Complex Systems Design Research Overview
advertisement
Complex Systems Design
Research Overview
Irem Y. Tumer
Associate Professor
Complex System Design Laboratory
Department of Mechanical Engineering
Oregon State University
irem.tumer@oregonstate.edu
Irem Y. Tumer
irem.tumer@ore
1
Challenge of Designing Aerospace Systems
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Irem Y. Tumer
irem.tumer@ore
2
Complex Aerospace Systems
Unique Design Environment
• High-risk, high-cost, low-volume missions with
significant societal and scientific impacts
• Rigid design constraints
• Extremely tight feasible design space
• Highly risk-driven systems where risk and uncertainty
cannot always be captured or understood
• Highly complex systems where subsystem
interactions and system-level impact cannot always
be modeled
• Highly software intensive systems
Irem Y. Tumer
irem.tumer@ore
3
Motivation and Research Needs
• Introducing failure & risk in early design
– Analysis of potential failures and associated risks must be done at
this earliest stage to develop robust integrated systems
• Systematic, standardized & robust treatment of failures and risks
• Enabling trade studies during early design
– Early stage design provides the greatest opportunities to explore
design alternatives and perform trade studies
• Reduce the number of design iterations and test & fix cycles
• Reduce cost, improve safety, improve reliability
• Enabling system-level design & analysis
– Subsystems must be designed as a critical part of the overall
system architecture, and not individually or as an afterthought
• Increase ROBUSTNESS of final integrated architecture
– Include all aspects of design trade space and all stakeholders
– Design and optimize as a system
Irem Y. Tumer
irem.tumer@ore
4
Complex Systems Design
Related Fields of Research
Main Research Thrusts in CoDesign Lab:
–
–
–
Model-based design: Analysis and simulation tools and metrics to evaluate designs,
and to capture and analyze interactions and failures in the early conceptual design
stages
Risk-based design: Formal process of quantifying risk and trading risk along with
cost and performance during early design, moving away from reliance on expert
elicitation
System-level design: Multidisciplinary approach to define customer needs and
functionality early in the development cycle to proceed with design synthesis and
system validation for the entire system
Related Fields:
–
–
–
–
–
–
Reliability engineering
Safety engineering
Software engineering
Systems engineering
Simulation based design
Control systems design
Irem Y. Tumer
irem.tumer@ore
5
Complex System Design
Formal Methods Research
• Design Theory & Methodology Research (early design):
– Modeling techniques:
• Function-based modeling
• Bond graph modeling
– Mathematical techniques:
• Uncertainty modeling, decision theory, risk modeling, optimization,
control theory, robust design methods, etc.
– Systematic methodologies:
• Design for X (mitigation, maintainability, failure prevention, etc.),
• System engineering methods
• Axiomatic design, etc.
• Risk and Reliability Based Design Methods (later design stages):
– PRA, FTA, FMEA/FMECA, reliability block diagrams, event sequence
diagrams, safety factors, knowledge-based methods, expert elicitation
• Design for Testability Methods (middle stages):
– TEAMS, Xpress
Irem Y. Tumer
irem.tumer@ore
6
Driving Application
Integrated Systems Health Management (ISHM)
A system engineering discipline that addresses the design,
development, operation, and lifecycle management of subsystems,
vehicles, and other operational systems, with the goal of:
• maintaining nominal system behavior and function
• assuring mission safety & effectiveness under off-nominal conditions
Design of Health
Management Systems
• Testability
• Maintainability
• Recoverability
• Verification and
validation of ISHM
capabilities
Real-Time Systems Health
Management
• Distributed sensing
• Fault detection, isolation, and
recovery
• Failure prediction and mitigation
• Robust control under failure
• Crew and operator interfaces
Informed Logistics &
Maintenance
• Modeling of failure
mechanisms
• Prognostics
• Troubleshooting
assistance
• Maintenance planning
• End-of-life decisions
Irem Y. Tumer
irem.tumer@ore
7
ISHM State-of-the-Practice
FACT: True ISHM has never been achieved!
Space Shuttle
C&W System
Management: mitigation & recovery
System-level
Some Examples at NASA:
– ISS/Shuttle: Caution and Warning System
– Shuttle: minimal structural monitoring
– SSME: AHMS
– EO-1 and DS-1 technology experiments
– 2GRLV, SLI: Propulsion HM testbeds and prototypes
ISHM sophistication level inversely proportional with distance from earth!
Position
Vehicle
Capability
Mars
MER
Fault Protection
LEO
ISS
Warning System
Ascent to Orbit
SSME
AHMS Redline Cutoff
Atmosphere
JSF, 777
Multi-System
Diagnostics, CBM
Ground
Automobile
On-star, ABS, Traction
Control
Irem Y. Tumer
irem.tumer@ore
8
Spacecraft Health Management at NASA
Crew Launch Vehicle (“Ares”)
•1/2,000 probability of loss-of-crew
•Based on legacy human-rated
propulsion systems (J2X, RSRM)
•The order-of-magnitude improvement in
crew safety comes from crew escape
provisions!
•ISHM focus on sensor selection and
optimization, crew escape logic, and
functional failure analysis.
Robotic Space Exploration
Augment traditional fault
protection/redundancy management/
FDIR with ISHM
Real-time HM of science payloads and
engineering systems including anomaly
detection, root cause ID, prognostics,
and recovery
Ground systems for real-time and
system lifecycle health management
Crew Exploration Vehicle (“CEV”)
•Short ground processing time
•Long loiter capability in lunar orbit
•Need to asses vehicle health and
status rapidly and accurately on the
ground and during quiescent periods
•Design for ISHM
International Space Station
& Space Shuttle
•Prognostics for ISS subsystems
(power, GN&C)
•Augment mission control
capabilities (data analysis tools,
advanced caution and warning)
•Retrofit sensors (e.g., Shuttle wing
leading edge impact detection)
Irem Y. Tumer
irem.tumer@ore
9
Complex System Design
Summary of Research Efforts
• Methods and tools to support engineering analysis
and decision-making during early conceptual design
stages
– Functional analysis and modeling of conceptual designs for
early fault analysis
– Function based model selection for systems engineering
– Functional failure identification and propagation analysis
– Modeling, analysis, and optimization of ISHM Systems
– Function based analysis of critical events
– Quantitative risk assessment during conceptual design
– Cost-benefit analysis of ISHM systems
– Decision support and uncertainty modeling for design teams
during trade studies
– Risk assessment during early design
Irem Y. Tumer
irem.tumer@ore
10
Function-Based Modeling and Failure Analysis
Objectives
Approach:
• Improve the design process through early failure analysis
based on functional models
• Produce a model-based early design tool to design
safeguards against functional failures in vehicle design
Benefits
• Reduced redesign costs through early failure identification
and avoidance
• Improved mission risk assessment through identification of
“unknown unknowns”
• Effective reuse of lessons-learned and commonalities
across systems and domains
• Availability of generic and reusable function models and
failure databases
Approach
• Build generic and reusable functional models of existing
subsystems using standardized function taxonomy (developed
at UMR by Prof. Rob Stone)
• Generate failure lists for existing subsystems (failure reports,
FMEAs) and build standardized failure taxonomy
• Map failures to functional models to create function-failure
knowledge bases (resuable and generic)
• Develop software tools for use by design engineers
• Validate utility in actual design scenario
Ex: Probe Cruise Stage: Star Scanner Assembly black box
functional model is the highest level description of system:
Spacecraft,
Debris
Spacecraft
Electrical Energy, Optical Energy,
Thermal Energy, Solar Energy
Sense Star Brightness
Thermal Energy
(generate two star detection and two star
magnitude signals)
Threshold Command
Self-test Command
Star Coincidence Pulse,
Star Magnitude, +5V Monitor
Star Scanner functional model at the
secondary/tertiary level of functional detail comprises
approximately 60 identified functions:
e le ctrical
e ne rgy
from CPDU
electrical
energy
import
electrical
energy (DC)
electrical
energy
condition
electrical
energy
convert elec.
energy to elec.
energy
(DC to AC)
electrical
energy
change
electrical
energy
(step dow n)
electrical
energy
convert elec.
energy to elec.
energy
(AC to DC)
electrical
energy
electrical
energy
regulate
electrical
energy
electrical
energy
condition
electrical
energy
electrical
energy to
components
electrical
energy
regulate
electrical
energy
transmit
electrical
energy
+5V
m onitor
to CREU
s olar
e ne rgy
stop solar
energy
1
optical
e ne rgy
from
s tars
optical
energy
separate
optical energy
optical
energy
optical
energy
guide (reflect
& f ocus)
optical energy
import optical
energy
condition
(focus) optical
energy
(into slits)
optical
energy
optical
energy
guide (focus)
optical energy
(into slits)
optical
energy
optical
energy
guide (reflect
& f ocus)
optical energy
detect optical
energy
convert optical
energy to
electrical
energy
electrical
energy
electrical
energy
2
increment
electrical
energy
optical
energy
stop off -axis
optical energy
2
convert
electrical
energy to
analog signal
analog
signal
analog
signal
transmit analog
signal
analog
signal
analog
signal
increment
(amplitude of)
analog signal
condition
analog signal
analog
signal
3
transmit analog
signal
6
3
contain
(maintain
magnitude of)
analog signal
analog
signal
electrical
analog
signal
signal
detect
(magnitude of)
analog signal
analog
signal
7
s tar
m agnitude
to CREU
analog
signal
export analog
signal
decrease
(magnitude of)
analog signal
(by 50%)
analog
signal
discrete
electrical
signal
signal
analog
signal
convert analog
signal to
discrete signal
process analog
signals
separate analog
signal and
discrete signal
(separate
grounds)
3
discrete
signal
4
transmit
discrete signal
discrete
signal
3
Irem Y. Tumer
thre s hold
com m and
from CSID
irem.tumer@ore
discrete
signal
import discrete
signal
s e lf tes t
com m and
from CSID
discrete
signal
sense discrete
signal
discrete
signal
transmit
discrete signal
process analog
signals (compare
signal magnitude to
threshold)
analog
signal
discrete
signal
convert analog
signal to
discrete signal
separate analog
signal and
discrete signal
(separate
grounds)
5
11
Function-Based Model Selection
Systems Engineering
Objectives
Ex: Hydraulic Braking System
• Develop a function-based framework for the mathematical
modeling process during the early stages of design
Export
St at us
St at us
( Pressure)
Benefits
• Provides a framework for identifying and associating
various mathematical models of a system throughout the
design process
• Enables quantitative evaluation of concepts very early in
design process
• Promotes storage and re-use of mathematical models
• Represents the effect of assumptions and design choices
on the functionality of a system
Export
Thermal
Energy
Hyd. E.
Import
Hydraulic
Energy
Trans. E.
Rot . E.
Import
Rot at ional
Energy
Methods
• During System Planning:
•Modeling Desired Functionality
•Generating System-level Requirements
•Modeling for Requirements Generation
• During Conceptual Design:
•Refining Functionality
•Modeling for Component Selection
•Component Selection
• During Embodiment Design:
•Auxiliary Function Identification
•Sub-system Functional Modeling
•Sub-system Level Requirements Identification
•Detailed System Modeling and Validation
Convert
Hydraulic Energy
t o Translat ional
Energy
Export
Mechanical
Energy
Convert
Rot. E. to
Therm. E.
Input
Flow,
Pressure
Output
Flow, Pressure
Model Ty pe
Closed-form
Eqs.
Flow,
Pressure
Dis placement,
Force
Closed-form
Eqs.
Force,
Angular
Speed,
Moment
Angular
Speed,
Moment
Angular
Acceleration
ODE
Energy
Magnitude
Closed-form
Eqs.
Mech. E.
( Mount )
Mech. E.
Decrease
Rot at ional
Energy
Export
Rot at ional
Energy
Convert
Rot at ional
Energy t o
Thermal
Export
Thermal
Energy
Export
St at us
Function
Imp ort
Hydraulic
Energy
Convert
Hyd. E. to
Trans. E.
Decrease
Rot. E.
Therm. E.
(Mount ,Air)
Flow
Rot. E.
Hyd. E.
Rot. E.
Therm. E.
Rot . E.
Therm. E.
( Air,Hub)
St at us
( Speed)
Require ment
Based on a 1500kg mass stopping from
30m/s, the braking system s hall be able
to handle a 675kJ energy input. The
system shall be designed to stand a 180
rad/s ma x rotational speed and a
ma ximum input moment of 13.5kN-m.
The maximum pressure input to the
system shall be 10MPa.
The output rotational energy output of
the system shall be 0kJ.
Based on a 2s stopping distance, the heat
dissipation of the system shall be at least
337.5kW. The maximum temperature
the system should reach is 150C.
Irem Y. Tumer
irem.tumer@ore
12
Simulation-Based Functional Failure Identification
and Propagation Analysis
Objectives
• Develop a formal framework for design teams to evaluate
and assess functional failures of complex systems during
conceptual design
Example:
Reaction Control System (RCS) Conceptual Design
Objective: Explore what-if scenarios:
What are the effects of component
failures on overall system
functionality?
T
The FFIP framework identifies potential
functional failures and their
propagation under off-nominal
conditions using behavioral analysis.
T
GHe
Benefits
P
• Systematic exploration of what-if scenarios to identify risks
and vulnerabilities of spacecraft systems early in the design
process
• Analysis of functional failures and fault propagation at a
highly abstract system configuration level before any
potentially high-cost design commitments are made
• Support of decision making through functional failure
analysis to guide designers to design out failure through the
exploration of design alternatives
Approach
P
P
P
P
P
P
P
P
P
T
T
T
T
MMH
P
Pc T
NTO
P
P
P
Pc T
Pc T
Pc T
T
T
Pc
Pc
System Function:
Functional Model
System Configuration:
Conceptual Schematic
Functional Failure Identification and Propagation (FFIP) Architecture
• Build generic and reusable system models using an interrelated
set of graphs representing function, configuration, and
behavior.
• Model behavior using a component-based approach using
high-level, qualitative models of system components at various
discrete nominal and faulty modes
• Develop a graph-based environment to capture and simulate
overall system behavior under critical conditions
• Build a reasoner that translates the physical state of the system
into functional failures
• Validate the framework in an actual design scenario
SYSTEM MODEL
Functional Model
Configuration Model
Component Behavioural Models
Qualitative Behaviour Simulation
FFIP INPUT
Critical
Event
Scenarios
Function Failure Logic
FFIP OUTPUT
Functional Failure Estimates
Functional Failure Propagation Paths
Irem Y. Tumer
irem.tumer@ore
13
Function-Based Analysis of Critical Events
Approach:
Objectives
• Establish a standard framework for identifying and
modeling critical mission events
• Establish a method for identifying the information required
to ensure that these critical events occur as planned
• Provide a means to determine Health Management needs,
sensor locations, etc. during early design phase
• Assist the identification of requirements for critical events
during the design of space flight systems
Ex: Mars Polar Lander Landing Leg: Event Model During
Landing Leg Deployment
Structure,
Landing Leg,
Release Nut
Release
Signal
Begin
Deployment
Trigger
Release
Nut
Landing
Signal
Deploy
Leg
Latch Leg
End
Deployment
Structure,
Landing Leg,
Release Nut
Functional Model During Landing Leg Deployment
Benefits
• Standardized function-based modeling framework
• Development of event models and functional models very
early in the design of systems
• Identification of critical events and important functionality
from these models
• Requirements identification based on functional and event
models
Rot. E.
Release
Nut
Release
Signal
Import
Rot. E.
Convert
Rot. E. to
Mech. E.
Store
Mech. E.
Suppl y
Mech. E.
Convert
Mech E. to
Rot. E.
Export
Rot. E.
Import
Solid
Position
Solid
Secure
Solid
Stop
Mech. E.
Separate
Solid
Export
Solid
Rot. E.
Release
Nut
Import
Control
Signal
Methods
• Event Models for Systems
•Black Box
•Detailed
• Functional Models During Events
•Black Box
•Detailed
• Function-based Requirements Identification
Requirements Identified from Functional and Event Models
Flow Type
Solid Input
Flow
Release Nut
Cont ro l Sig n al Input
Release Sig n al
Solid Output
Release Nut
Sign a l Output
Sepa r ation
Re qui re m e n t
T he r e le a se nut must be
p rope r ly po s it ioned and
secured b e fore t h e rel e ase e vent c an occ u r
T he Rel e ase Sig n al wi ll in it iate t he Tr igger rel e ase
Nut event
At the complet io n of t he e vent , t he Rel e ase Nut w ill
be sep a rat ed fr o m t he l an d ing leg
After com p let ion of t he e vent , t he subs e quent event
wi ll be init iated w it hout a fo r m a l sig na l
Irem Y. Tumer
irem.tumer@ore
14
Model-Based Design & Analysis of ISHM Systems
Objectives
• Concurrent design of ISHM systems with vehicle systems
to ensure reliable operation and robust ISHM
• Model-based optimization of ISHM design and technology
selection to reduce risks and increase robustness
Benefits
• Identification of issues, costs, and constraints for ISHM
design to reduce cost and increase reliability of ISHM and
optimize mitigation strategies
• Streamlining the design process to decide when and how
to incorporate ISHM into system design, and how to
balance between cost, performance, safety and reliability
• Provide subsystem designers with insight into system level
effects of design changes.
ISHM
FUNCTIONAL
MODELS
Advanced
Studies
Functional Requirements
Qualitative Analysis
Risk Analysis
Functional FMEA
Preliminary
Analysis
Definition
Feasible
Concepts
Feasible
Concepts
Risk lists, Failure Modes
Reliability Models
Sensor selection
Maintainability
Feature selection
Testability
PRA/QRA
FTA/ETA
FMEA
Design
Functional
Baseline
Development
Build
Operations
Deploy
Mai n-Probl em Le ve l
Main Design Solution Set
Approach
• Formulate ISHM design as optimization problem
• Leverage research & tools for function-based design
methods, risk analysis, and design optimization to
incorporate ISHM design into system design practices
• Develop ISHM software design environment using ISHM
optimization algorithms
• Implement and validate inclusion of ISHM chair in
concurrent design teams (e.g., Team-X)
Design: {xsh , x1, É , xJ}
Top-level Optimization
Max FOMÕs
s.t. top-level constraints
Sub-Problem Le ve l
S ub-Problem 1
Design: {xsh , x1}
É
S ub-Problem J
Design: {xsh , xJ}
Down-selection
M ax H metric
Min S metric
Irem Y. Tumer
irem.tumer@ore
15
Risk Quantification During Concurrent Design
Objectives
• Enable rapid system level risk trade studies for concurrent
engineering design
• Develop a quantitative risk-analysis methodology that can
be used in the concurrent design environment
• Provide a real-time (dynamic) resource allocation vector
that guides the design process to minimize risks and
uncertainty based on both failure data and designers’
inputs
Benefits
• Improved resource management and reduced design
costs through early identification of risks & uncertainties
• Use common basis for trading risk with other system and
programmatic resources
• Increased reliability and effectiveness of mission systems
(TB)
Feasible Space of Allocation Vectors
Inferior Design Process
Approach
•
•
•
•
•
Develop functional model
Collect failure rates and pairwise correlations
Model design as a stochastic process
Formulate as a 2-objective optimization problem
Obtain the optimal resource allocation vector in real-time,
as the design evolves
Risk -Efficient Design Process
(RED-P)
Expected total risk benefit , E(TB)
Irem Y. Tumer
irem.tumer@ore
16
Cost-Benefit Analysis for ISHM Design
Objective:
• Create a cost-benefit analysis framework for ISHM that enables:
–
–
Optimal design of ISHM (sensor placements etc.)
Tradeoff analysis (does the benefit justify the cost?)
Approach:
• Maximize “Profit”!
A R C
N M
N
i 1
i 1
Ai R CR CD i
where:
–
–
–
–
–
–
–
P is Profit
A is Availability, a function of System Reliability, Inspection Interval, and Repair Rate.
N is number of System Functions.
M is the number of ISHM Sensor Functions utilized.
R is Revenue/Unit of Availability in USD.
Cost of Risk: quantifies financial risk in USD.
Cost of Detection: quantifies cost of detection of a fault in USD.
Irem Y. Tumer
irem.tumer@ore
17
Cost-Benefit Analysis Process
Since the Profit function is impacted by
a combination of revenue and cost of
risk, a Pareto Frontier can be created.
The frontier demonstrates the solution
for different trade-offs.
What is the “merit” Function? Captures interaction of IVHM cost, benefit, risk
Use Optimization to Maximize “merit” through optimal allocation of
IVHM to the conceptual system
What is the Design Space?
•Sensor allocations, Detection
Decision, Inspection Interval
Enable Optimal IVHM Design Decisions
$110
$100
$90
$80
Increasing Risk
1. Develop models to measure the impact of
various IVHM architectures (i.e. sensor
placements, data fusion algorithms, fault
detection and isolation methodologies) on
the safety, reliability, and availability of the
vehicle.
2. Once the impact of various IVHM
architectures on the vehicle are measured,
tradeoffs are formulated as a multiobjective
multidisciplinary optimization problem.
3. We can then create a decision support
system for the designers to handle IVHM
tradeoffs at the early stages of designing a
system.
Determine the “merits” of adding IVHM to a baseline system
Risk (Thousands USD)
Approach:
Dominated Region
Maximum Profit
(Equal Weights)
$70
$60
Increasing Revenue
$50
$930
$940
$950
$960
$970
$980
$990
$1,000 $1,010
Revenue (Thousands USD)
Irem Y. Tumer
irem.tumer@ore
18
Decision Support for Engineering Design Teams
Uncertainty capture, modeling, & management
Objectives
•
•
Facilitate collaborative decision-making and concept
evaluation in concurrent engineering design teams
Characterize uncertainty and risk in decisions from
initial design stages
Develop decision management tool for integration
into collaborative design and concurrent engineering
environments
Uncertainty
•
Design
Operations
Design
Uncertainty
Variation
Environmental Uncertainty
Internal Uncertainty
Time
Benefits
•
•
•
•
More robust designs starting from conceptual design
stage
Reduced design costs
Modeling important decisions points in highlyconcurrent engineering design teams
Incorporating tools and methods into fluid and
dynamic design environment
Approach
•
•
•
Understand uncertain decision-making in real design
teams
Develop framework to map design decision-making
to decision-theoretic models
Validate method and tool with a real engineering
teams
Irem Y. Tumer
irem.tumer@ore
19
Risk in Early Design (RED) Methodology
Objectives
– Identify and assess risks during conceptual
product design
– Effectively communicate risks
Benefits
– Improved Reliability
– Decreased cost associated with design
changes
Methods
– FMEA
•
RED can id system functions failure modes, occurrence, and
severity
– Fault Tree Analysis
•
RED can id at risk functions and potential failure paths from
functional models
– Event Tree Analysis
•
RED can id sequences of functions and subsystems at risk
from initiating events
Irem Y. Tumer
irem.tumer@ore
20
