next up previous
Next: Updates Up: Design Patterns for Avionics Previous: Flow

Monitoring and Control

 

Monitoring and control components supervise ACS functionality by:

The most important consideration in designing the supervisory structure in an ACS is the degree of centralization needed or desired to perform requisite actions. In a fully centralized approach, a single system supervisor continuously assesses the state of every component whose reliability may vary, and and manages the state of every component whose behavior may be altered. This leads to simple control mechanics, but can generate bottlenecks and unacceptable performance. In a fully decentralized approach, each component assesses and manages its own control state, as well as that of other Connected components in the course of its primary operations. This avoids the need for supervision, but requires often-unattainably accurate and complex synchronization and propagation operations to nearly every component in the system.

Hierarchical approaches represent the best and most common middle ground. Here, each component manages strictly local concerns. Intermediate supervisory components manage groups of components, but are in turn managed by more centralized supervisors. Taking a hierarchical approach hits the worst aspects of full centralization or full decentralization only when they unavoidable due to the nature of the particular supervisory problem at hand.

Design Steps

Organize monitoring and control facilities into hierarchically partitioned domains. When possible, match this partitioning to Configuration strategies so that control domains mirror the implementation-level decomposition of the system.

For each, define a Supervisor that interacts with and manage states of components under its domain. Supervisors are special kinds of state machines. Their states reflect in-the-small Models of selected aspects of the system itself, and their transitions result in actions that change the state of components under their domain.

Supervisors may be constructed using standard methods[2,4,11] for designing and building state machines:

On the supervisee side, monitoring and control operations conceptually sit atop those dealing with the overall functional Flow of an ACS. Ideally, monitoring would simply represent additional independent ``outputs'' performed in the course of model Updates, and control would represent independent inputs. In principle, these should be layerable on top of base functionality. However, in most cases in practice, they must be spliced directly into base operations, adding complexity to both representations and algorithms. In particular, since the vast majority of supervisory operations in an ACS revolve around the maintenance of Accurate models, these concerns infiltrate the design of nearly every ACS component.



next up previous
Next: Updates Up: Design Patterns for Avionics Previous: Flow



Doug Lea
Tue Mar 28 08:50:41 EST 1995