Finite state machine control for aircraft electrical distribution system

: This study deals with the development of new control logic for more electric aircraft (MEA) electrical power systems (EPSs). A key aspect of the MEA concept is that traditional pneumatic and hydraulic loads are replaced by electrical equivalents. These new electrical systems are more reliable, highly ef ﬁ cient, and easier to replace or maintain. However, as the number of on-board electrical loads increases the electrical distribution systems on-board are becoming more and more complex. As a result, the control system needs to be adapted and improved in order to allow better manage the overall electrical energy ﬂ ow, provide faster computational operations, and ensure operation of safety-critical loads under all fault scenarios. This study ﬁ rst gives a brief analysis of the different electrical system topologies before out-lining potential control strategies which may be applicable to future MEA EPSs. A new control concept for MEA EPSs is then investigated and considered as a potential substitute of the classical control systems. Finally, a model of the newly proposed logic is implemented and simulated showing how it is able to select and apply a correct recon ﬁ guration of the electrical system under different operating conditions.


Introduction
Aircraft electrical power systems (EPSs) have made significant advances over the years as aircraft have become more dependent on electrically powered services. From 1950 to 2010, electrical systems on-board aircraft have become more and more complex. The associated increase in on-board power is related with the evolution of more electric aircraft (MEA) [1]. Conventional aircraft architectures used for civil aircraft employ a combination of systems dependent on mechanical, hydraulic, pneumatic, and electrical sources. In a conventional aircraft architecture, fuel is converted into power by the engines where most of the power is used as a propulsive power to move the aircraft. From [2], it can be understood that a simple leak in the pneumatic or hydraulic system may lead to the outage of every user of that network; moreover, the leak is generally difficult to detect and cannot be accessed easily. The trend is to move toward the MEA due to the benefits that it can bring in terms of design and efficiency. The aim of this historical step change in technology is to reduce operating costs, fuel consumption, and the environmental impact of future air travel [3]. To study the electrical system from the side of the power network is important to analyse some important aspects. To ensure high availability of electric power within the aircraft, the power network architecture should allow for a potential redundancy of the power supply. Aircraft dynamic loads such as electrically powered actuators draw transient power for a brief period of time. Designing a generator to provide such dynamic power will increase weight and cost. Moreover, peak power demands from the electrical network must be maintained at an absolute minimum for safety reasons. Energy storage systems, along with suitable power electronic interfaces, can provide a wide array of solutions to such key issues (i.e. different energy configurations of the network) by providing clean and stable power in an affordable manner so as to improve power quality and electric power system stability [4]. The generation and distribution architecture must be flexible so that power backup can occur. This paper investigates a new control logic approach for the on-board electrical network in order to obtain an improved design of the EPS and control logic. This paper is divided as follows: in Section 2, an EPS power management problem is outlined which utilises two differing EPS topologies; Section 3 introduces the reconfiguration strategies for the EPS network management; Section 4 introduces the theoretical framework of the logic applied; Section 5 details the model used to simulate the proposed logic; and in Section 6 simulation results are shown to demonstrate the potential of the new control logic.

EPS management problem and different topologies
Standard EPSs for modern civil aircraft are supplied by electrical generators connected to the main engines (in most cases, each engine supplies two generators). These are, therefore, the primary EP sources. The generators supply power to a set of loads, which can be an induction motor driving a hydraulic pump or lamps through dedicated AC buses. Typically, each AC bus delivers power to a DC bus through a transformer rectifier unit. The DC buses are usually used for supplying the avionics systems on-board and the de-icing systems. On all buses, contactors, which are electromechanical devices for commutations of electrical circuits, are used to control the flow of power by reconfiguring the topology of the electric power system and can establish connections between components. In the case of a generator failure, an auxiliary power unit or battery may be used to power buses through a different reconfiguration of system components. Different reconfigurations of the system will change the open or closed status of switches (contactors) and thereby affect the power level of different buses or loads. While standard topologies (i.e. structural arrangement of components) for electric power systems are already complex, next-generation aircrafts are expected to become even more elaborate, and makes the design the entire EPS a more difficult task [5]. In the design of military aircraft and unmanned aircraft, the use of high-voltage DC (HVDC) is now being considered in order to cope with the high power demand of the system. The main idea is the use of an increased DC voltage, typically 270 V dc , which comes from the conversion of 115 V ac through a transformer rectifier unit. The F-22 and F-35 both currently utilise HVDC [6]. There are two main reasons for utilising this higher-voltage level. First, it is possible to obtain 270 V dc from a conventional generator, by means of a transformer rectifier unit. Second, some equipments (e.g. radars The 4th International Symposium on More Electric Aircraft Technology (MEA 2017) 8-9 November 2017 and direct actuator controllers), which are powered from 115 V ac , have integrated blocks of rectification that convert the 115 V ac levels to 270 V dc , so it is possible to reduce the weight of some equipment. Two illustrative MEA EPS configurations are shown in Figs. 1 and 2.
The figures show the single-line diagram of the EPS, the generators are supplying the buses, while the switches C 1 , …, C n are used to set the power paths between the sources and the buses [7]. Therefore, the switches provide the ability to reconfigure the EPS. The control system gives the possibility to manage the power flow distribution in an increased number of ways, but it is important to find the correct strategy in order to get the best performance for each scenario. Energy management strategy aims to guarantee the quality and stability of the EPS network by controlling power flow, while respecting their nominal operating point and avoiding unfavourable conditions of use such as high cycling rates for batteries or high dynamic power demands for generators. Indeed, a key aim of such strategies is to better control EPS current [8] in order to: † Reduce size of the cables. † Reduce size of the power sources. † Better energy flow configurations. † Improved efficiency in terms of weight.
† Storing the surplus energy into the battery.
Safe operation of the EPS is another important aspect to consider during the development of EPS management strategies. A correctly designed management strategy provides the possibility for the aircraft to operate at its full capabilities under fault conditions (e.g. fault of one generator).

Reconfiguration strategy
Defining the power paths of the EPS by the use of switches is called a reconfiguration strategy [9]. Reconfiguration is necessary in order to provide several supply options for the busbars and connected loads. The EPS configuration is managed by the control system in order to ensure uninterrupted power supply [10,11]. The main potential problem for reconfiguration strategies is the danger of creating power paths between sources, busbars, and loads or busbars and other busbars. To control the power paths, switches are used to allow power flow within the EPS. In summary, a reconfiguration strategy is used to find the optimum way to feed each load, aiming to get a correct energy management, avoiding critical conditions in case of faults, and guarantee redundancy under each scenario. Understanding the importance of the EPS management, the logic control of such systems needs to be studied. From [9,12], two methods have been proposed for the EPS reconfiguration, and will be discussed the next sections.

Knowledge-based system
The knowledge-based method relies on the implementation of a set of business rules and mandatory rules in a single framework. It was implemented in the 'C' Language Integrated Production System (CLIPS) programming language in [11]. Developed at National Aeronautics and Space Administration's Johnson Space Center from 1985 to 1996, the CLIPS is a rule-based programming language, useful for creating expert systems and other programmes, where a heuristic solution is easier to implement and maintain than an algorithmic solution. The basic structure of rule is made up of two main parts, which consist of a condition part (IF) and action part (THEN). Whenever all the rule's conditions are fulfilled, the rule can be fired. The main strength of the knowledge-based system is its capacity to activate the rules whenever the conditions are fulfilled, whereas this capacity is not provided in traditional procedural programming where conditions of an 'if' test are evaluated at a particular point of the programme. The priority level of each execution can be specified to each rule, so if several rules can be fired at the same time, the highest priority rule will be fired first.

Linear temporal logic
Linear temporal logic (LTL) is an extension of prepositional logic that incorporates notions of temporal ordering to reason about correctness over sequence states. The use of temporal logics to formally specify and verify behaviour has been seen in various applications including embedded systems, robotics, and controls. One of the main advantages in using LTL to control the EPS is that the EPS itself can be seen as a reactive system, where the states do not only depend on the input and output, but also on the execution of the system [13]. The basic building block of LTL is called atomic preposition and is defined on the structure of the system. A system consists of a set of variables. The domain of V, denoted dom(V), is a set of evaluation of V. A state of the system is an element vεdom(V). An atomic preposition is a statement on a valuation vεdom(V) with a unique truth value for a given v.F o r instance, having vεdom(V) be a state of the system, and p be an atomic preposition, v satisfies p in case that it is true or p does not satisfy v in case that it is false [14]. LTL also includes Boolean operators and two basic temporal modalities, in order to create time dependence. By the combination of atomic preposition, it is possible to specify a wide range of requirements in the desired behaviour of a system and environment assumptions.
This section has introduced two methods for reconfiguration strategy. A third method, based on finite state machine (FSM) in combination with knowledge-based method and LTL is proposed in the next section.

Logic description
From the previous section, it is possible to understand that the EPS can be seen as a reactive system, so that, starting from the previous studies that have been done in [9,12] the use of FSM is considered as a suitable solution to improve the EPS management. An FSM, sometimes called a finite state automaton, is a computation model that can be implemented with hardware or software and can be used to simulate sequential logic. FSM can be used to model problems in many fields including mathematics and artificial intelligence. In an FSM, the behaviour of the system can be modelled as a set of states and transitions between states, these systems are usually known as a reactive system. In a mathematical way, the FSM can be seen as quintuple where Σ represents a finite set of symbols, S is a finite set of sates, s 0 is the initial state, so that s 0 ∈S, δ is a state transition function Moreover, F is the finite set of final states [15]. An example of the formulation is depicted in Fig. 3.
The following equations describe the system in Fig. 3: Since the theory of FSM has been introduced, it can be applied to the EPS in order to set a management strategy. The simulations have been performed in the Simulink environment, through the use of the Stateflow function, which combines FSM and LTL operations.

From the theory to the model
In the previous section an FSM is defined, and these notions will now be applied to manage the configuration EPS. The system that has been built and simulated represents a de-icing and avionics system of a civil aircraft. The de-icing system is important to avoid ice formation on the wings of the aircraft, till now compressed hot air from the turbine was injected inside wing's pipes. However, it is possible to develop a de-icing system by using EPS, heating each section by the use of Joule effect. The de-icing system under study works in DC according to the MEA HV270DC. Fig. 4 shows the single-line diagram representing the EPS under study.
The model is composed of a series of resistors, R 1 , …, R 4 , which simulate the de-icing system, while the avionics is represented by vital loads (V) and non-essential loads (N) that can be disconnected in case of emergency. In parallel a, high-voltage battery is connected through a bi-directional power electronic boost converter.
Starting from general rules that should be applied to keep the EPS safe in all flight operations, a set of input variables will be defined in order to have a constant check of the system, and a set of output variables (Fig. 5) will show the states of the system (configurations), and the condition that needs to be applied to pass from a state to another. In Fig. 5 shows a construction of the logic model in the Simulink environment. The simulation starts with the system in healthy conditions, where the variable 'PowerInj' represent the value of the power delivered to the battery, 'Shedding' and 'NoEssential' represent the be extracted to control the switches and the value of the power delivered to and from the battery. Table 1 summarises the operations to be implemented in the control. Table 1 shows how the behaviour of the EPS depends on the requested power from the load PL and the state of charge (SOC) of the battery, while P x is the power delivered to and from the battery.
Boolean commands used to close or open the switches, where the 'shedding' is used to shed the power on the loads, the non-essential load can be disconnected in case of emergency. The constant values H, M, L represent the SOC of the battery as high, medium and low. In this simulation, the total power through the representative EPS is assumed varying in a range from 70 to 135 kW. Supposing that a fault occurs and causes the loss of a generator, Fig. 4, the EPS will start to operate in overload conditions and the logic, after checking the value of requested power, will select and implement the appropriate configuration of the system (STATE). After the fault, the system moves to the STATE 3 (as per Table 1), where the logic calculates the value of the power that the battery has to deliver in order to help the generator. Therefore, supposing a higher request of power is made, the system will change state again. The STATE 5 is implemented when the power request is ≥115 kW. In this case the logic will apply the Shedding in order to satisfy the power request. From this configuration, the requested power could became lower, shifting the system to the STATE 1, or could be kept high until the SOC becomes low, changing the configuration of the system to the STATE 4. In the STATE 1, the surplus amount of energy is used to charge the battery without shedding operations, whereas in the state 4 the logic uses the Shedding again to disconnect the load and charge the battery that has a low SOC. This section has demonstrated how FSM combined with LTL is used to select the EPS configuration depending on different scenarios and the fault condition. It can be demonstrated that using  a standard C language, several rows of code would be necessary for the same operation. In the next section, the results of the simulation will be presented.

EPS control simulations
In this section, the simulation results for the control logic described in Section 5 are presented. The simulations have been performed assuming that the system is under emergency conditions, with the loss of one generator. The loads need to be powered in a range of 70 to 135 kW. At this point, the task of the control logic is to manage the switches and the power delivered to and from the battery through the converter in order to set the power paths and find the optimal configuration for each request of power keeping the voltage of the bus at a constant value of 270 V. Figs. 6-11 show how the configuration of the system changes with a variation of requested power, under a fault condition of the EPS. Fig. 6 depicted the plot of the power request from the loads through the five states of the system. For a time of 100 s, the loads are requiring a power value of 100 kW, in this case, the control system is using the battery to deliver 10 kW more in order to help the generator as can be seen in Figs. 7-9, and discharging the battery in Fig. 10. From 100 to 200 s, the power request from the loads decrease and the control system moves to the STATE 1 first, charging the  battery with the surplus energy, and in the STATE 2 once the battery is charged using only the generator to supply the loads. From 200 to 400 s, the requested power from the loads become high and the control systems move to STATE 5, using the battery to help the generator until the lower limit of the SOC, and once the battery is discharged the system moves to the STATE 4 applying the shedding and charging the battery, Figs. 9 and 10. From the graphs in Figs. 6-10, it can be seen how the FSM is able to control the EPS under study, considering all the states and keeping the bus voltage at a constant value for the entire time of the simulation, Figs. 11 and 12.

Conclusion
This paper discusses the challenges that are faced in the design of the EPS of the MEA, and proposes a solution based on control logic to improve such design. After presenting existing methods that are used in the design of EPS, namely the knowledge-based method and LTL, this work presents as an alternative method, which is based on a combination of FSM and LTL, to manage the EPS. A representative EPS of the HV270DC has been used to demonstrate the effectiveness of the proposed method through simulation in the Simulink environment. The findings have shown the capability of the FSM to reconfigure the EPS under fault scenario. Our future works aim to apply the methodology of the proposed method to more complex systems to the MEA.