Aerospace and Electronic Systems Magazine April 2017 - 6

Airplane Flight Safety Using Error-Tolerant Data Stream Processing

MOTIVATION
DATA-ERROR-TOLERANT STREAM PROCESSING
Fault detection is based on data errors, which can come from sensor, processing, or information errors. To detect data errors, PILOTS exploits logical redundancy that exists between fault-independent sensor sources. In the presence of faults, PILOTS uses
known redundancy to estimate incorrectly reported data.
Consider an example shown in Figure 2a, which shows the re
lationship between three speed vectors: airspeed (va), ground speed


(vg), and wind speed (vw). These speeds are obtained through independent data collection methods: the ground speed is typically
computed from GPS hardware, the airspeed is computed from
dynamic air pressure measurements by pitot tubes, and the wind
speed from weather forecast computer models. Since any one of
the three speeds can be calculated using the other two with Equation (1) according to physical principles, they are redundant to
each other. PILOTS first uses crosscheck on whether the relationship holds, and if not, estimates the correct values. For example, if

 

va is incorrect, then va is estimated using vector arithmetic: vg  vw.

  
v
va  vw
g

(1)

Even though wind speed estimation from computer models
may not be highly accurate, we only need a reasonable approximation to get the current fault mode (e.g., normal condition vs
pitot-tubes fault). If Equation (1) holds within that error threshold,
we can assume normal conditions and estimate wind speed from
airspeed and ground speed. However, once Equation (1) is significantly violated, signaling an error-e.g., in the case of Air France
447, airspeed dropped from 470 knots to 180 knots after pitot tubes
iced-the system can, upon issuing a warning and getting agreement from the pilots, use the best-known wind speed estimate to
compute airspeed as shown in Figure 2b. If the error remains for
too long-in AF447, pitot tubes recovered after 33 seconds-there
are methods to estimate wind speed on board, such as making a
circular standard-rate turn and calculating wind speed by GPSmeasured position shift [29]. It is also possible to regularly get
wind speed data from nearby airplanes or from updated weather
forecasts.
Numerous flight accidents have resulted from sensor faults
causing erroneous speed indications. Automated real-time sensor
data cross-checks could help prevent similar accidents in the future.



(a) Independently-produced
correlated

 data streams: airspeed (va),
ground speed (vg), and wind speed (vw). (b) Calculating wind speed in
normal mode and using it to correct airspeed in the pitot-tube error mode.

data, e.g., the path of the plane, and high-fidelity dynamics models
[23] to give plausible/estimated attitude information to pilots.
Given the numerous aviation accidents that have occurred due
to sensor faults inducing data errors, it is imperative to further
research avionics systems for detecting and correcting for sensor
malfunctions using logical redundancy.

DETECTING SENSOR FAULTS

FLIGHT ACCIDENTS
Table 1 presents several flight accidents that motivate the use of
methods to perform fault-tolerant sensor data evaluation through
data redundancy or system-advised precautionary measures. For
example, in the accident of Azerbaijan Airlines Flight 217 in 2005,
all three gyroscopes failed during the climb, while in the Copa Airlines Flight 201 in 1993, a short circuit rendered the attitude indicator inoperative. In both cases, a dynamic data-driven avionics system could recreate a virtual artificial horizon from nongyroscopic
6

Figure 2.

ERROR SIGNATURE-BASED FAULT DETECTION
A key need in avionics health monitoring is capturing the redundancy between input variables, which requires an error function,
also known as a residual. It is possible to recognize the shape
of the error function on known faults by using error signatures.
Signatures can then be used to identify an erroneous variable and
compute a new value for that variable from redundant data. An

IEEE A&E SYSTEMS MAGAZINE

APRIL 2017

Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine April 2017