o modelling TLD do offer some benefis. They are very simple models ha can be easily implemened and in he insance where real failure daa can be gahered from a sysem he models can be used o obain he average sysem LOTC rae. The advanage for he Mone Carlo approach would come when real daa is no available. The Mone Carlo approach also offers advanages in erms of being able o model differen repair sraegies. REFERECES [1] H. Larsen, and G. Horan, Time-Limied Dispach: An Ineracive Training and Self-Sudy Course, Keybridge Technologies, Inc,2002. [2] FAA Memorandum, Policy for Time-Limied Dispach (TLD) of Engines Fied wih Full Auhoriy Digial Engine Conrol Sysems, Policy o. AE-1993-33.28TLD-R1, 2001. [3] W.E. Vesely, A Time Dependen Mehodology for Faul Tree Evaluaion, uclear Design and Engineering, 1970, o.13, pp.337-360. [4] SAE ARP5107 Rev A, Guidelines for Time-Limied Dispach (TLD) Analysis for Elecronic Engine Conrol Sysems, SAE Inernaional, 2005. [5] D.R. Presco, and J.D. Andrews,. Aircraf Safey Modelling for Time- Limied Dispach, Proceedings of he Annual Reliabiliy and Mainainabiliy Symposium, Virginia, USA (CD-ROM),2005. [6] D.R. Presco, and J.D. Andrews,. A Comparison of Modelling Approaches for he Time-Limied Dispach of Aircraf, IMechE Par O: Journal of Risk and Reliabiliy, 2006, Vol.220, o.01, pp.9-20. [7] D.R. Presco, and J.D. Andrews, Modelling and Specificaion of Time- Limied Dispach Caegories for Commercial Aircraf, ASME Journal of Dynamic Sysems, Measuremen and Conrol, 2008, Vol.130, Iss.2. [8] D.R. Presco, and J.D. Andrews, The Safe Dispach of Aircraf Wih Known Fauls, Inernaional Journal of Performabiliy Engineering, Condiion Monioring and Condiion Based Mainenance Special Issue, Kumar, U., (ed), 2008, Vol.4, o.3, pp.243-253. [9] G.B. Wang, H.Z. Huang, L.S. Sun, A hybrid cross-enropy algorihm for reliabiliy assessmen of configuraion-redundancy sysems, Eksploaacja i iezawodnosc - Mainenance and Reliabiliy, 2009, o.3, pp.4-13. 535