CC BY
11
ADAPTATION, LEARNING AND INHERENT SAFETY OF 2nd
GENERATION AIRSHIPS
Henry K Moskatov •
Central Shipbuilding Res. Inst. «CENTRE» 123242, MOSCOW, D-242 The Russian Federation e-mail: gkm@mail. sbnet.ru
Abstract. Inherent safety of the new generation airships, based on some fundamental laws of Space, is discussed in some detail. An algorithm is proposed to analyze risks, resulting from hazards not compensated by "inherent safety". Then a thoroughly verified statistical model of learning is used to evaluate results of airship flight testing-the probability of mission success and its confidence limit. The results can be used as a part of evidence for airship airworthiness certification.
Keywords: Adaptation, airship, airworthiness, degenerative feedback, laws of Space, statistical model of learning, inherent safety.
It looks like as if helium airships were on the threshold of the Renaissance. For the new generation airships niches have been found, where they are, and in the predictable future will remain, second to none. Their unique features and capabilities will find increasing application in the future particularly as fossil fuels become less acceptable in the coming decades [1,4-6,11,12].
Among these traces airships' inherent safety is of paramount importance. As we've shown in [11,12] it is a consequence of three fundamental laws of Space, acting simultaneously:
- the Law of Archimedes;
- the Principle of Le Chatelier-Brown (the Principle of Adaptation);
- the Principle of Rhythm and Periodicity.
2nd generation airships are safer than heavier-than-air vehicles of any type due to:
- using helium as lifting gas,
- independence of aerostatic lift of flight velocity and, hence-of the power plant used;
- non-zero metacentric height.
These three factors determine the main contribution to airships' inherent safety.
A helium airship with an autopilot, parametric and topological redundancy, embraced with degenerative feedback loops, becomes a system of mobile, dynamic equilibrium, where Le Chatelier- Brown Principle is valid. Yet the Principle has its feasibility limits: it holds true unless destabilizing factor exceeds a certain predetermined threshold. Its knowledge is essential for airships' safe operation, especially with respect to risk factors, associated with vehicles' statics and dynamics.
Any object possessing a certain amount of stored energy of any kind isn't absolutely safe. And helium airships aren't an exception. Inherent safety doesn't imply the vehicle's immunity from all possible hazards.
An appropriate algorithm to analyze risks, resulting from hazards, not covered by the feature, called "inherent safety", is given in figure below. Special safety assurance facilities are inevitable in this case.
Airship
I
Life-cycle phases
No
Figure. Block-diagram of risk analysis & safety assurance algorithm. Hazards consequence categories: minor, severe, major, catastrophic [17].
Some comments don't seem senseless in this connection. Risks analysis has to answer three questions: what can go wrong? (by hazard identification; how likely is this to happen? (by frequency analysis); what are the consequences? (by consequence analysis).
"The moment of truth" of an airship in any way comes during ground & flight tests. For self-evident reasons vehicle testing is accompanied with corrective action The latter can produce one of the 3 issues:
-the vehicle's reliability is enhanced; -it remains unchanged;
-it is deteriorated because of erroneous actions.
For a vehicle's reliability estimate the following indices can be used:
a) non-stationary probability of mission success;
b) non-stationary mean-time-between failures (MTBF);
c) non-stationary failure rate [3,7-9,12].
Practically for all reliability growth models of the (a) class the following mathematical structure is characteristic:
Pn = P0 + ((n, P0) (1)
where
Pn - a statistical estimate of probability of mission success after the n-th test (or test phase); P0 - a probability estimate before the testing began;
((n, P0) - a learning nucleus - a cumulative term, characterizing mission success probability
increment at the n-th test phase, 0 < ((n, Po), < 1
A model design is to concretize ((n, P0), while model application is to define its unknown parameters on the basis of non-homogeneous test record. In the simplest case
((n,P0) = £APt , (2)
i=i
where APi - reliability increment as a result of i-th corrective action; APi >< 0; APi = 0. Over 20 statistical models of learning and reliability growth were built.
Efforts to construct new ones can still be observed. Analytical surveys of the models have been published in USA, USSR and elsewhere.
The most successful representative of the second and third classes is the Duane model [3]. It was constructed on the basis of comprehensive testing experience of aerospace digital and analog systems. The Duane relationship is:
Az= = KT-a, (3)
where Az - an accumulated failure rate, d(T) - a number of failures in all tests; T - general number of hours (cycles) of testing; K - an experimentally determined constant value, a - index of reliability growth speed.
If the perfection (reliability growth) is not attained, a = 0 and in this case
d (T ) ^
= K , (4)
From (3) one can obtain, as a result of trivial transformations, instantaneous MTBF
T0 = [(1 -a) KT "a]-15
(5)
If a vehicle is not perfected during testing, then a = 0, and MTBF becomes a constant value, independent of the time of learning, i.e. T0 = y^ = ^^ .
If the reliability criterion is non-stationary probability of mission success a growth model with degenerative feedback is recommended
Pn = b - y a exp(-n / a),
(6)
where a, b, c - estimates of unknown parametres a, b, c; the latter being functions of two independent variables: i - the number of trials, K - accumulated number of successes; b = lim Pn; characterizes the
?! ? n ' / /7
n^w / d
effectiveness of feedback [13].
The model deals with catastrophic failures (both in hardware and software); trials, proved unsuccessful due to human operator errors, are not taken into account. The algorithm for estimating the unknown parameters:
b =
S4S 2 - S 7S 5 (S4)2 - S8S5
(7)
c =
S8S2 - S4S7 (S4)2 - S8S5
(8)
Parametr a is the root value - a nontrivial solution of an equation f(a) = 0, where fa) = S1(S7S5 - S2S4) + (S8S2 - S7S4)S6 + S3((S4)2 - S5S8).
Here
S1 = 2y ; S2 = fjKy ; S3 = £K^
S4 = Y;iy ; S 5 = ^y2; S 6 = ^iy2;
i=1
i=1
i=1
>
S 7 = £ K ; S 8 = £ i2 ;
i =1 i =1
y = 1 - exp(- i/a ).
(9)
(10)
When b > 1 b is assumed to equal 1, and a, C are calculated according to
C = (S 4 - S 2)1 S 5,
fa) = S5(S7 - S3) + (S4 - S6)(S4 - S2) - S5(S8-S1)
(11)
The root a of the transcendental equation fa) = 0 is calculated by introducing test values aj to (9),(11), where
aj+1 = aj + 1, j = 0, 1, 2, ... .
i=1
i =1
i =1
Formulas (7-11) were derived by using least squares method and provide likelihood function maximum.
Comprehensive numerical experiments conducted with the growth model assert that the test values aj belong to a closed interval [0.001, ..., 25] for a number of trials not exceeding 100.
In the course of calculations the signs offaj) andfaj+i) are compared. When the signs change for the first time the corresponding values of aj, aJ+i, fa_j), faj+i) are stored and used in the interpolation formula
a = aj+J (aj) - ajf (aj+1) f (aj) - f (aj+1) '
The found value of a is used in (7-9) to determine b , c, Pn.
The confidence interval for Pn estimate is determined by using the Clopper - Pearson formula. Reliability growth is established by checking up the validity of the following inequality
Kjn > S 71S8.
If Knln < S71S8, learning (perfection) of the vehicle was not attained and
Pn = Kjn [13].
And now we'll consider a concrete example of an airship flight test record. There were altogether one hundred trials, alas not all of them proved successful.
№ of a trial, i 1 - 10, 11, 12 - 21, 22, 23 - 100
An accumulated № of successes K 98
№ of test stages M 3
The first ten trials were succesful; then a failure in the empennage occurred. The reasons were investigated, found and the rudder was perfected to meet specifications. It was decided to carry on testing, partially to get convinced that the corrective action was sufficient. The next 10 flights were OK, but the 22nd landing wasn't all right. We omit listing physical reasons of that failure. They were scrutinized and eventually compensated. The following 78 trials proved successful.
This airship flight test experience with corrective action was used in an original PC-program to estimate the nonstationary probability of mission success and the corresponding confidence interval for 90% confidence level
0,99313 <0,99981<1. (12)
Hadn't we taken into account corrective actions (i.e. neglected reliability growth and regarded the sequence of trials as homogeneous) the result would have been different, namely
P100 = 98/100 .
In the case of independent homogeneous tests (the Bernoulli distribution) 2303 trials, all of them successful, would be required to confirm the probability of success as in (12) for the same confidence level.
The model is sensitive to the stage the failure occurs. Common sense prompts that an earlier failure detection and compensation are more advantageous than those conducted at a later flight test phase.
The result of other flight test records (not given here for brevity) demonstrated a remarkable coincidence of common sense and the mathematical model sensitivity.
THE SUMMING UP
The recently proclaimed "airships inherent safety" is based on three fundamental laws of Space - the Law of Archimedes, the Principle of Le Chatelier-Brown and Principle of Rhythm and Periodicity, acting together. Still it should be made clear that nothing and nobody liberate us, anyone involved in aeronautics,
from responsibility for our own conduct. The notion implies not only the quality of the vehicle itself but also meteorologists', ground crews', airpilots' ability to predict and adequately meet challenges of our evolving Universe.
Global atmospheric warming and other solar-terrestrial links provoked hazards, to mention just a few, continue to produce more stormy conditions [4-6].
Airships flight schedule and envelope should cohere to rhythms of the Earth and the Solar system to retain significant variations of geophysical fields within admissible limits.
We must confess at last that we can no longer permit ourselves flying whenever and wherever we want. For our safety sake our plans, likes and dislikes, our partialities should be made compatible with fundamental laws of Space. At least, with those we know and understand.
Inherent safety doesn't imply the vehicle's immunity from all possible hazards. Hence special safety assurance facilities should be provided for hazards, not covered by airships inherent safety feature.
In fact all that has been lost, missed and/or misunderstood inevitably reveals itself during tests. If the aim of airship testing assessment is probability of mission success, the thoroughly verified statistical model of learning (6) is recommended for use [13].
If the aim is different - evaluating MTBF, the Duane growth model should be preferred, the latter being the core of the latest IEC International Standard [14].
Airship reliability and hence - safety growth is a natural product of degenerative feedback -corrective actions undertaken at all stages: R&D, production and testing.
In any way application of the growth models considerably reduces the number of trials (duration of testing), required to confirm specifications and consequently results in a notable saving of time, space and money.
The experimentally confirmed probability of mission success, as well as other results outlined, can be used as a part of evidence for airship airworthiness certification.
REFERENCES
1. Arie M. The airship accidents and catastrophes. Proc. 3-rd Intern. Airship Conv. and Exhibition. The Airship Association Ltd., 2000.
2. Barkovsky E. Catastrophes on the sea and under water: myths and reality. Morskoy Sbornik, 2001, №10, p.31-41 (in Russian).
3. Duane J.T. Learning curve approach to reliability monitoring. IEEE Trans. on aerospace, 1964, № 4, p.563-566.
4. Harris M. The use of weather satellite pictures in airship operations worldwide. Proc. 3-rd Intern. Airship Conv. and Exhibition. The Airship Association Ltd., 2000.
5. Harris M. The significance of understanding the weather hazards involved in flying airships in and around mountainous regions. Proc. 14th AIAA LTA Technical Committee Convention. Akron, Ohio, July 2001.
6. Harris M. The practical application of local meteorology for airship operations in city areas. Proc. 4th Intern. Airship Conv. and Exhibition. The Airship Association Ltd., 2000.
7. Maiorov A., Moskatov H., Shibanov G. Operating safety of automated objects. Mashinostroenie Publishers, M., 1988, 264 p (in Russian).
8. Moskatov H. Reliability of Adaptive Systems, Soviet Radio Publishers, Moscow, 1973, 103 p. (in Russian).
9. Moskatov H. System testing as learning with corrective action. In "Main problems of reliability theory and practice", Soviet Radio Publishers, Moscow, 1975, p.294-306 (in Russian).
10. Moskatov H. The Principle of Le Chatelier-Brown and inherently safe feedback systems' design. Safety Problems in Emergencies, 1992, #2, p.49-76 (in Russian).
11. Moskatov H., Kirilin A. Adaptation, redundancy and inherent safety of modern airships. AIRSHIP, № 118, December, 1997, p.13, 26-27.
12. Moskatov H. Airship flight testing as learning with corrective action. Proc.4th Intern. Airship Convention and Exhibition, Cambridge, UK. The Airship Association Ltd., 2002.
13. Pupkov K., Kostyuk G. Experiments planning and assessment. Mashinostroenie Publishers, M., 1977, 118 p (in Russian).
14. Reliability Growth - statistical test & estimation methods. Intern. Electrotechnical Commission Standard, 1-st Ed., Geneva, 1995.
15. Ryabinin I. Reliability and safety of structurally complex systems. Polytechnics Publishers, St. Petersburg, 2000,248 p (in Russian).
16. Ryabinin I., Parfenov Yu. Reliability, survivalability and safety of ship power systems. Naval Academy, St. Petersburg, 1997, 410 p (in Russian).
17. Risk Analysis. International Standard. International Electrotechnical Commission. Geneva, Suisse, 1995.
