10 research outputs found
A Time-Triggered Constraint-Based Calculus for Avionic Systems
The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered
Ethernet (TTEthernet) network have emerged as the key components of a typical
architecture model for recent civil aircrafts. We propose a real-time
constraint-based calculus targeted at the analysis of such concepts of avionic
embedded systems. We show our framework at work on the modelisation of both the
(IMA) architecture and the TTEthernet network, illustrating their behavior by
the well-known Flight Management System (FMS)
A Modeling and Verification Approach to the Design of Distributed IMA Architectures Using TTEthernet
AbstractIntegrated Modular Avionics (IMA) architectures complemented with Time-Triggered Ethernet (TTEthernet) provides a strong platform to support the design and deployment of distributed avionic software systems. The complexity of the design and continuous integration of such systems can be managed using a model-based methodology. In this paper, we build on top of our extension of the AADL modeling language to model TTEthernet-based distributed systems and leverage model transformations to enable undertaking the verification of the system models produced with this methodology. In particular, we propose to transform the system models to a model suitable for a simulation with DEVS. We illustrate the proposed approach using an example of a navigation and guidance system and we use this example to show the verification of the contention-freedom property of TTEthernet schedule
A modeling and verification approach to the design of distributed IMA architectures using TTEthernet
ABSTRACT: Integrated Modular Avionics (IMA) architectures complemented with Time-Triggered Ethernet (TTEthernet) provides a strong platform to support the design and deployment of distributed avionic software systems. The complexity of the design and continuous integration of such systems can be managed using a model-based methodology. In this paper, we build on top of our extension of the AADL modeling language to model TTEthernet-based distributed systems and leverage model transformations to enable undertaking the verification of the system models produced with this methodology. In particular, we propose to transform the system models to a model suitable for a simulation with DEVS. We illustrate the proposed approach using an example of a navigation and guidance system and we use this example to show the verification of the contention-freedom property of TTEthernet schedule
Intégration itérative des systèmes avioniques communicants en mode synchrone et asynchrone
Les systèmes avioniques modernes sont des systèmes distribués complexes et évolutifs. Ces systèmes sont conçus d’une manière itérative en intégrant à chaque itération une ou plusieurs fonctionnalités. L’ajout de nouvelles fonctionnalités impose des coûts supplémentaires de reconfiguration de telle sorte que l’ensemble du système soit conforme aux exigences temps-réel. Ces systèmes reposent également sur l’adoption d’un protocole de communication déterministe tel que le protocole AFDX. Ce dernier est utilisé dans les avions modernes tels que l’A380
de Airbus et le B787 de Boeing. Il repose sur une communication asynchrone avec limitation de la bande passante. Ce mécanisme permet d’assurer des délais finis de communication. La recherche de plus de déterminisme a poussé la communauté scientifique à chercher d’autres alternatives à AFDX. Le standard Time-triggered Ethernet constitue une bonne alternative. En plus de la communication asynchrone à bande passante limitée, il définit également une communication synchrone. Suivant le type de communication, les approches de vérification des exigences temps-réel
diffèrent. Pour analyser les flux asynchrones, on utilise principalement des approches analytiques. Elles assurent un bon compromis entre performance et pessimisme. Pour les flux
synchrones, on s’appuie plutôt sur le formalisme de contraintes pour synthétiser un ordonnancement faisable. La combinaison des deux flux constitue un défi en termes de vérification. De plus, les approches de vérification définies ne modélisent ni l’aspect évolutif ni la notion
coût.----------ABSTRACT: Modern avionics systems are complex and evolving distributed ones. They are designed iteratively
by integrating at each iteration one or more functionalities. Adding new functionality may impose additional reconfiguration costs so that the whole system complies with the realtime requirements. These systems also rely on the adoption of a deterministic communication
protocol such as AFDX. The latter is used in modern aircrafts such as the Airbus A380 and the Boeing B787. It relies on asynchronous communication with bandwidth limitations. This mechanism ensures finite communication delays. The search for more determinism encourage
the scientific community to look for other alternatives to AFDX. The Time-triggered Ethernet standard is a good alternative. In addition to asynchronous communication with limited bandwidth, it also defines synchronous ones.
Depending on the type of communication, verification approaches of real-time requirements differ. To analyze asynchronous flows, we mainly use analytical approaches. They ensure a good compromise between performance and pessimism. For synchronous flows, we rely instead on constraint formalism to synthesize a feasible scheduling. The combination of the two flows is a challenge in terms of verification. In addition, defined verification approaches
do not model neither the evolving aspect nor the cost concept
Determinism Enhancement and Reliability Assessment in Safety Critical AFDX Networks
RÉSUMÉ AFDX est une technologie basée sur Ethernet, qui a été développée pour répondre aux défis qui découlent du nombre croissant d’applications qui transmettent des données de criticité variable dans les systèmes modernes d’avionique modulaire intégrée (Integrated Modular
Avionics). Cette technologie de sécurité critique a été notamment normalisée dans la partie 7 de la norme ARINC 664, dont le but est de définir un réseau déterministe fournissant des garanties de performance prévisibles. En particulier, AFDX est composé de deux réseaux redondants, qui fournissent la haute fiabilité requise pour assurer son déterminisme. Le déterminisme de AFDX est principalement réalisé par le concept de liens virtuels (Virtual Links), qui définit une connexion unidirectionnelle logique entre les points terminaux (End Systems). Pour les liens virtuels, les limites supérieures des délais de bout en bout peuvent être obtenues en utilisant des approches comme calcul réseau, mieux connu sous l’appellation Network Calculus. Cependant, il a été prouvé que ces limites supérieures sont pessimistes dans de nombreux cas, ce qui peut conduire à une utilisation inefficace des ressources et augmenter la complexité de la conception du réseau. En outre, en raison de l’asynchronisme de leur fonctionnement, il existe plusieurs sources de non-déterminisme dans les réseaux AFDX. Ceci introduit un problème en lien avec la détection des défauts en temps réel. En outre, même si un mécanisme de gestion de la redondance est utilisé pour améliorer la fiabilité des réseaux AFDX, il y a un risque potentiel souligné dans la partie 7 de la norme ARINC 664. La situation citée peut causer une panne en dépit des transmissions redondantes dans certains cas particuliers. Par conséquent, l’objectif de cette thèse est d’améliorer la performance et la fiabilité des réseaux AFDX.
Tout d’abord, un mécanisme fondé sur l’insertion de trames est proposé pour renforcer le déterminisme de l’arrivée des trames au sein des réseaux AFDX. Parce que la charge du
réseau et la bande passante moyenne utilisée augmente due à l’insertion de trames, une stratégie d’agrégation des Sub-Virtual Links est introduite et formulée comme un problème
d’optimisation multi-objectif. En outre, trois algorithmes ont été développés pour résoudre le problème d’optimisation multi-objectif correspondant. Ensuite, une approche est introduite pour incorporer l’analyse de la performance dans l’évaluation de la fiabilité en considérant les violations des délais comme des pannes.----------ABSTRACT AFDX is an Ethernet-based technology that has been developed to meet the challenges due to the growing number of data-intensive applications in modern Integrated Modular Avionics systems. This safety critical technology has been standardized in ARINC 664 Part 7, whose purpose is to define a deterministic network by providing predictable performance guarantees. In particular, AFDX is composed of two redundant networks, which provide the determinism
required to obtain the desired high reliability.
The determinism of AFDX is mainly achieved by the concept of Virtual Link, which defines a logical unidirectional connection from one source End System to one or more destination End Systems. For Virtual Links, the end-to-end delay upper bounds can be obtained by using the Network Calculus. However, it has been proved that such upper bounds are pessimistic in many cases, which may lead to an inefficient use of resources and aggravate network design
complexity. Besides, due to asynchronism, there exists a source of non-determinism in AFDX networks, namely frame arrival uncertainty in a destination End System. This issue introduces a problem in terms of real-time fault detection. Furthermore, although a redundancy management mechanism is employed to enhance the reliability of AFDX networks, there
still exist potential risks as pointed out in ARINC 664 Part 7, which may fail redundant transmissions in some special cases. Therefore, the purpose of this thesis is to improve the performance and the reliability of AFDX networks. First, a mechanism based on frame insertion is proposed to enhance the determinism of frame arrival within AFDX networks. As the network load and the average bandwidth used by a Virtual Link increase due to frame insertion, a Sub-Virtual Link aggregation strategy, formulated as a multi-objective optimization problem, is introduced. In addition, three algorithms have been developed to solve the corresponding multi-objective optimization problem. Next, an approach is introduced to incorporate performance analysis into reliability assessment
by considering delay violations as failures. This allowed deriving tighter probabilistic upper bounds for Virtual Links that could be applied in AFDX network certification. In order to conduct the necessary reliability analysis, the well-known Fault-Tree Analysis technique is employed and Stochastic Network Calculus is applied to compute the upper bounds with various probability limits
Methodology for avionics integration optimisation
Every state-of-art aircraft has a complex distributed systems of avionics Line
Replaceable Units/Modules (LRUs/LRMs), networked by several data buses.
These LRUs are becoming more complex because of the increasing number of
new avionics functions need to be integrated in an avionics LRU. The evolution
of avionics data buses and architectures have moved from distributed analogue
and federated architecture to digital Integrated Modular Avionics (IMA). IMA
architecture allows suppliers to develop their own LRUs/LRMs capable of specific
features that can then be offered to Original Equipment Manufacturers (OEMs)
as Commercial-Off-The-Shelf (COTS) products. In the meantime, the aerospace
industry has been investigating new solutions to develop smaller, lighter and
more capable avionics LRUs to be integrated into avionics architecture.
Moreover, the complexity of the overall avionics architecture and its impact on
cable length, weight, power consumption, reliability and maintainability of
avionics systems encouraged manufacturers to incorporate efficient avionics
architectures in their aircraft design process. However, manual design cannot
concurrently fulfil the complexity and interconnectivity of system requirements
and optimality. Thus, developing computer-aided design (CAD), Model Based
System Engineering (MBSE) tools and mathematical modelling for optimisation
of IMA architecture has become an active research area in avionics systems
integration.
In this thesis, a general method and tool are developed for optimisation of
avionics architecture and improving its operational capability. The tool has three
main parts including a database of avionics LRUs, mathematical modelling of the
architectures and optimisation algorithms. The developed avionics database
includes avionics LRUs with their technical specifications and operational
capabilities for each avionics function. A MCDM method, SAW, is used to quantify
and rank each avionics LRU’s operational capability. Based on the existing
avionics LRUs in the database and aircraft level avionics requirements two
avionics architectures are proposed i.e. AFCS architecture (SSA) and avionics
architecture (LSA). The proposed avionics architectures are then modelled using mathematical programming. Further, the allocation of avionics LRUs to avionics
architecture and mapping the avionics LRUs to their installation locations are
defined as an assignment problem in Integer Programming (IP) format. The
defined avionics architecture optimisation problem is to optimise avionics
architecture in terms of mass, volume, power consumption, MTBF and
operational capability. The problems are solved as both single-objective and
multi-objective optimisation using the branch-and-bound algorithm, weighted sum
method and Particle Swarm Optimisation (PSO) algorithm. Finally, the tool
provides a semi-automatic optimisation of avionics architecture. This helps
avionics system architects to investigate and evaluate various architectures in the
early stage of design from an LRU perspective. It can also be used to upgrade a
legacy avionics architecture.Aerospac