Recent advances in artificial intelligence and machine learning may soon yield paradigm-shifting benefits for aerospace systems. However, complexity and possible continued on-line learning makes neural network control systems (NNCS) difficult or impossible to certify under the United States Military Airworthiness Certification Criteria defined in MIL-HDBK-516C. Run time assurance (RTA) is a control system architecture designed to maintain safety properties regardless of whether a primary control system is fully verifiable. This work examines how to satisfy compliance with MIL-HDBK-516C while using active set invariance filtering (ASIF), an advanced form of RTA not envisaged by the 516c committee. ASIF filters the commands from a primary controller, passing on safe commands while optimally modifying unsafe commands to ensure safety with minimal deviation from the desired control action. This work examines leveraging the core theory behind ASIF as assurance argument explaining novel satisfaction of 516C compliance criteria. The result demonstrates how to support compliance of novel technologies with 516C as well as elaborate how such standards might be updated for emerging technologies.

翻译：人工智能与机器学习的最新进展即将为航空航天系统带来范式转变性收益。然而，神经网络的复杂性及可能的持续在线学习特性，使得依据美国《军用航空适航性认证标准》（MIL-HDBK-516C）对神经网络控制系统进行认证时面临巨大挑战，甚至可能无法实现。运行时保障是一种控制体系架构，旨在无论主控制系统是否完全可验证，均能维持系统的安全属性。本研究探讨如何在使用主动集不变性滤波（一种516C委员会未曾预见的先进RTA形式）时满足MIL-HDBK-516C合规要求。ASIF对主控制器指令进行滤波处理：通过安全指令的同时，对不安全指令进行最优化修正，在确保安全性的前提下最小化与控制期望动作的偏差。本研究探索如何将ASIF核心理论作为保证论证框架，解释其对516C合规准则的创新性满足方式。研究结果不仅展示了如何支持新型技术与516C的合规认证，还阐述了此类标准应如何针对新兴技术进行更新。