Parallel Processing for Jet Engine Control

1 Preliminaries.- 1.0 Introduction.- 1.1 Outline of Chapters.- 1.2 Contributions to Current Research.- 2 Controller and Engine Simulation Implementation.- 2.0 Introduction.- 2.1 Engines — An Introduction.- 2.1.1 Compressor.- 2.1.2 Combustion Chamber.- 2.1.3 Turbine.- 2.2 Gas Turbine Types.- 2.3 Afterburning or Reheat.- 2.4 Requirements and Current Trends in Engine and Controller Design.- 2.5 Compressor Surge.- 2.6 Engine Modelling.- 2.6.1 Fuel System.- 2.6.2 Gas Generator Dynamics.- 2.6.3 Turbine Blade Temperature (TBT).- 2.6.4 Engine Thrust.- 2.7 The Controller.- 2.8 Engine Starting.- 2.8.1 Temperature Limiting During Starting.- 2.9 Normal Operation.- 2.9.1 Governor Control.- 2.9.2 Acceleration Control Loop.- 2.9.3 Deceleration Control Loop.- 2.9.4 Overselling and Underselling Limiter Tasks.- 2.9.5 TBTLimiter.- 2.9.6 Low Pressure Turbine Control.- 2.10 Reheat and Nozzle Control.- 2.10.1 Nozzle Control.- 2.10.2 Fuel Flow Demand Control.- 2.10.3 Reheat Sequencing Control.- 2.11 Baseline Simulation.- 2.11.1 Controller Simulation.- 2.12 TSIM Simulation Implementation.- 2.13 Pole-Zero Mapping.- 2.14 Matlab Simulation Implementation.- 2.15 Concluding Remarks.- 2.15.1 Engine Modelling.- 2.15.2 Baseline Simulation.- 2.15.3 Digital Simulation.- 3 Controller and Engine Simulation on the Inmos Transputer.- 3.0 Introduction.- 3.1 Occam and the Transputer.- 3.1.1 Von Neumann Computers.- 3.1.2 Inmos Transputer.- 3.1.2.1 Inmos Serial Links.- 3.1.2.2 Memory.- 3.2 Occam.- 3.2.1 The Occam Constructs.- 3.2.2 Further Aspects of Occam.- 3.3 Occam Simulation of Engine Model.- 3.3.1 Operating Modes of Simulation.- 3.3.2 Simulation Initialisation.- 3.3.3 Program Options.- 3.3.4 Results from Simulation.- 3.4 Multi-Processor Implementation.- 3.4.1 Engine Simulation Load Balancing.- 3.4.2 Controller Simulation.- 3.4.3 Modified Controller Simulation.- 3.5 Load Balancing.- 3.5.1 Mapping Considerations.- 3.5.2 Controller Mapping onto 2 Processors.- 3.5.3 Controller Mapping onto 3 and 4 Processors.- 3.6 Model Enhancements.- 3.6.1 Addition of Reheat.- 3.6.2 Reheat Mapping onto 2 Processors.- 3.6.3 Reheat Mapping onto 3 and 4 Processors.- 3.6.4 Start-up Control and In-flight Relighting.- 3.7 Concluding Remarks.- 3.7.1 The Transputer and Occam.- 3.7.2 Mapping Issues.- 3.7.3 Performance Estimation and Improvements.- 3.7.4 Architectural Issues.- 3.7.5 Achievements.- 4 Alternative Approaches to Parallel Processing — The Butterfly Plus and Helios Systems.- 4.1 The Helios Operating System.- 4.1.1 Helios Shell Interface.- 4.1.2 I/O Server.- 4.1.3 Helios C Compiler.- 4.1.4 Static and Dynamic Load Balancing.- 4.2 Interprocess Communication.- 4.2.1 Communication.- 4.2.2 Communication Failure.- 4.2.3 Synchronisation.- 4.2.4 Implementation of Communication.- 4.3 Programming in Helios.- 4.3.1 Modifications Needed to C Code.- 4.3.2 Debugging.- 4.3.3 Assignment of Parallel Tasks.- 4.3.4 Task Force Manager (TFM).- 4.4 Analysis of System Performance.- 4.4.1 Timing Using the Real-Time Clock.- 4.4.2 Execution Times.- 4.4.3 Task Force Manager Overheads.- 4.4.4 Consistency of Timings.- 4.5 General Comments on the Helios System.- 4.6 Conclusions.- 4.6.1 Suitability for Real-Time Control.- 4.6.2 Fault Tolerance.- 4.6.3 General Comments.- 4.6.4 Reliability.- 4.6.5 Farm Construct.- 4.7 The Butterfly Plus Computer.- 4.8 Overview of Hardware.- 4.8.1 Processor Node Card.- 4.8.2 Switch Interface and Deadlock Handling.- 4.8.2.1 Receiver.- 4.8.2.2 Transmitter.- 4.8.3 Switch Card.- 4.8.3.1 Example of Butterfly Switch Efficiency.- 4.8.3.2 Switch Protocol.- 4.8.3.3 Switch Protocol Example.- 4.8.3.4 Switch Contention Handling.- 4.9 Programming the Butterfly Plus.- 4.9.1 Introduction.- 4.9.2 Utilities Available.- 4.9.3 Communication Synchronisation.- 4.9.4 Programming Alternatives.- 4.9.5 Uniform System Approach.- 4.10 Summary of Software Design.- 4.11 Comparison of Sun 3 and Butterfly Plus.- 4.12 GIST Analysis.- 4.12.1 Introduction.- 4.12.2 Typical GISTTrace.- 4.12.3 Parallel Mapping.- 4.13 GIST Analysis of Program.- 4.13.1 System Performance: 1–5 Processors.- 4.13.2 Detailed Analysis of System Performance on 4 and 5 Processors.- 4.13.2.1 Four Processors — Engine Simulation.- 4.13.2.2 Four Processors — Controller Simulation.- 4.13.2.3 Five Processors — Engine Simulation.- 4.13.2.4 Five Processors — Controller Simulation.- 4.13.3 Detailed Analysis of System Performance on 4 and 5 Processors — Concluding Remarks.- 4.14 Task Length Modification.- 4.14.1 Modified Simulation Results.- 4.15 Summary of Butterfly Plus Results.- 4.15.1 Program Organisation.- 4.15.2 Task Generators.- 4.15.3 Real-Time Scheduler.- 4.16 Comparison of Helios and Butterfly Plus.- 4.17 Concluding Remarks.- 4.17.1 Summary.- 4.17.2 Helios Operating System.- 4.17.3 Butterfly Plus and Uniform System.- 4.17.4 Automatic Load Balancing.- 5 Formal Methods and System Specifications.- 5.0 Introduction.- 5.1 System Requirements.- 5.2 The Need for Formal Methods.- 5.2.1 The Advantages of Formal Methods.- 5.2.2 The Need for a Mathematical Specification.- 5.2.3 The Structure of Formal Methods.- 5.2.3.1 The Vienna Development Method (VDM).- 5.2.3.2 The Z Specification Language.- 5.3 Summary of Disadvantages of Formal Methods.- 5.4 System Validation and Verification.- 5.4.1 System Validation.- 5.4.2 System Verification.- 5.5 Conventional Testing.- 5.5.1 Static Code Analysis.- 5.5.2 Automated Tools for Analysis.- 5.6 Formal Methods for Hardware Specification.- 5.6.1 ELLA.- 5.6.2 VIPER.- 5.6.3 Formal Methods Applied to the T800 Transputer Floating Point Unit.- 5.7 Application of Formal Methods to Transputers.- 5.7.1 Problems of Asynchronous Processors.- 5.7.2 The Trace Model of CSP.- 5.8 Use of Formal Methods in Fault Tolerant Systems.- 5.8.1 Fail-Safe or Shut-Down Systems.- 5.8.2 Control and Protection Systems.- 5.8.3 Formal Specification of N-Lane Replication (N>1).- 5.8.4 Reconfigurable Systems.- 5.9 Specifications for Gas Turbine Systems.- 5.9.1 Top-Level Specification of Gas Turbine Controller Software.- 5.9.2 Review of CSAN 1454 Draft Guidelines Document with Regard to Parallel Processing and in Particular to the use of Transputer Arrays.- 5.9.3 Intercommunication.- 5.9.4 Input-Output Conditioning.- 5.9.5 Cycle Segregation.- 5.9.6 Interrupts.- 5.9.7 Fault Detection and System Monitoring Principles.- 5.9.8 Precision of Monitoring.- 5.9.9 Independence of Comparison.- 5.9.10 Scope of Self-Check Program.- 5.9.11 Protection Against Dormant Faults.- 5.9.12 Computer Automony.- 5.9.13 Fault Modes and Effects.- 5.9.13.1 Fault Categories.- 5.9.13.2 Spurious Faults.- 5.9.14 Final Failure Case.- 5.10 Concluding Remarks.- 5.10.1 Summary.- 5.10.2 Perceived Benefits of Formal Methods.- 5.10.3 Design of Gas Turbine Controller Software.- 6 Failure Management and its Application in Gas Turbine Engine Control.- 6.0 Summary.- 6.1 Introduction.- 6.2 The History of Fault Tolerance in Computers.- 6.3 Characterisation of Faults.- 6.3.1 Design Faults.- 6.3.2 Operational Faults.- 6.3.3 Byzantine Generals Disagreement.- 6.3.4 Power Supply Failure.- 6.3.5 Fault Categories Addressed.- 6.4 Desired Response from a Fault Tolerant System.- 6.5 Fault Tolerant Techniques.- 6.5.1 Fault Tolerant Techniques.- 6.6 Hardware Redundancy.- 6.6.1 Active Replication.- 6.6.2 Passive Replication.- 6.7 Software Redundancy.- 6.8 Designing Fault Tolerance into the Process.- 6.9 Evaluation Measures.- 6.10 Application of Fault Tolerance to Systems.- 6.10.1 Long-Life Applications.- 6.10.2 Critical Computations.- 6.10.3 Maintenance Avoidance.- 6.10.4 Availability.- 6.11 Fault Tolerant Processor Topologies.- 6.11.1 Loop Topology.- 6.11.2 Tree Architectures.- 6.11.3 Array Processors.- 6.12 Review of Fault Tolerant Designs Already Implemented.- 6.13 Design and Implementation of Fault Tolerant Gas Turbine Engine Controllers.- 6.13.1 Aim of the Investigation.- 6.14 Design Constraints of Aero-Engines.- 6.14.1 Design Philosophy.- 6.15 Backward Error Recovery/TMR Scheme (BER/TMR).- 6.15.1 Normal Mode.- 6.15.2 Voter/Identifier Mode.- 6.15.3 Conclusions From BER/TMR Method.- 6.15.4 Summary of BER/TMR System.- 6.16 Method of Overlapping Triads (DTMR System).- 6.16.1 Evolution of the Processor Topology.- 6.16.2 Reliability Analysis of the Configuration.- 6.16.3 Input Data Validation.- 6.16.4 Controller Task Calculation.- 6.16.5 Data Output Validation.- 6.16.6 Relay Selection of Output DACs.- 6.16.7 Link Adaptor Shutdown Logic.- 6.16.8 System Testing.- 6.17 Communication Channel Failure.- 6.17.1 System Synchronisation.- 6.17.2 Communication Failure Detection and Accommodation.- 6.17.3 Cascade Approach.- 6.17.4 “Lemming” Approach.- 6.17.5 Self-Adjusting Time Frame Technique.- 6.17.6 Link Failure Handling Software.- 6.17.7 Limitations Imposed by Link Failure Handling.- 6.17.8 Modified Input Data Validation.- 6.17.9 Conclusions of “Overlapping Triads” Method.- 6.18 “Hot Sparing” Technique.- 6.18.1 Data Input.- 6.18.2 Controller Task Implementation.- 6.18.3 Data Output.- 6.18.4 Byzantine Disagreement Handling.- 6.18.5 Problems Emcountered with the Inmos C004.- 6.18.6 Voted Deselect.- 6.18.7 Link Relays.- 6.18.8 Conclusions of “Hot Sparing” Implementation.- 6.19 Concluding Remarks.- 6.19.1 Summary.- 6.19.2 BER/TMR Backward Error Recovery System.- 6.19.3 Overlapping Triad System.- 6.19.4 Hot Sparing System.- 6.19.5 Transputer Architectural Restrictions.- 7 Concluding Remarks.- 7.0 Project Motivation.- 7.1 Gas Turbine Engine Modelling.- 7.2 Transputer Implementation.- 7.3 Comparison Using Diverse Architectures.- 7.4 System Requirements and Formal Methods.- 7.5 Fault Tolerant Systems.- 7.6 Areas for Further Research.- 7.6.1 T9000 Series of Transputers.- 7.6.2 Future Software Developments for the T9000.- Appendices.- A Hardware Development.- A.1 Introduction.- A.2 Single Eurocard Development Rack.- A.3 Inmos Strategy.- A.4 Overview of Transputer Products.- A.4.1 T414 Transputer.- A.4.2 T800 Transputer.- A.4.3 T212 Transputer.- A.4.4 M212 Transputer.- A.4.5 C004 Programmable Link Switch.- A.4.6 The Inmos Link Adaptor.- A.5 The Transputer Architecture.- A.5.1 Clock.- A.5.2 Analyse and Error.- A.5.3 Event Request and Event Acknowledge.- A.5.4 External Memory Interface.- A.5.5 External Memory Interface Program.- A.5.6 Reset.- A.5.7 Booting.- A.6 Development Transputer Card.- A.6.1 Static RAM Board.- A.6.2 Dynamic RAM Board.- A.6.3 Software Testing.- A.7 The Single Eurocard Transputer Card.- A.8 Standalone Network Loader Card.- A.8.1 Design Overview.- A.8.2 EPROM Programming.- A.9 Reset/Analyse Debugging.- A.9.1 Debugging Facilities.- A.9.2 Debugger Operation.- A.10 Programmable Link Switch Card.- A.10.1 Performance of Link Switch.- A. 11 12-Bit Transputer Multi-Channel ADC Card.- A. 12 12-Bit Transputer Multi-Channel DAC Card.- A.13 VME Bus Interface Card.- A.13.1 VME Bus Transputer Interface (VMETI).- A.14 Summary.- B Helios Default Maps.- C Text of Section 21 of DS 00–55.- D Evaluation Measures of Fault Tolerant Techniques.- D.1 Terminology.- D.1.1 Coverage.- D.1.2 Reliability.- D.1.3 Mission Time.- D.1.4 Availability.- D.I.5 Testability and Verifiability.- D.1.6 Other Important Factors.- D.2 Quantitative Measures.- D.2.1 Combinatorial Modelling.- D.2.2 Markov Modelling.- D.2.3 Reliability Analysis of Passive Replication.- D.2.4 Series Reliability.- D.2.5 Parallel Reliability.- D.2.6 Simplex System.- D.2.7 Duplex System.- D.2.8 M of N Systems.- D.2.9 Reliability Comparison.- D.2.10 MTTF Comparison.- D.2.11 Mission Time Comparison.- E. Overview of Fault Tolerant Designs Already Realised.- E.1 Tandem 16 Nonstop.- E.2 Augusta A129.- E.3 The General Purpose Digital Controller (GPDC).- E.4 SIFT.- E.5 FTMP.- E.6 MAFT.- E.7 FASP.- E.8 Fault Tolerance in VLSI (The Intel iAPX 432).- F. The Fault Integrator.- G. Formal Expression of Overlapping Triads Technique.- G.1 The “Overlapping Triads” Technique.- G.1.1 Voting.- G.1.2 Voting Action.- G.2 Monitor Action.- G.2.1 Fault Categories.- G.3 Example.- G.3.1 Reconfiguration.- G.3.2 Failure of Monitor Transputers.- H. Self-Test Procedure.- I. Formal Expression of Extension of Overlapping Triads to Hot Sparing System.- 1.1 The “Hot Sparing” Technique.- 1.1.1 Voting.- 1.1.2 Voting Action.- 1.2 Monitoring Action.- 1.2.1 Fault Categories.- 1.3 Example.- 1.3.1 Reconfiguration.- 1.3.2 Failure in Monitoring of Transputers.- References.