A Time-Triggered Constraint-Based Calculus for Avionic Systems

The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS)

A Modeling and Verification Approach to the Design of Distributed IMA Architectures Using TTEthernet

AbstractIntegrated Modular Avionics (IMA) architectures complemented with Time-Triggered Ethernet (TTEthernet) provides a strong platform to support the design and deployment of distributed avionic software systems. The complexity of the design and continuous integration of such systems can be managed using a model-based methodology. In this paper, we build on top of our extension of the AADL modeling language to model TTEthernet-based distributed systems and leverage model transformations to enable undertaking the verification of the system models produced with this methodology. In particular, we propose to transform the system models to a model suitable for a simulation with DEVS. We illustrate the proposed approach using an example of a navigation and guidance system and we use this example to show the verification of the contention-freedom property of TTEthernet schedule

A modeling and verification approach to the design of distributed IMA architectures using TTEthernet

ABSTRACT: Integrated Modular Avionics (IMA) architectures complemented with Time-Triggered Ethernet (TTEthernet) provides a strong platform to support the design and deployment of distributed avionic software systems. The complexity of the design and continuous integration of such systems can be managed using a model-based methodology. In this paper, we build on top of our extension of the AADL modeling language to model TTEthernet-based distributed systems and leverage model transformations to enable undertaking the verification of the system models produced with this methodology. In particular, we propose to transform the system models to a model suitable for a simulation with DEVS. We illustrate the proposed approach using an example of a navigation and guidance system and we use this example to show the verification of the contention-freedom property of TTEthernet schedule

Intégration itérative des systèmes avioniques communicants en mode synchrone et asynchrone

Les systèmes avioniques modernes sont des systèmes distribués complexes et évolutifs. Ces systèmes sont conçus d’une manière itérative en intégrant à chaque itération une ou plusieurs fonctionnalités. L’ajout de nouvelles fonctionnalités impose des coûts supplémentaires de reconfiguration de telle sorte que l’ensemble du système soit conforme aux exigences temps-réel. Ces systèmes reposent également sur l’adoption d’un protocole de communication déterministe tel que le protocole AFDX. Ce dernier est utilisé dans les avions modernes tels que l’A380 de Airbus et le B787 de Boeing. Il repose sur une communication asynchrone avec limitation de la bande passante. Ce mécanisme permet d’assurer des délais finis de communication. La recherche de plus de déterminisme a poussé la communauté scientifique à chercher d’autres alternatives à AFDX. Le standard Time-triggered Ethernet constitue une bonne alternative. En plus de la communication asynchrone à bande passante limitée, il définit également une communication synchrone. Suivant le type de communication, les approches de vérification des exigences temps-réel diffèrent. Pour analyser les flux asynchrones, on utilise principalement des approches analytiques. Elles assurent un bon compromis entre performance et pessimisme. Pour les flux synchrones, on s’appuie plutôt sur le formalisme de contraintes pour synthétiser un ordonnancement faisable. La combinaison des deux flux constitue un défi en termes de vérification. De plus, les approches de vérification définies ne modélisent ni l’aspect évolutif ni la notion coût.----------ABSTRACT: Modern avionics systems are complex and evolving distributed ones. They are designed iteratively by integrating at each iteration one or more functionalities. Adding new functionality may impose additional reconfiguration costs so that the whole system complies with the realtime requirements. These systems also rely on the adoption of a deterministic communication protocol such as AFDX. The latter is used in modern aircrafts such as the Airbus A380 and the Boeing B787. It relies on asynchronous communication with bandwidth limitations. This mechanism ensures finite communication delays. The search for more determinism encourage the scientific community to look for other alternatives to AFDX. The Time-triggered Ethernet standard is a good alternative. In addition to asynchronous communication with limited bandwidth, it also defines synchronous ones. Depending on the type of communication, verification approaches of real-time requirements differ. To analyze asynchronous flows, we mainly use analytical approaches. They ensure a good compromise between performance and pessimism. For synchronous flows, we rely instead on constraint formalism to synthesize a feasible scheduling. The combination of the two flows is a challenge in terms of verification. In addition, defined verification approaches do not model neither the evolving aspect nor the cost concept

Determinism Enhancement and Reliability Assessment in Safety Critical AFDX Networks

RÉSUMÉ AFDX est une technologie basée sur Ethernet, qui a été développée pour répondre aux défis qui découlent du nombre croissant d’applications qui transmettent des données de criticité variable dans les systèmes modernes d’avionique modulaire intégrée (Integrated Modular Avionics). Cette technologie de sécurité critique a été notamment normalisée dans la partie 7 de la norme ARINC 664, dont le but est de définir un réseau déterministe fournissant des garanties de performance prévisibles. En particulier, AFDX est composé de deux réseaux redondants, qui fournissent la haute fiabilité requise pour assurer son déterminisme. Le déterminisme de AFDX est principalement réalisé par le concept de liens virtuels (Virtual Links), qui définit une connexion unidirectionnelle logique entre les points terminaux (End Systems). Pour les liens virtuels, les limites supérieures des délais de bout en bout peuvent être obtenues en utilisant des approches comme calcul réseau, mieux connu sous l’appellation Network Calculus. Cependant, il a été prouvé que ces limites supérieures sont pessimistes dans de nombreux cas, ce qui peut conduire à une utilisation inefficace des ressources et augmenter la complexité de la conception du réseau. En outre, en raison de l’asynchronisme de leur fonctionnement, il existe plusieurs sources de non-déterminisme dans les réseaux AFDX. Ceci introduit un problème en lien avec la détection des défauts en temps réel. En outre, même si un mécanisme de gestion de la redondance est utilisé pour améliorer la fiabilité des réseaux AFDX, il y a un risque potentiel souligné dans la partie 7 de la norme ARINC 664. La situation citée peut causer une panne en dépit des transmissions redondantes dans certains cas particuliers. Par conséquent, l’objectif de cette thèse est d’améliorer la performance et la fiabilité des réseaux AFDX. Tout d’abord, un mécanisme fondé sur l’insertion de trames est proposé pour renforcer le déterminisme de l’arrivée des trames au sein des réseaux AFDX. Parce que la charge du réseau et la bande passante moyenne utilisée augmente due à l’insertion de trames, une stratégie d’agrégation des Sub-Virtual Links est introduite et formulée comme un problème d’optimisation multi-objectif. En outre, trois algorithmes ont été développés pour résoudre le problème d’optimisation multi-objectif correspondant. Ensuite, une approche est introduite pour incorporer l’analyse de la performance dans l’évaluation de la fiabilité en considérant les violations des délais comme des pannes.----------ABSTRACT AFDX is an Ethernet-based technology that has been developed to meet the challenges due to the growing number of data-intensive applications in modern Integrated Modular Avionics systems. This safety critical technology has been standardized in ARINC 664 Part 7, whose purpose is to define a deterministic network by providing predictable performance guarantees. In particular, AFDX is composed of two redundant networks, which provide the determinism required to obtain the desired high reliability. The determinism of AFDX is mainly achieved by the concept of Virtual Link, which defines a logical unidirectional connection from one source End System to one or more destination End Systems. For Virtual Links, the end-to-end delay upper bounds can be obtained by using the Network Calculus. However, it has been proved that such upper bounds are pessimistic in many cases, which may lead to an inefficient use of resources and aggravate network design complexity. Besides, due to asynchronism, there exists a source of non-determinism in AFDX networks, namely frame arrival uncertainty in a destination End System. This issue introduces a problem in terms of real-time fault detection. Furthermore, although a redundancy management mechanism is employed to enhance the reliability of AFDX networks, there still exist potential risks as pointed out in ARINC 664 Part 7, which may fail redundant transmissions in some special cases. Therefore, the purpose of this thesis is to improve the performance and the reliability of AFDX networks. First, a mechanism based on frame insertion is proposed to enhance the determinism of frame arrival within AFDX networks. As the network load and the average bandwidth used by a Virtual Link increase due to frame insertion, a Sub-Virtual Link aggregation strategy, formulated as a multi-objective optimization problem, is introduced. In addition, three algorithms have been developed to solve the corresponding multi-objective optimization problem. Next, an approach is introduced to incorporate performance analysis into reliability assessment by considering delay violations as failures. This allowed deriving tighter probabilistic upper bounds for Virtual Links that could be applied in AFDX network certification. In order to conduct the necessary reliability analysis, the well-known Fault-Tree Analysis technique is employed and Stochastic Network Calculus is applied to compute the upper bounds with various probability limits

Methodology for avionics integration optimisation

Every state-of-art aircraft has a complex distributed systems of avionics Line Replaceable Units/Modules (LRUs/LRMs), networked by several data buses. These LRUs are becoming more complex because of the increasing number of new avionics functions need to be integrated in an avionics LRU. The evolution of avionics data buses and architectures have moved from distributed analogue and federated architecture to digital Integrated Modular Avionics (IMA). IMA architecture allows suppliers to develop their own LRUs/LRMs capable of specific features that can then be offered to Original Equipment Manufacturers (OEMs) as Commercial-Off-The-Shelf (COTS) products. In the meantime, the aerospace industry has been investigating new solutions to develop smaller, lighter and more capable avionics LRUs to be integrated into avionics architecture. Moreover, the complexity of the overall avionics architecture and its impact on cable length, weight, power consumption, reliability and maintainability of avionics systems encouraged manufacturers to incorporate efficient avionics architectures in their aircraft design process. However, manual design cannot concurrently fulfil the complexity and interconnectivity of system requirements and optimality. Thus, developing computer-aided design (CAD), Model Based System Engineering (MBSE) tools and mathematical modelling for optimisation of IMA architecture has become an active research area in avionics systems integration. In this thesis, a general method and tool are developed for optimisation of avionics architecture and improving its operational capability. The tool has three main parts including a database of avionics LRUs, mathematical modelling of the architectures and optimisation algorithms. The developed avionics database includes avionics LRUs with their technical specifications and operational capabilities for each avionics function. A MCDM method, SAW, is used to quantify and rank each avionics LRU’s operational capability. Based on the existing avionics LRUs in the database and aircraft level avionics requirements two avionics architectures are proposed i.e. AFCS architecture (SSA) and avionics architecture (LSA). The proposed avionics architectures are then modelled using mathematical programming. Further, the allocation of avionics LRUs to avionics architecture and mapping the avionics LRUs to their installation locations are defined as an assignment problem in Integer Programming (IP) format. The defined avionics architecture optimisation problem is to optimise avionics architecture in terms of mass, volume, power consumption, MTBF and operational capability. The problems are solved as both single-objective and multi-objective optimisation using the branch-and-bound algorithm, weighted sum method and Particle Swarm Optimisation (PSO) algorithm. Finally, the tool provides a semi-automatic optimisation of avionics architecture. This helps avionics system architects to investigate and evaluate various architectures in the early stage of design from an LRU perspective. It can also be used to upgrade a legacy avionics architecture.Aerospac