The use of Interaction Laws on Air Traffic Control for Specifying Dependable Interactions Apt 02 03/04/2007 Domain Analysis Rodrigo Paes [email protected]
Apr 17, 2015
The use of Interaction Laws on Air Traffic Control for Specifying Dependable Interactions
Apt 0203/04/2007
Domain Analysis
Rodrigo Paes
Rodrigo Paes - [email protected] © LES/PUC-Rio
Agenda
• Typical Scenario
– Flight Plan Approval
– Take Off
– En route
– Landing
• Dependability
– Fault-tolerance (controllers and pilots)
– DepExp
• Laws
• Implementation … so far
Rodrigo Paes - [email protected] © LES/PUC-Rio
Flight plan approval
(Flight Plan, Airplane information)
Approve plan
Ground instructions
Ground instructions
Rodrigo Paes - [email protected] © LES/PUC-Rio
Take off
(Ask permission to take-off)
(permission)
takeoff
Rodrigo Paes - [email protected] © LES/PUC-Rio
En route
intersections
airways
radarcontroller
sector
weather
Rodrigo Paes - [email protected] © LES/PUC-Rio
Sequence diagram under normal situations
Rodrigo Paes - [email protected] © LES/PUC-Rio
Laws
• During the flight approval
– If the controller approves the flight plan, it must be verified if the airplane has the minimum autonomy, i.e.,
• A -> B -> C + 45 min.
• (DEP) (ARR) (ALT) (reserva)
• During the flight
– Airplanes must keep a safe distance
• Both vertical and horizontal
• Landing
– There is minimum amount of time between two landings
Rodrigo Paes - [email protected] © LES/PUC-Rio
Dependability
• Risk analysis (what can go wrong?)
– Communication failures
• Airplane – Controller
• Radar – Controller
– Controller unavailability
– Controller behaves against the laws
• She authorizes the take off of an airplane not in conformance with the minimum autonomy rule
• She informs changes in the flight plan. However these changes are not in conformance with the “safe distance” rule
• She does not comply with thee minimum time interval rule while authorizing the landing
– Airplane behaves against the laws
• She changes the flight plan with no authorization from the controller
Rodrigo Paes - [email protected] © LES/PUC-Rio
Dependability
• Dependability Explicit Computing
– We can keep continuously improving the system by:
• Assessing bad controllers and aircraft and perform actions to deal with them
– Assessment can be done automatically by monitoring the laws
– Dependability data
• Controllers
• Aircraft
– Examples
• Each time a controller or an aircraft performs an action that is not in conformance with the laws, then we should update the dependability database
Rodrigo Paes - [email protected] © LES/PUC-Rio
XMLaw
• Scenes
takeOff
monitoring
controllerOrders
handOver
landing
Rodrigo Paes - [email protected] © LES/PUC-Rio
TakeOff
takeOff{msg1{airplane, controller, handshake($flightPlan,$airplaneInfo)}msg2{controller, airplane, $groundInstructions}msg3{airplane, controller, askPermission}msg4{controller, airplane, ok}
s1{initial}s5{success}
t1{s1->s2, msg1}t2{s2->s3, msg2}t3{s3->s4, msg3}t4{s4->s5, msg4, [checkMinimumAutonomy]}
// takeOff scene's constraintscheckMinimumAutonomy{br.pucrio.CheckMinimumAutonomy}
}
Rodrigo Paes - [email protected] © LES/PUC-Rio
Monitoring
monitoring{
msg1{radar, controller, $flightProgressStrip}
msg2{airplane, controller, $flightProgressStrip}
msg3{airplane, controller, landing}
s1{initial}
s3{success}
t1{s1->s2, msg1}
t2{s1->s2, msg2}
t3{s2->s2, msg1}
t4{s2->s2, msg2}
t5{s2->s3, msg3}
}
Rodrigo Paes - [email protected] © LES/PUC-Rio
ControllerOrders
controllerOrders{
msg1{controller, airplane, $changeFlightPlan}
msg2{controller, airplane, end}
s1{initial}
s3{success}
t1{s1->s2, msg1}
t2{s2->s2, msg1}
t3{s2->s3, end}
}
Rodrigo Paes - [email protected] © LES/PUC-Rio
Handover
handover{
msg1{controller, airplane, $switchController}
s1{initial}
s2{success}
t1{s1->s2, msg1}
}
Rodrigo Paes - [email protected] © LES/PUC-Rio
landing
landing{
msg1{airplane, controller, $askPermission}
msg2{controller, airplane, ok}
s1{initial}
s3{success}
t1{s1->s2, msg1}
t2{s2->s3, ok, [checkMinimumDistance]}
// landing scene's constraints
checkMinimumDistance{br.pucrio.CheckMinimumDistance}
}
Rodrigo Paes - [email protected] © LES/PUC-Rio
Actions globais
// Global action
informControllerAndAirplane{(takeOff.checkMinimumAutonomy), br.pucrio.InformControllerAndAirplane}
detectFlightPlanChanges{(monitoring.t1, monitoring.t2, monitoring.t3, monitoring.t4, controllerOrders.t1, controllerOrders.t2)}
Rodrigo Paes - [email protected] © LES/PUC-Rio
Next steps
• Implementation level
– Integrate with XMLaw
• Change the interpreter of MLaw
– Implement Graphical Visualization
• Research
– Read Jean-Pierre’s Project
– Write Tech Report
• Focus on the flexibility of Laws to deal with dependability
DEMO
Rodrigo Paes - [email protected] © LES/PUC-Rio
Bibliografia Preliminar
• Sales, C. R., Sala de Regulamento de Tráfego Aéreo; http://www.airandinas.com/ - acessado em 18/01/2007
• Ljungberg, M. and A. Lucas, The OASIS Air Traffic Management System, in Second Pacific Rim International Conference on Artificial Intelligence. 1992: Seoul, Korea.
• Ndovie, B., Simulation of a conflict management system for air traffic control, in Second International Working Conference on CKBS. 1994: DAKE Centre, University of Keele.
• Felici, M., Capturing Emerging Complex Interactions - Safety Analysis in ATM, in Workshop on Complexity in Design and Engineering. 2005: Edinburgh, Scotlad.