Aller sur le site du CNRS
Retour au site du LAAS-CNRS
Site Université de Toulouse
Site Institut CARNOT
Laboratoire d’Analyse et d’Architecture des Systèmes
Future flight control systems
Over the years, technical improvements have drastically changed avionics architecture designs and led to the current digital Fly-By-Wire (FBW) principle, with a centralized-federated architecture where specific fault tolerant computers perform all processing and authority. This architecture is inherently robust, because it is based on a high level of software and hardware redundancy. However, it can be very costly in terms of space, weight and power, and also wiring requirements between the elements of the system. This also increases all continuous monitoring of “non-intelligent” components like actuators and sensors that the computers are performing at the present.
Today, new technical improvements are considered, such as smart actuators/sensors with remote electronics (intelligent subsystems) and digital communication (see figure 1). So there is a great motivation for future programs to change current FCS architectures to more distributed and better optimized architectures.
Our current work, carried out in collaboration with Airbus-France, addresses this challenge: building alternative FCS low-cost and safe architectures for the next decade with less hardware and software resources [1]. Indeed, the analysis of current FCS architectures shows that the design and implementation are realized through the combined use of redundancy and diversity (software redundancy) to minimize the probability of common mode failure between redundant units. It also shows that level of redundancy is very important. This “over-redundancy” is justified by the need for a demonstration of safety and operational reliability.
So, we propose a conceptual decentralized and reconfigurable architecture for FCS with architecture optimization and control distribution (see figure 2). We validate the proposed architecture through simulation using ALTARICA language (a high level formal description language to model safety critical systems) for system safety and reliability assessments.
First, we will provide an incremental methodology to give guidelines for the architectural design process based on progressive requirements injection and distribution of system’s functionality [2]. Indeed, FCSs are very complex: several subsystems (flight control computer nodes, actuator nodes, communication network,) and functional and structural dependency, and each subsystem has different timing and dependability requirements with different levels of criticality.
Second, we will develop a distributed reconfigurable architecture for FCS based on smart actuators and digital communication network where all system functions are distributed to simplex Flight Control Computer (FCC) nodes and remote actuator electronics nodes (FCRM) [3]. We use ALTARICA language to perform dependability evaluation at architectural level in order to check the effects and benefits of the new architecture on the dependability of FCS. ALTARICA is a formal language developed at LaBRI (Laboratoire Bordelais de Recherche en Informatique) jointly with industrial partners (especially Dassault Aviation and Airbus).
Previously to this work, we have first focused on the introduction of digital communication networks in FCS, and more particularly on communication system integrity, which is an important requirement for many critical application domains. The main motivation for our work was to propose a solution to the problem posed by the fact that communication networks are featuring interstage nodes that are becoming more and more complex and whose failure modes may lead to repetitive errors that breach the usual set of assumptions considered for classical error checking approaches [4].
The basic idea is not to aim at providing a high probability of detecting errors for each message, as suggested by most classical solutions, but rather for a set of messages. To ensure the integrity of such communications for the specific class of application targeted, we have proposed an innovative protection technique based on the cyclic application of distinct m error checking functions F1, F2,..., Fm and with complementary error detection capabilities, to minimize the risk of common mode failures [5]. With regards to the mathematical foundations on which these codes rely, it has been possible to identify checking functions that best exhibit complementary error detection capabilities with respect to repetitive errors.
Key References
[1] M. Sghairi, A. de Bonneval, Y. Crouzet, J.J. Aubert, P. Brot, "Challenges in building fault-tolerant flight control system for a civil aircraft" , IAENG International Journal of Computer Science, Vol.35, N°4, pp.495-499, Janvier 2009. ISSN: 1819-9224 (online version) and 1819-656X (print version).
[2] M. Sghairi, A. de Bonneval, Y. Crouzet, J.J. Aubert, P. Brot, "Architecture Optimization based on Incremental Approach for Airplane Digital Distributed Flight Control System", IAENG Transactions on Electrical and Electronics Engineering Volume I - Special Edition of the World Congress on Engineering and Computer Science 2008. Publisher: IEEE Computer Society.
[3] M. Sghairi, A. de Bonneval, Y. Crouzet, P. Brot., J.J. Aubert, "Système de commande de vol et aéronef le comportant", demande de Brevet conjoint AIRBUS France et CNRS, Rapports LAAS N°09069 et N°09070 mars 2009, N° dépôt INPI : FR20090050830 et FR20090050831)
[4] A. Youssef, Y. Crouzet, A. de Bonneval, J. Arlat, J.J Aubert, P. Brot, "Communication integrity in networks for critical control systems", 6th European Dependable Computing Conference (EDCC-6), Coimbra, Portugal, october 18-20, 2006, pp 23-32, (IEEE CS Press)
[5] A. Youssef, A. de Bonneval, Y. Crouzet, J.J. Aubert, P. Brot., "Détection d’erreurs dans les données concernant l’actionnement d’un organe de véhicule", Brevet conjoint AIRBUS France et CNRS - Rapport LAAS N°04735, Novembre 2004, 17p. N° publication : FR2878097
