200 research outputs found

    Systems safety in a few nutshells

    Get PDF
    International audienceSafety is THE priority in aviation. The reason is obvious: people's lives are at stake and this is ingrained in the industry (operators and manufacturers, regulation agencies). Instead of a wide description of the systems safety process, which is generally known and well documented, we will rather focus on a few important points, not always part of conventional wisdom. We intend to show that safety process is fully embedded in design, that the ubiquitous and magic number of 10 -9 is only a tiny part of the solution, the multiple dimension of the issues and the overall resilience of the process

    Safety-Critical Communication in Avionics

    Get PDF
    The aircraft of today use electrical fly-by-wire systems for manoeuvring. These safety-critical distributed systems are called flight control systems and put high requirements on the communication networks that interconnect the parts of the systems. Reliability, predictability, flexibility, low weight and cost are important factors that all need to be taken in to consideration when designing a safety-critical communication system. In this thesis certification issues, requirements in avionics, fault management, protocols and topologies for safety-critical communication systems in avionics are discussed and investigated. The protocols that are investigated in this thesis are: TTP/C, FlexRay and AFDX, as a reference protocol MIL-STD-1553 is used. As reference architecture analogue point-to-point is used. The protocols are described and evaluated regarding features such as services, maturity, supported physical layers and topologies.Pros and cons with each protocol are then illustrated by a theoretical implementation of a flight control system that uses each protocol for the highly critical communication between sensors, actuators and flight computers.The results show that from a theoretical point of view TTP/C could be used as a replacement for a point-to-point flight control system. However, there are a number of issues regarding the physical layer that needs to be examined. Finally a TTP/C cluster has been implemented and basic functionality tests have been conducted. The plan was to perform tests on delays, start-up time and reintegration time but the time to acquire the proper hardware for these tests exceeded the time for the thesis work. More advanced testing will be continued here at Saab beyond the time frame of this thesis

    Towards Formally Verified Optimizing Compilation in Flight Control Software

    Get PDF
    International audienceThis work presents a preliminary evaluation of the use of the CompCert formally specified and verified optimizing compiler for the development of level A critical flight control software. First, the motivation for choosing CompCert is presented, as well as the requirements and constraints for safety-critical avionics software. The main point is to allow optimized code generation by relying on the formal proof of correctness instead of the current un-optimized generation required to produce assembly code structurally similar to the algorithmic language (and even the initial models) source code. The evaluation of its performance (measured using WCET) is presented and the results are compared to those obtained with the currently used compiler. Finally, the paper discusses verification and certification issues that are raised when one seeks to use CompCert for the development of such critical software

    An Approach for the Assessment of System Upset Resilience

    Get PDF
    This report describes an approach for the assessment of upset resilience that is applicable to systems in general, including safety-critical, real-time systems. For this work, resilience is defined as the ability to preserve and restore service availability and integrity under stated conditions of configuration, functional inputs and environmental conditions. To enable a quantitative approach, we define novel system service degradation metrics and propose a new mathematical definition of resilience. These behavioral-level metrics are based on the fundamental service classification criteria of correctness, detectability, symmetry and persistence. This approach consists of a Monte-Carlo-based stimulus injection experiment, on a physical implementation or an error-propagation model of a system, to generate a system response set that can be characterized in terms of dimensional error metrics and integrated to form an overall measure of resilience. We expect this approach to be helpful in gaining insight into the error containment and repair capabilities of systems for a wide range of conditions

    Fly-By-Wireless for Next Generation Aircraft: Challenges and Potential solutions

    Get PDF
    ”Fly-By-Wireless” paradigm based on wireless connectivity in aircraft has the potential to improve efficiency and flexibility, while reducing weight, fuel consumption and maintenance costs. In this paper, first, the opportunities and challenges for wireless technologies in safety-critical avionics context are discussed. Then, the assessment of such technologies versus avionics requirements is provided in order to select the most appropriate one for a wireless aircraft application. As a result, the design of a Wireless Avionics Network based on Ultra WideBand technology is investigated, considering the issues of determinism, reliability and security

    Some Issues In Model-Based Development for Embedded Control Systems

    Get PDF
    Abstract This presentation aims to discuss the needs for better and more solid foundations of model-based development in embedded control systems. Three particular points are discussed: a comparison between modelbased development in control and in computer sciences, the need for a sampling theory of discrete event systems and the need for precise implementation methods based on preemptive scheduling

    Overview of Risk Mitigation for Safety-Critical Computer-Based Systems

    Get PDF
    This report presents a high-level overview of a general strategy to mitigate the risks from threats to safety-critical computer-based systems. In this context, a safety threat is a process or phenomenon that can cause operational safety hazards in the form of computational system failures. This report is intended to provide insight into the safety-risk mitigation problem and the characteristics of potential solutions. The limitations of the general risk mitigation strategy are discussed and some options to overcome these limitations are provided. This work is part of an ongoing effort to enable well-founded assurance of safety-related properties of complex safety-critical computer-based aircraft systems by developing an effective capability to model and reason about the safety implications of system requirements and design

    A Data-Driven Approach to Identify Flight Test Data Suitable to Design Angle of Attack Synthetic Sensor for Flight Control Systems

    Get PDF
    Digital avionic solutions enable advanced flight control systems to be available also on smaller aircraft. One of the safety-critical segments is the air data system. Innovative architectures allow the use of synthetic sensors that can introduce significant technological and safety advances. The application to aerodynamic angles seems the most promising towards certified applications. In this area, the best procedures concerning the design of synthetic sensors are still an open question within the field. An example is given by the MIDAS project funded in the frame of Clean Sky 2. This paper proposes two data-driven methods that allow to improve performance over the entire flight envelope with particular attention to steady state flight conditions. The training set obtained is considerably undersized with consequent reduction of computational costs. These methods are validated with a real case and they will be used as part of the MIDAS life cycle. The first method, called Data-Driven Identification and Generation of Quasi-Steady States (DIGS), is based on the (i) identification of the lift curve of the aircraft; (ii) augmentation of the training set with artificial flight data points. DIGS’s main aim is to reduce the issue of unbalanced training set. The second method, called Similar Flight Test Data Pruning (SFDP), deals with data reduction based on the isolation of quasi-unique points. Results give an evidence of the validity of the methods for the MIDAS project that can be easily adopted for generic synthetic sensor design for flight control system applications

    Assessment team report on flight-critical systems research at NASA Langley Research Center

    Get PDF
    The quality, coverage, and distribution of effort of the flight-critical systems research program at NASA Langley Research Center was assessed. Within the scope of the Assessment Team's review, the research program was found to be very sound. All tasks under the current research program were at least partially addressing the industry needs. General recommendations made were to expand the program resources to provide additional coverage of high priority industry needs, including operations and maintenance, and to focus the program on an actual hardware and software system that is under development

    Fault injection on a mixed-signal programmable SoC with design diversity mitigation

    Get PDF
    This paper presents an approach for runtime software-based fault injection, applied to a commercial mixed-signal programmable system-on-chip (PSoC). The fault-injection scheme is based on a pseudo-random sequence gen erator and software interruption. A fault tolerant data acquisition system, based on a design diversity redundant scheme, is considered as case study. The fault injection is performed by intensively inserting bit flips in the peripherals control registers of the mixed-signal PSoC blocks, as well as in the SRAM memory of the device. Results allow to evaluate the applied fault tolerance technique, indicating that the system is able to tolerate most of the generated errors. Additionally, a high fault masking effect is observed, and different criticality levels are observed for faults injected into the SRAM memory and in the peripherals control registers
    • 

    corecore