Air AccidentsIt is axiomatic that air-accidents are serious disasters. When this tragedy happens, numerous people might go to their last home. So far, many accidents have occurred and many people have met their death. In Figure 1, shows the history of fatal accidents and casualties.
The statistical information focuses on only fatal accidents, not on incidents. If near accidents, i.e, incidents are included, the numbers increase significantly. Of course, as compared with the overall number of flights, it is regarded as a small portion of the traffic. However, considering modern safety technologies and a ripple effect on the accidents, it is not minor but critical.
Efforts to overcome Calamity
In order to prevent these accidents, international institutes such as ICAO, FAA, RTCA, EASA, and EUROCAE have been created. In addition many conferences are held annually toward complementing existing systems and revising standards. Finally, as a result of the meetings, Aviation Laws have been introduced. The laws or regulations are observed strictly. These regulations referred to as FAR (FAA), SARPs (ICAO), and JAR or EASA Parts (EASA). They focus on the equipment as well as operations of flight. All airplanes must comply with the Aviation Regulations. Furthermore, all equipment (maybe systems) carried with airplanes also should acquire certain certifications. In general, a system is able to divide into two parts, hardware and software. To verify that a certain system is safe, the hardware must pass DO-254, and the software must adhere to levels of DO-178B in aviation area currently. Through these certifications, the airplane is regarded as safe, as well as a system. In the event, accidents could decrease. Also, many research institutes as laboratories in colleges and research centres attached to companies have submitted the reports about enhancement or safety issues of existing system using their know-how to develop avionics systems.
Anti Mid-Air Collision System - TCAS
There are a number of causes of air accidents. Also, the accidents have occurred in different flight phases. Table 1 indicates the number of fatal accidents per flight phase and the average survival percentage of each phase (note the data shows only fatal multi-engine airliner accidents).
According to the table, including unknown phase, 8 major phases are described with respect to air accidents. Among all the phases, the worst case is ENR (En-Route) phase. In this phase, the primary cause of catastrophic events is mid-air collisions and not weather. Because two or more airplanes lead up to the accident, unexpectedly as a dangerous phase, it is placed above APR (Approach) and LDG (Landing). (Note that more left column means more recent year.) Furthermore it is the most hazardous from the average survival percentage point of view.
Fortunately, general and effective systems which deal with on air-to-air collision (or mid-air collision; MAC) exist. They are TCAS (Traffic alert and Collision Avoidance System) or ACAS (Airborne Collision Avoidance System). TCAS and ACAS are almost same excluding minor capabilities. For examples, TCAS II Version 7 is completely same system as ACAS II. ACAS is called in Europe, while TCAS in USA and other regions generally.
TCAS is classified under 4 categories, that is, TCAS-Passive, TCAS I, TCAS II, and TCAS III. Excluding Passive version, it can be inferred the performance (or capability) from its name (exactly, the categories). TCAS I provides only-TA mode. If the airplane carries TCAS II, crews can be provided TA and Vertical-RA. TA (Traffic Advisory) and RA (Resolution Advisory) are the levels of threat. When TA is issued, it means an airplane may be a threat, and crews have to check the situation constantly. If TA changes to RA, crews should maneuver the airplane into the position indicated by TCAS to avoid MAC. Last, TCAS III provides TA, Vertical-RA and Horizontal-RA, but it was cancelled because of ADS-B (Automatic Dependent Surveillance-Broadcast).
Briefly, TCAS II is a system used for detecting and tracking aircraft in the vicinity of own aircraft. By interrogating their transponders it analyzes the replies to determine range, bearing, and if reporting altitude, the relative altitude of the intruder. Should the TCAS II processor determine that a possible collision hazard exists, it issues visual and aural advisories to the crew for appropriate vertical avoidance maneuvers. TCAS is unable to detect any intruding aircraft without an operating transponder.
TCAS II performs several tests to determine a threat. First, the system calculates time (in units of second) to CPA (Closest Point of Approach). Then, it computes an altitude difference between own airplane and the target. The difference is also called vertical separation. Finally, TCAS computer determines a threat utilizing the results of time to CPA and vertical separation. Figure 2(a) shows the range test. This test utilizes computed time to CPA, tau. The tau as well as vertical separation which is the result of altitude test is afforded a basis for detecting a threat. Note that the distances in the figure are relative, and they always might be changed by relative velocity between two airplanes. TCAS uses only tau, but preparing for very slow closure rate, the range tau boundaries are modified. It means that if two airplanes get near very slowly, TCAS utilizes pre-defined distance instead of tau. But in altitude test as shown in figure 2(b), generally fixed vertical distance is utilized. These parameters are prescribed according to the altitude of own airplane and classified under 8 levels which is called Sensitivity Level. SL lists were omitted.
Collision Avoidance Algorithm
As mentioned above, TCAS performs computations and tests. Examining the detail, CAS logic is able to be expressed as shown in figure 3. It is the flowchart of the avoidance logic. Without considering real-time properties, task scheduling, it can be divided into 3 major phases. The first phase is surveillance. In this phase, TCAS communicates
with other airplanes via TCAS transponder or SSR Mode-S transponder. These radars are not concerned and also omitted. Next, in the second phase, tracking airplanes (own and others) and detecting threats are performed. To check the details, you can refer to DO-185. Last, utilizing the results of second phase, TCAS may notify the crews that the airplane encounter an intruder (or maybe threat airplane). You can see the list of aural advisories as well as symbols used on TCAS display in Appendix.
However, TCAS still has several limitations as following:
- TCAS II is limited to supporting only vertical advisories, thus it cannot ensure the safety from more complex traffic conflict scenarios.
- It may occur that controller and pilot are faced with different situations. For instance, controller may decide that upward avoidance is better while pilot encounters downward advisory by TCAS.
- Not all aircraft carry TCAS. It means if an intruder is not equipped with TCAS, the airplane would be maneuvered by only pilot’s decision. But the other airplane equipped TCAS may fly to the same direction.
- Upward advisory provided by TCAS and stall warning may occur at the same time. Sometimes during ascending in order to follow the advisory, stall warning can occur because of bad weather such as wind shear.
- Considering UAVs whose capability of ascent/descent is low, TCAS would not be operated correctly.
- Maybe there are obstacles such as mountains, tall towers, or some vehicles not detected.
A Case Study on Solving TCAS Limitations at KAU
Korea Aerospace University (KAU) is one of the unique universities that deal with aerodynamics and avionics system in South Korea. Making a formal introduction about me, I’m working on the master’s course in Electronic Engineering, especially Avionics, under Professor Sang-Seok Lim. To deal with MAC, we concluded existing TCAS system is not suitable for meeting current situation. The tendency of the world affairs implies that the number of airplane will increase rapidly. Also, the airspace must become complex, and especially vertical separation has narrowed owing to RVSM. Furthermore, when considering the TCAS limitations, it is obvious that only vertical avoidance is not enough, and an avoidance system must consider air traffic, terrain, and the airplane’s performance and configuration (flaps, landing gear, and so forth). So we’ve studied on the Integrated Situation Awareness and Avoidance System; we call it ISAAS). As a part of the study, we designed TCAS logic simulator based on DO-185 MOPS because it is necessary to analyze and apply enhanced logics.
Figure 4 shows the simulator. The left display shows a situation around the own airplane. It is also used for checking flight paths both own and intruder’s. In addition, to prepare ISAAS, geographic information is also included in the simulator (only mountain yet). It can be also found that TCAS RA Display. It indicates ranges and vertical distance between own airplane and intruders, and also indicates fly-to region and not to go region when a threat detected. This display also must comply with DO document. Last, several major parameters are listed on the bottom of the simulator.
To make a safety-software, Esterel Technologies’ SCADE 6.0 is used. SCADE is an model-based IDE (Integrated Development Environment) provided by Esterel Technologies. It facilitates software development in a short period. It also provides organic verification methods, and the tool complies with certification for standards such as DO-178B (Aerospace & Defence), EN 50128 (Railway), IEC 61508 (Transportation & Industry) and IEC 60880 (Nuclear Industry), that is, for the Safety-Critical and Mission-Critical systems.
In short, SCADE is one of the best formal modelling and development tools. It facilitates safe software development by means of data-flow modelling and state-oriented modelling, and it affords proof of traceability from requirement to C source code. Also, it can be done to verify the design in SCADE itself utilizing simulation and MC/DC (Modified Condition / Decision Coverage). MC/DC is one strength method to verify that the simulation is enough, and it must be applied to be certified with DO-178B Level A. To get more detailed information, you can visit the website of Esterel Technologies (www.esterel-technologies.com). The IDE generates MISRA-C compliant source code, and we adopted it. Of course, the CAS logic was designed with DO-185 MOPS compliance.
As a result, we could find numerous problems related to the limitations of existing TCAS. At least, air traffic and terrain (also performance or configuration of airplane) might be worth consideration together. It means that the next generation anti-accident system would decide an avoidance direction and strength synthetically.
Indeed, similar system is introduced by Honeywell or ACSS. However, this system is not certified for TCAS I or II applications. Also, it is integrated with TCAS I capability, that is, it can provide only TA. Thus, synthetic avoidance is not provided. Of course, it is so difficult to combine air traffic and terrain information. Nevertheless, to achieve perfect safety of aviation, it must be studied and studied, in the interest of our safety.
To deal with increase in the number of airplanes and complexity of the airspaces, it is necessary to enhance current TCAS or to develop a next generation collision avoidance system; we want to call it ISAAS. It must consider air traffic as well as terrain information and airplane’s performance or configuration. At KAU in Korea, as a link in a chain of ISAAS, it is designed that TCAS simulator to verify problems of existing TCAS, to apply new logics, and to evaluate the influence of application of that logics. It can be concluded current anti-MAC system is incongruent because of the tendency of the world affairs mentioned first. Thus, the next generation anti-accident system should be integrated with terrain awareness system and airplane management system.
• more@click-Code: EE-2009-08-05-Esterel