Fault management via dynamic reconfiguration for integrated modular avionics

The purpose of this research is to investigate fault management methodologies within Integrated Modular Avionics (IMA) systems, and develop techniques by which the use of dynamic reconfiguration can be implemented to restore higher levels of systems redundancy in the event of a systems fault. A proposed concept of dynamic configuration has been implemented on a test facility that allows controlled injection of common faults to a representative IMA system. This facility allows not only the observation of the response of the system management activities to manage the fault, but also analysis of real time data across the network to ensure distributed control activities are maintained. IMS technologies have evolved as a feasible direction for the next generation of avionic systems. Although federated systems are logical to design, certify and implement, they have some inherent limitations that are not cost beneficial to the customer over long life-cycles of complex systems, and hence the fundamental modular design, i.e. common processors running modular software functions, provides a flexibility in terms of configuration, implementation and upgradability that cannot be matched by well-established federated avionic system architectures. For example, rapid advances of computing technology means that dedicated hardware can become outmoded by component obsolescence which almost inevitably makes replacements unavailable during normal life-cycles of most avionic systems. To replace the obsolete part with a newer design involves a costly re-design and re-certification of any relevant or interacting functions with this unit. As such, aircraft are often known to go through expensive mid-life updates to upgrade all avionics systems. In contrast, a higher frequency of small capability upgrades would maximise the product performance, including cost of development and procurement, in constantly changing platform deployment environments. IMA is by no means a new concept and work has been carried out globally in order to mature the capability. There are even examples where this technology has been implemented as subsystems on service aircraft. However, IMA flexible configuration properties are yet to be exploited to their full extent; it is feasible that identification of faults or failures within the system would lead to the exploitation of these properties in order to dynamically reconfigure and maintain high levels of redundancy in the event of component failure. It is also conceivable to install redundant components such that an IMS can go through a process of graceful degradation, whereby the system accommodates a number of active failures, but can still maintain appropriate levels of reliability and service. This property extends the average maintenance-free operating period, ensuring that the platform has considerably less unscheduled down time and therefore increased availability. The content of this research work involved a number of key activities in order to investigate the feasibility of the issues outlined above. The first was the creation of a representative IMA system and the development of a systems management capability that performs the required configuration controls. The second aspect was the development of hardware test rig in order to facilitate a tangible demonstration of the IMA capability. A representative IMA was created using LabVIEW Embedded Tool Suit (ETS) real time operating system for minimal PC systems. Although this required further code written to perform IMS middleware functions and does not match up to the stringent air safety requirements, it provided a suitable test bed to demonstrate systems management capabilities. The overall IMA was demonstrated with a 100kg scale Maglev vehicle as a test subject. This platform provides a challenging real-time control problem, analogous to an aircraft flight control system, requiring the calculation of parallel control loops at a high sampling rate in order to maintain magnetic suspension. Although the dynamic properties of the test rig are not as complex as a modern aircraft, it has much less stringent operating requirements and therefore substantially less risk associated with failure to provide service. The main research contributions for the PhD are: 1.A solution for the dynamic reconfiguration problem for assigning required systems functions (namely a distributed, real-time control function with redundant processing channels) to available computing resources whilst protecting the functional concurrency and time critical needs of the control actions. 2.A systems management strategy that utilises the dynamic reconfiguration properties of an IMA System to restore high levels of redundancy in the presence of failures. The conclusion summarises the level of success of the implemented system in terms of an appropriate dynamic reconfiguration to the response of a fault signal. In addition, it highlights the issues with using an IMA to as a solution to operational goals of the target hardware, in terms of design and build complexity, overhead and resources

Tехнічні засоби діагностування та контролю бортових систем інформаційного обміну на літаку

Робота публікується згідно наказу ректора від 27.05.2021 р. №311/од "Про розміщення кваліфікаційних робіт вищої освіти в репозиторії НАУ". Керівник дипломної роботи: доцент кафедри авіоніки, Слободян Олександр ПетровичТехнічний прогрес в авіаційній та будь-якій іншій галузі тісно пов'язаний з автоматизацією технологічних процесів. Сьогодні Автоматизація технологічних процесів використовується для підвищення характеристик надійності, довговічності, екологічності, ресурсозбереження і, найголовніше, економічності і простоти експлуатації. Завдяки швидкому розвитку комп'ютерних технологій і мікропроцесорів у нас є можливість використовувати більш досконалі і складні методи моніторингу та управління системами авіаційної промисловості і будь-якими іншими. Мікропроцесорні та електронні обчислювальні пристрої, з'єднані обчислювальними і керуючими мережами з використанням загальних баз даних, мають стандарти, що дозволяють модифікувати і інтегрувати нові пристрої, що, в свою чергу, дозволяє інтегрувати і вдосконалювати виробничі процеси і управляти ними. Проектування системи розподіленої інтегрованої модульної авіоніки (DIMA) з використанням розподіленої інтегрованої технології, змішаного планування критичних завдань, резервний планування в режимі реального часу і механізму зв'язку, який запускається за часом, значно підвищує надійність, безпеку і продуктивність інтегрованої електронної системи в режимі реального часу. DIMA являє собою тенденцію розвитку майбутніх систем авіоніки. У цій статті вивчаються і обговорюються архітектурні характеристики DIMA. Потім він детально вивчає та аналізує розвиток ключових технологій в системі DIMA. Нарешті, в ньому розглядається тенденція розвитку технології DIMA

Toward model-based engineering for space embedded systems and software

International audienceEmbedded systems development suffers from difficulties to reach cost, delay and safety requirements. The continuous increase of system complexity requires a corresponding increase in the capability of design fault-free systems. Model-based engineering aims to make complexity management easier with the construction of a virtual representation of systems enabling early prediction of behaviour and performance. In this context, Space industry has specific needs to deal with remote systems that can not be maintained on ground. In such systems, fault management includes complex detection, localisation and recovery automatic procedures that can not be performed without confidence on safety. In this way, only simulation and formal proofs can support the validation of all the possible configurations. Thus, formal description of both functional and non-functional properties with temporal logic formulae is expected to analyse and to early predict system characteristics at execution. This paper is based on various studies and experiences that are carried out in space domain on the support provided by model-based engineering in terms of: • support to needs capture and requirements analysis, • support to design, • support to early verification and validation, • down to automatic generation of code

Fully-deterministic execution of IEC-61499 models for Distributed Avionics Applications

© 2018 by the authors. The development of time-critical Distributed Avionics Applications (DAAs) pushes beyond the limit of existing modeling methodologies to design dependable systems. Aerospace and industrial automation entail high-integrity applications where execution time is essential for dependability. This tempts us to use modeling technologies from one domain in another. The challenge is to demonstrate that they can be effectively used across domains whilst assuring temporally dependable applications. This paper shows that an IEC61499-modeled DAA can satisfy temporal dependability requirements as to end-to-end flow latency when it is properly scheduled and realized in a fully deterministic avionics platform that entails Integrated Modular Avionics (IMA) computation along with Time-Triggered Protocol (TTP) communication. Outcomes from the execution design of an IEC61499-based DAA model for an IMA-TTP platform are used to check runtime correctness through DAA control stability. IEC 61499 is a modeling standard for industrial automation, and it is meant to facilitate distribution and reconfiguration of applications. The DAA case study is a Distributed Fluid Control System (DFCS) for the Airbus-A380 fuel system. Latency analysis results from timing metrics as well as closed-loop control simulation results are presented. Experimental outcomes suggest that an IEC61499-based DFCS model can achieve desired runtime latency for temporal dependability when executed in an IMA-TTP platform. Concluding remarks and future research direction are also discussed

Methodology for avionics integration optimisation

Every state-of-art aircraft has a complex distributed systems of avionics Line Replaceable Units/Modules (LRUs/LRMs), networked by several data buses. These LRUs are becoming more complex because of the increasing number of new avionics functions need to be integrated in an avionics LRU. The evolution of avionics data buses and architectures have moved from distributed analogue and federated architecture to digital Integrated Modular Avionics (IMA). IMA architecture allows suppliers to develop their own LRUs/LRMs capable of specific features that can then be offered to Original Equipment Manufacturers (OEMs) as Commercial-Off-The-Shelf (COTS) products. In the meantime, the aerospace industry has been investigating new solutions to develop smaller, lighter and more capable avionics LRUs to be integrated into avionics architecture. Moreover, the complexity of the overall avionics architecture and its impact on cable length, weight, power consumption, reliability and maintainability of avionics systems encouraged manufacturers to incorporate efficient avionics architectures in their aircraft design process. However, manual design cannot concurrently fulfil the complexity and interconnectivity of system requirements and optimality. Thus, developing computer-aided design (CAD), Model Based System Engineering (MBSE) tools and mathematical modelling for optimisation of IMA architecture has become an active research area in avionics systems integration. In this thesis, a general method and tool are developed for optimisation of avionics architecture and improving its operational capability. The tool has three main parts including a database of avionics LRUs, mathematical modelling of the architectures and optimisation algorithms. The developed avionics database includes avionics LRUs with their technical specifications and operational capabilities for each avionics function. A MCDM method, SAW, is used to quantify and rank each avionics LRU’s operational capability. Based on the existing avionics LRUs in the database and aircraft level avionics requirements two avionics architectures are proposed i.e. AFCS architecture (SSA) and avionics architecture (LSA). The proposed avionics architectures are then modelled using mathematical programming. Further, the allocation of avionics LRUs to avionics architecture and mapping the avionics LRUs to their installation locations are defined as an assignment problem in Integer Programming (IP) format. The defined avionics architecture optimisation problem is to optimise avionics architecture in terms of mass, volume, power consumption, MTBF and operational capability. The problems are solved as both single-objective and multi-objective optimisation using the branch-and-bound algorithm, weighted sum method and Particle Swarm Optimisation (PSO) algorithm. Finally, the tool provides a semi-automatic optimisation of avionics architecture. This helps avionics system architects to investigate and evaluate various architectures in the early stage of design from an LRU perspective. It can also be used to upgrade a legacy avionics architecture.Aerospac

Model Driven Engineering and Dependability Analyses: The Topcased Approach

International audienceModel Driven Engineering approaches are widely promoted to overcome difficulties to design, validate and maintain large complex systems. They present interesting dependability characteristics especially in terms of prevention of design faults and validation of design correctness. However industrial needs, practices and applicable standards impose constraints on the dependability activities to perform and justify. Therefore it is necessary to analyze how a complete dependability and safety process can be integrated with model-driven approaches within a seamless global process: which dependability activities are naturally covered or facilitated by model-driven approaches, and which additional activities are needed with which support. This paper presents the results of a study aiming at the establishment of requirements to model-driven engineering methods and tools, to support dependability analyses

Embedded-systems-oriented virtualization framework with functionality farming

Tese de Doutoramento em Engenharia Eletrónica e de ComputadoresUm: O uso de um hipervisor como kernel de separação em arquiteturas integradas está a ser considerado, visto que, um hipervisor não só proporciona separação temporal e espacial, mas também compatibilidade com software legacy. No entanto, nos dias de hoje, a maior parte dos hipervisores baseiam-se em paravirtualização ou dependem de hardware high-end; ambas as abordagens não cumprem os requisitos dos sistema embebidos críticos para a segurança. A paravirtualização, por um lado, não proporciona compatibilidade total com software legacy, sendo necessária a sua modificação e adaptação a uma interface especifica do hipervisor utilizado. Hardware high-end, por outro lado, apesar de proporcionar compatibilidade total com software legacy, dá origem a sistemas de grande dimensão, de elevado peso, com elevado consumo de energia, de elevado custo, etc. Nesta tese, a capacidade da virtualização completa em hardware lowend para resolver as limitações dos hipervisores existentes é investigada. Para isso, um hipervisor baseado em virtualização completa em hardware low-end é descrito e é apresentada uma avaliação da sua performance e do espaço ocupado em memória. Dois: Métodos de desenvolvimentos convencionais não são capazes de acompanhar os requisitos dos sistemas embebidos críticos para segurança de hoje em dia. Nesta tese: (a) é apresentada uma abordagem baseada em modelos já existente, mais especificamente, geração de código baseada em modelos; (b) são descritas as modificações aplicadas a um compilador de modelos já existente por forma a que este suporte novas capacidades; e (c) é apresentada uma avaliação sobre a capacidade da geração de código baseada em modelos de reduzir o esforço de engenharia quando comparada com abordagens convencionais. Três: A maior parte dos sistemas operativos de hoje em dia seguem uma arquitetura monolítica; esta arquitetura, no entanto, está associada a fraca confiabilidade, baixa segurança, esforço de certificação elevado, bem como baixa previsibilidade e escalabilidade. Para colmatar estes problemas, as soluções propostas na literatura apenas contornam a origem do problema, i.e., a elevada dimensão do kernel numa arquitetura monolítica, e não o resolvem diretamente. Nesta tese, functionality farming é proposto para atacar a origem do problema. Functionality farming apenas, no entanto, depende de um esforço de engenharia significativo. Visto isto, esta tese também apresenta FF-AUTO, uma ferramenta capaz de realizar functionality farming de forma semiautomática. Por último, esta tese demonstra como functionality farming é capaz de melhorar o design e a performance de um kernel já existente, e demonstra também como FF-AUTO permite uma redução significativa do esforço de engenharia.First, the use of a hypervisor as the separation kernel on integrated architectures has been considered, as it not only provides time and space partitioning, but it also provides compatibility with legacy software. Nowadays, most hypervisors, however, either rely on paravirtualization or depend on high-end hardware, both of which do not fulfill the requirements of safety-critical embedded systems. Paravirtualization does not provide complete legacy compatibility as it requires legacy software to be modified to fit a hypervisor-specific interface. High-end hardware, on the other hand, even though it provides complete legacy compatibility, it leads to large system size, weight, power consumption, cost, etc. In this thesis, the feasibility of low-end hardware full virtualization to address the limitations of existing hypervisors is investigated. For that, a hypervisor based on low-end hardware full virtualization is described and an evaluation of its performance and footprint is presented. Second, conventional development methods are unable to keep up with the requirements of nowadays and future safety-critical embedded systems. In this thesis: (a) an existing model-driven engineering approach to address the limitations of conventional development methods is presented; more specifically, a model-driven code generation approach; (b) the modifications applied to an existing model compiler in order for it to support new features are described; and (c) an evaluation of whether or not a model-driven code generation approach leads to lower engineering effort when compared to a conventional approach is presented. Third, most operating systems, nowadays, follow a monolithic architecture; this, however, leads to poor reliability, weak security, high certification effort, as well as poor predictability and scalability. To address this problem, the solutions proposed in the literature just work around the source of the problem, i.e., the large size of the kernel in a monolithic architecture, and do not address it directly. In this thesis, functionality farming is proposed to tackle the source of the problem. Functionality farming alone, however, depends on a significant engineering effort. To address this problem, this thesis also presents FF-AUTO, a tool which performs functionality farming semi-automatically. At last, this thesis demonstrates how functionality farming is able to improve the design and the performance of an existing kernel, as well as how FF-AUTO enables a significant reduction of the required engineering effort