Read Airbus_embedded_systems[1] text version

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Presented by Pascal TRAVERSE

Requirement capture Safety requirements & safety process Integration Time issues

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

AIRBUS EMBEDDED SYSTEMS

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 2

Airbus Embedded Systems

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

AIRCRAFT SYSTEM OVERVIEW

Definition of a system

A combination of inter-related items arranged to perform a specific functions(s), see ARP 4754.

Co mm Satellite Weather Satellite

SATCOM

Traffic Weather

In-flight Collected data

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

RADAR + L ightning

Terrain

Secondary Surveillan ce Radar

WIMS and Routine data

VHF (Voice + data) PIREP

N ational Met Service WIMS terminal area

U K Met Service WIMS

Weather observation

ATC centres

National Met Service WIMS terminal area

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 3

ATN

ATC centres

Example, an airplane is a system: · which is a component of the transport system, · which is, itself, made up of several airborne systems.

14/04/2009 Page 4

ATC centres

Airbus Embedded Systems

AIRCRAFT SYSTEM OVERVIEW

AIRFRAME SYSTEMS

21 24 27 30 33 36 AIR COND. ELECTRICAL POWER FLIGHT CONTROLS ICE & RAIN PROTECTION LIGHTS PNEUMATIC 22 AUTO FLIGHT 25 EQUIPMENT 28 FUEL 31 INSTRUMENTS 34 NAVIGATION ....... 23 26 29 32 35 COMMUNICATIONS FIRE PROTECTION HYDRAULIC POWER LANDING GEAR OXYGEN

AIRCRAFT SYSTEM OVERVIEW

Systems represent about 30% of the Aircraft price

TA

EX CAR DO ----

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

PERD ATC

Airbus Embedded Systems 14/04/2009 Page 5

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Computers represent about 40% of the Systems price

Airbus Embedded Systems 14/04/2009 Page 6

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

REQUIREMENT CAPTURE

· Explicit requirements - classical allocation process between requirements

General A380-800 objectives

SYSTEMS Direct Weight safety

Integration / Trade-off

· Mission and performance (8000 NM / 555 pax ) · Improve Aircraft safety · Life cycle cost and COC (- 17% per seat) · Service readiness at EIS (maturity at First Flight)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Direct cost, maintenance quality reliability Obsolescence, evolution

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

· Dispatch reliability : 99% at EIS · A platform for 30 years of evolutions

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 7

Airbus Embedded Systems

14/04/2009

Page 8

REQUIREMENT CAPTURE

Availability is mandatory (the direct cost of a delay)

REQUIREMENT CAPTURE

Airworthiness regulation is a legal obligation contracted by States signatories of the ICAO Convention

To Ensure and Preserve AIRWORTHINESS and AVIATION SAFETY

·Chicago Convention, signed 7th December 1944, established

the International Civil Aviation Organization.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

·To undertake International Air Transport, each nation has to be

a signatory (currently 188 nations)

Airbus Embedded Systems 14/04/2009 Page 10

Airbus Embedded Systems

14/04/2009

Page 9

REQUIREMENT CAPTURE

REQUIREMENT CAPTURE

SF

Airworthiness regulation: another set of requirements to be cascaded & complied with

1.5 Reduced aircraft weight 1

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

FAR (US regulations) & CS (European regulations) are requirements, part of the A/C specification. Certification is encompassing process, not only product. Guidance provided (SAE ARP 4754 ­ EUROCAE ED79 "certification

considerations for highly-integrated or complex systems")

Airbus Embedded Systems 14/04/2009 Page 11

· ·

· ·

SF is the achieved Safety Factor Loads to be considered can be due to a design gust, when a Load Alleviation System is unavailable (SF = Ultimate loads / loads due to manoeuvre, gust, ... not alleviated) or the sum of loads due to a continuing failure (surface oscillation) and of all design loads is the probability per flight hour of the failure T is an exposure time during which loads are not alleviated

10-9

10-5

1

T

Increased system cost And/or decreased reliability

14/04/2009 Page 12

Airbus Embedded Systems

REQUIREMENT CAPTURE

REQUIREMENT CAPTURE

Aircraft Specification

· Derived requirements ­ from design solution · Implicit requirements

­ Early focus groups with airlines personnel ­ Prototyping ­ Route proving / early long flight ­ Feedback from in-service experience

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

AIRCRAFT

Design

A/C Fct Specification Aircraft function Aircraft function Aircraft function

Customer needs capture / allocation

Design

Sy stem Specification

Compliance with specification is not sufficient

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

SY ST EM

SY ST EM

SY ST EM

Design

Equipment Specification

Equipment

Equipment

Equipment

Equipment

· Industrial constraints

Requirement allocation

Development

Airbus Embedded Systems

14/04/2009

Page 13

Airbus Embedded Systems

14/04/2009

Page 14

REQUIREMENT CAPTURE

Are the needs acceptable? Validation of the final product versus customer needs

REQUIREMENT CAPTURE

Some V&V means

Assumptions validation

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Requirements validation Requirements V&V

Verification: Get the assurance that the product is compliant to its specification

14/04/2009 Page 15

Airbus Embedded Systems

Airbus Embedded Systems

14/04/2009

Page 16

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

SAFETY REQUIREMENTS & SAFETY PROCESS

ETY SAF

percentage of total accidents with known causes 0 Flight crew Airplane Maintenance Weather Airport/ATC

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

10

20

30

40

50

60

64.4 59.8

70

15.7 12.3 3.4 4.9 4.8 4.9 4.7 4.1 7.1 13.9

SYSTEMS Solutions (TAWS, TCAS ...)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

Low system effect

Other

1959-1995

1986-1995

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 17

Airbus Embedded Systems

14/04/2009

Page 18

SAFETY REQUIREMENTS & SAFETY PROCESS

SAFETY REQUIREMENTS & SAFETY PROCESS

SAFETY SEVERITY CLASSES AND ASSOCIATED OBJECTIVES

· « FAILURE CONDITION » · DEFINITION FROM CS 25 1309 · A « Failure Condition » is defined at each system level by its effects

on the functioning of the system. It is characterised by its effects on the other systems and on the aircraft. All single failures or combination of failures including failures of other systems that have the same effect on the considered system are grouped together in the same « Failure Condition »

Classes

Assumption of less than 100 Cat. FC

CATASTROPHIC

Objectives at FC level < 10-9/hr + Fail Safe criterion

Objectives at Aircraft level < 10-7/hr + Fail Safe criterion

HAZARDOUS

< 10-7/hr

no objective

Quantitative & qualitative

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

MAJOR

< 10-5/hr

no objective

MINOR

no objective

no objective

Gradation of effort

Airbus Embedded Systems

FC: Failure Condition

14/04/2009 Page 20

Airbus Embedded Systems

14/04/2009

Page 19

SAFETY REQUIREMENTS & SAFETY PROCESS

Extremely Improbable 10-9/FH

No single failure Development Assurance Level

(DO178/ED12, ARP4754/ED79, .. DAL A)

SAFETY REQUIREMENTS & SAFETY PROCESS

Manufacturing Particular Risks

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Some particular risks

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Environment

(DO160/ED14)

Zonal Safety Assessment Human Machine Interface

(pilot & maintenance)

Airbus Embedded Systems 14/04/2009 Page 21

Airbus Embedded Systems

14/04/2009

Page 22

SAFETY REQUIREMENTS & SAFETY PROCESS

Cost requirements

SAFETY REQUIREMENTS & SAFETY PROCESS

Cost requirements

Top Level Program Requirements Top Level Product Requirements

S afety & Reliability method and process - Research, - Standards, - Processes, - M ethods, - Guidelines, - Tools, - In service follow up

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

TOP (AIRCRAFT) ­

Top Level Program Requirements Top Level Product Requirements

Previous A/C design and "In service" experience

Airworthiness regulation, MMEL

Aircraft manufacturer directives

BOTTOM - UP

11-Airworthiness monitoring 12-Lessons learned

Aircraft in service

Previous A/C design and "In service" experience

Airworthiness regulation, MMEL

Aircraft manufacturer directives

11-Airworthiness monitoring

12-Lessons learned

Aircraft in service

DOWN (COMPONENT)

A/C constraints Function /Systems allocation matrix

Top level requirements document

1- S/R Common Data Document

evaluation

8- COMMON CAUS E ANALYS IS (CCA): - PRA (Particular Risk Analysis) - ZS A (Zonal S afety Analysis) - CMA (Common Mode Analysis) - HHA (Human Hazard Analysis

Aircraft certification

S afety & Reliability method and process - Research,

A/C constraints

Top level requirements document

1- S/R Common Data Document

Aircraft certification 8- COMMON CAUS E ANALYS IS (CCA): - PRA (Particular Risk Analysis) - ZS A (Zonal S afety Analysis) - CMA (Common Mode Analysis) - HHA (Human Hazard Analysis

A/C Functions List

2- Aircraft FHA (Functional Hazard Analysis

PROCESS

10Aircraft Safety/ Reliability Synthesis

- Standards, - Processes, - M ethods, - Guidelines,

s y s t e m l i s t

requirements allocation

Aircraft functions list

PSSA 3- System S/R PSSA Requirements document

4- System PSSA list function and System FHA

PSSA

Function /Systems allocation matrix

LESSONS LEARNED

A/C Functions List

2- Aircraft FHA (Functional Hazard Analysis

10Aircraft Safety/ Reliability Synthesis

Aircraft functions list

PSSA 3- System S/R PSSA Requirements document

4- System PSSA list function and System FHA

PSSA

9b- PSSA SSA PSSA System Safety Assessment and MMEL safety justification

- Tools, - In service follow up

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

SRD

...

5- PSSA: Prelim. system Safety Assessment PSSA PSSA FIA: Function Implantation Analysis IHA/ECHA: Intrinsic/Environment hazard Analysis

- S/R Rules and recom. - Regulation

9a- PSSA first flight

s y s t e m l i s t

SRD

...

5- PSSA: Prelim. system Safety Assessment PSSA PSSA FIA: Function Implantation Analysis IHA/ECHA: Intrinsic/Environment hazard Analysis

...

- S/R Rules and recom. - Regulation

6- Equipment S/R PSSA PSSA Requirements

...

IN-SERVICE AIRCRAFT

PSSA 7- Equipment level PSSA Safety/Reliability studies (FMEA/FMES, etc.)

9b- PSSA SSA PSSA System Safety Assessment and MMEL safety justification

9a- PSSA first flight

6- Equipment S/R PSSA PSSA Requirements

PTS

PTS PTS

PSSA 7- Equipment level PSSA Safety/Reliability studies (FMEA/FMES, etc.)

PTS

PTS PTS

A/C Requirements/CRI, Significant Items, Aircraft S/R Reviews

System S/R Reviews

, Interface S/R Activities

A/C Requirements/CRI, Significant Items, Aircraft S/R Reviews

System S/R Reviews

, Interface S/R Activities

Multi program, multi disciplinary activities Airbus Embedded Systems

Multi system activities on one program

System/equipment activities on one program

Common Cause activities on one program 14/04/2009

Multi disciplinary activities

Multi program, multi disciplinary activities Airbus Embedded Systems

Multi system activities on one program

System/equipment activities on one program

Common Cause activities on one program 14/04/2009

Multi disciplinary activities

Page 23

Page 24

SAFETY REQUIREMENTS & SAFETY PROCESS

Cost requirements

Top Level Program Requirements Top Level Product Requirements

SAFETY REQUIREMENTS & SAFETY PROCESS

Certification major objective is to ensure safety 25.1309, 25.xyz, ARP4754/ED79, DO178/ED12, ED.zyx, ... "Business" margins are taken on top of certification requirements

Assumptions Operational reliability

Previous A/C design and "In service" experience

Airworthiness regulation, MMEL

Aircraft manufacturer directives

11-Airworthiness monitoring

12-Lessons learned

Aircraft in service

S afety & Reliability method and process - Research,

COMMON CAUSE ANALYSIS:

Top level requirements document 1- S/R Common Data Document A/C constraints A/C Functions List 2- Aircraft FHA (Functional Hazard Analysis

Aircraft certification 8- COMMON CAUS E ANALYS IS (CCA): - PRA (Particular Risk Analysis) - ZS A (Zonal S afety Analysis) - CMA (Common Mode Analysis) - HHA (Human Hazard Analysis

- Standards, - Processes, - M ethods,

- Guidelines, - Tools,

- Common Mode Analysis - Human Hazard Analysis - Particular Risk Analysis - Zonal Safety Analysis

Function /Systems allocation matrix Aircraft functions list

10Aircraft Safety/ Reliability Synthesis

PSSA 3- System S/R PSSA Requirements document

4- System PSSA list function and System FHA

PSSA

- In service follow up

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

s y s t e m l i s t

SRD

...

5- PSSA: Prelim. system Safety Assessment PSSA PSSA FIA: Function Implantation Analysis IHA/ECHA: Intrinsic/Environment hazard Analysis

9b- PSSA SSA PSSA System Safety Assessment and MMEL safety justification

...

- Regulation

6- Equipment S/R PSSA PSSA Requirements

PTS

PTS PTS

PSSA 7- Equipment level PSSA Safety/Reliability studies (FMEA/FMES, etc.)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

- S/R Rules and recom.

9a- PSSA first flight

Safety margins are taken too, based on each manufacturer unique history.

A/C Requirements/CRI, Significant Items, Aircraft S/R Reviews

System S/R Reviews

, Interface S/R Activities

Mandating these margins should be carefully balanced

Airbus Embedded Systems 14/04/2009 Page 26

Multi program, multi disciplinary activities Airbus Embedded Systems

Multi system activities on one program

System/equipment activities on one program

Common Cause activities on one program 14/04/2009

Multi disciplinary activities

Page 25

SAFETY REQUIREMENTS & SAFETY PROCESS

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Baghdad Nov 2003 - A300 Loss of 3 hydraulic circuits + fire Outstanding flight crew landed the aircraft using engine thrust to control the flight

Mandatory reporting Regulation regular update "Just culture"

Requirement capture Safety requirements & safety process Integration Time issues

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

Companies are merging Financial crisis Governments are changing

Airbus Embedded Systems 14/04/2009 Page 27

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 28

INTEGRATION

INTEGRATION

· Proper interfacing and integration

Software modules computer/actuator systems systems in aircraft Aircraft in air traffic

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

From airplane to "nuts and bolts" ... and back

Aircraft in overall society

Integration in the airplane

Airbus Embedded Systems

14/04/2009

Page 29

Airbus Embedded Systems

14/04/2009

Page 30

INTEGRATION

INTEGRATION

Q Q Q QQQQQ QQ Q Q Q Q QQ Q Q QQ QQ Q QQ Q Q Q Q QQQ QQ Q QQQQ QQ Q Q Q Q Q Q Q QQ Q Q QQ Q Q Q

Q QQQ QQQ Q QQQQQ Q QQ Q QQ Q Q QQ QQ Q Q Q Q Q

lighting cold

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

EMI hot

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Integration in the society in air traffic

Airbus orders and deliveries (March. 05)

Q Integration in the world economy

Q

Airbus Embedded Systems

14/04/2009

Page 31

Airbus Embedded Systems

14/04/2009

Page 32

INTEGRATION

SKI LLS

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture

Mechanics

Safety requirements & safety process Integration Time issues

Aeronautics Automatic control

Human-Machine interface "design" Electronics

Electricity Fluids

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Internet

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Computer science Dependability Quality English, French, German ..., management, ethics, ...

Airbus Embedded Systems

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 34

Production, ... intellectual property ..., maths, ... 14/04/2009

Page 33

TIME ISSUES

· Need to make trade-off

System weight vs. cost; reliability vs. weight ... never safety System complexity (reliability etc.) vs. overall aircraft weight Early

Total costs (%) 100 80 60 Product Cost already fixed

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

TIME ISSUES

Specify the system Plan the system development

Specify the equipme nt Specify the installation & wiring

Design the system

Develop, Verify the equipment

Freedom of choice

Integrated processes : Validate, Verify, Safety studies, Maintainability studies, Modifications Other supporting processes : Certification coordination, Configuration management, Process Assurance, Reviews, Supplier monitoring...

40 20 Payments 0

Study Concept Definition Development Production

Go Ahead Entry Into Service

Airbus Embedded Systems 14/04/2009 Page 35

The project, definition: unique process, consisting of · a set of coordinated and controlled activities · with start and finish dates, · undertaken to achieve an objective · conforming to specific requirements, including the constraints of time, cost and resources.

Airbus Embedded Systems 14/04/2009 Page 36

TIME ISSUES

Integration tests Flight tests Entry into service

TIME ISSUES

300 250

Total des appareils en flotte= 3551 avions Jet : 841 avions Turboprop : 2710 avions Age moyen de la flotte 11 ans 70-100 Turboprop 70-100 JET 60-70 Turboprop 60-70 JET 40-60 Turboprop 40-60 JET 20-40 Turboprop

Definition freeze

Equipment & Harness Production Start of Production

Nombre d'appareils

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

200 150 100 50 0

1 5 9 13 17 21 25 29

Concept freeze

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

End of studies

Authorization to offer ATO

33

37

41

45

Start of Assembly

End of ramp-up

Age

Aircraft On Ground ... 4 hours to get it back into service

Airbus Embedded Systems 14/04/2009 Page 38

Airbus Embedded Systems

14/04/2009

Page 37

TIME ISSUES

Technical challenges

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

Side-stick:

test in flight on a modified Concorde in 1978, then an A300 in 1982 ·Entry into Service in 1988 ·1st

Brake To Vacate:

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

·PhD thesis in 1998-2002 ·Research in Airbus 2002-2005 ·Development on A380 2006 to Entry into Service mid 2009

Airbus Embedded Systems 14/04/2009 Page 39

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 40

INTEGRATED MODULAR AVIONICS

Functionality

A380 A340 -600 10 10

5

INTEGRATED MODULAR AVIONICS

· Stringent economical & industrial objectives for new aircraft

types (A380, A400M, A350) Minimize Development & Maintenance Costs Reduce Development Life Cycle Cost Harmonize design of aircraft avionics Manage obsolescence of hardware and evolutions of functions Ensure Safety and Reliability

(number of lines of code) (arbitrary log scale)

Number of electronic equipment

4

103 102 101 Concorde A310 A320

A330

A380 with IMA A350

100 80 60 40

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

A300B

· Chosen way to fulfil these objectives

Provide data communication capabilities ­Avionics Data Communication Network (ADCN) Provide centralised computing capabilities ­Integrated Modular Avionics (IMA)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

20

1970

1975

1980 1985

1990

1995

2000 2005 2010

Integrated Modular Avionics (IMA): increasing functionality, while stabilizing the number of pieces of electronic equipment Airbus Embedded Systems 14/04/2009 Page 41

Airbus Embedded Systems

14/04/2009

Page 42

INTEGRATED MODULAR AVIONICS

Federated Architecture

LRU A

INTEGRATED MODULAR AVIONICS

Function 2

Specified by Airbus

Integrated (and Standardized) Architecture Data processing is on a Generic LRU

A B Airborne Functions (several Function Suppliers)

Function 3

Function 1

LRU B

Developed by Function Suppliers (example Liebherr, Rockwell-Collins, Airbus ...

LRU C

C

Arinc 653 API

Functions Integration Level (per module) :

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Conventional Avionics (several LRU Suppliers)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Specified by Airbus

IMA Module

Developed by Module Supplier

Data processing is on a ATA xx Specific LRU

IMA Modules

· A380: 2-4 functions · A350: 3-6 functions · A30X: 6-12 functions

CPIOM : Core Processing Input/Output Module (Centralized Architecture) CPM : Core Processing Module (Distributed Architecture)

Airbus Embedded Systems 14/04/2009 Page 43

Global integration (integrated Module) is performed by Airbus

Airbus Embedded Systems 14/04/2009 Page 44

INTEGRATED MODULAR AVIONICS

· High communication capacity: speed, bandwidth and number of connected LRM/LRU 100 Mb/s, potential to go up to 1Gb/s · Based on existing and established telecommunication technology and standards (Ethernet) · Deterministic behavior Offer guaranteed quality of service to network subscribers · Flexible Re-configurable to support new needs with no or limited physical impacts

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

INTEGRATED MODULAR AVIONICS

Flight Control Cockpit Engines Virtual Link (VL) = communication channel between one emitter and several receivers. Energy Fuel&LG

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Cabin

Network A Switch Network B Switch LRU - IMA Modules

Airbus Embedded Systems 14/04/2009 Page 46

Airbus Embedded Systems

14/04/2009

Page 45

INTEGRATED MODULAR AVIONICS

· Total Loss of Braking is classified Catastrophic · As a consequence, Braking System shall not solely use IMA

equipment

Implementation of Emergency Braking independent from IMA equipment

IMA-based Normal Braking Control Unit

INTEGRATED MODULAR AVIONICS

· Consistent erroneous attitude information displayed in the

cockpit is classified as potentially Catastrophic

· Consequently, undetected erroneous attitude information

Control Unit,

shall not result of a single failure within ADCN

Attitude information from independent sources to independent display units shall use independent routing within ADCN

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Emergency Braking Control Unit

Attitude A/C side1

ADCN routing 1

ADCN routing 2

Attitude A/C side2

Airbus Embedded Systems

14/04/2009

Page 47

Airbus Embedded Systems

14/04/2009

Page 48

INTEGRATED MODULAR AVIONICS

· Undetected erroneous fuel quantity information may lead

to fuel imbalance and is classified as potentially Catastrophic · As a consequence, undetected erroneous fuel quantity information shall not result from a single failure within IMA

Fuel System based on Command - Monitoring architecture Command lane within one IMA equipment - Monitoring lane within another IMA equipment

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

IMA-based Fuel Quantity & Management Command lane IMA-based Fuel Quantity & Management Monitoring lane

Airbus Embedded Systems 14/04/2009 Page 49

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 50

THE ROUTE TO « FLY-BY-WIRE »

A never ending quest To move the control surfaces To help pilots To ensure safety

THE ROUTE TO « FLY-BY-WIRE »

Fully mechanical system

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Airbus Embedded Systems

14/04/2009

Page 51

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Power: from the pilot

Help: means to reduce control loads (tab...)

Airbus Embedded Systems

14/04/2009

Page 52

THE ROUTE TO « FLY-BY-WIRE »

Caravelle 1955*

THE ROUTE TO « FLY-BY-WIRE »

From Mechanical Flight Control System....

A320 1987*

Flight Augmentation Computer

AP

Hydromechanical system Power: centralized hydraulic systems and servocontrols Help: yaw damper, trim, auto-pilot (speed, altitude), protections against excessive structural loads. Devices moving the mechanical control.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Feel and Limitation Computer AP

A/C response

to ... "Fly-By-Wire"....or Electrical Flight Control System (EFCS) ....

or "Commandes de Vol électriques" (CDVE)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Flight Augmentation Computer

Auto-pilot computer A/P order Fly -by-wire computers

AP

Feel and Limitation Computer AP

A/C Response

A/C response

14/04/2009 Page 53

Airbus Embedded Systems

Airbus Embedded Systems

14/04/2009

Page 54

THE ROUTE TO « FLY-BY-WIRE »

From Fly-by-Wire ....

A380 2005*

Auto-pilot computer A/P order Fly -by-wire computers

THE ROUTE TO « FLY-BY-WIRE »

A380 2005* 1969*

A/C Response

1982*

1978 *

HYDRAULIC POWER

to ... "Fly-by-Wire" associated to "Power-by-Wire".

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Auto-pilot computer A/P order Fly -by-wire computers

A/C Response

HYDRAULIC and

Airbus Embedded Systems

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

1991*

1987*

2001*

2012*

* First flight year

Airbus Embedded Systems

2005*

2009*

14/04/2009 Page 56

ELECTRICAL POWER 14/04/2009

Page 55

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

FbW: DEPENDABILITY THREATS

SAFETY

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

The route to « fly-by-wire » dependability threats

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 57

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

AVAILABILITY

Airbus Embedded Systems

14/04/2009

Page 58

FbW: DEPENDABILITY THREATS

SAFETY (physical faults)

FbW: DEPENDABILITY THREATS

AVAILABILITY (physical faults)

C M

P1

C M

S1

COM MON

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

C M

P2

C M

S2

COMMAND & MONITORING COMPUTER

Airbus Embedded Systems 14/04/2009 Page 59

P1/Green

Airbus Embedded Systems

REDUNDANCY ACTIVE / STAND-BY STANDP2/Blue S1/Green

S2/Blue

14/04/2009 Page 60

FbW: DEPENDABILITY THREATS

Design and Manufacturing errors. Airbus Fly-by-Wire system is developed to ARP 4754 level A Computers to DO178B & DO254 level A

(plus internal guidelines)

FbW: DEPENDABILITY THREATS

Fault prevention & removal

FUNCTIONAL SPECIFICATION - interface between aircraft & computer sciences - automatic code generation

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Two types of dissimilar computers are used PRIM SEC

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Fault tolerance

Airbus Embedded Systems

C M

P1

C M

S1

- Classical V&V means, plus - virtual iron bird (simulation) - some formal proof

Airbus Embedded Systems 14/04/2009 Page 62

14/04/2009

Page 61

FbW: DEPENDABILITY THREATS

A380 Iron Bird

FbW: DEPENDABILITY THREATS

FAULT TOLERANCE

C M

P1

C M

S1

C M

- SEC simpler than PRIM - PRIM HW SEC HW - 4 different software - data diversity - From "random" dissimilarity random" to managed one - Comforted by experience

P2

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

C M

S2

PROOF Of PROGRAM Applied on A380 FbW software, on a limited basis, credit for certification certification

Airbus Embedded Systems 14/04/2009 Page 63

Airbus Embedded Systems

14/04/2009

Page 64

FbW: DEPENDABILITY THREATS

Particular risks. The issue: COMMON POINT AVOIDANCE - Qualification to environment - Physical separation - Ultimate back-up back-

FbW: DEPENDABILITY THREATS

ULTIMATE BACK-UP BACK- Continued safe flight while crew restore computers - Expected to be Extremely Improbable - No credit for certification - From mechanical (A320) to electrical (A380 & A400M)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

PRIM1-SEC1 2500 VU

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

r

28VDC Hydraulic power

Airbus Embedded Systems 14/04/2009 Page 66

PRIM3-SEC3CPIOMC1 2100 VU

PRIM2-SEC2CPIOMC2 2200 VU

Airbus Embedded Systems

14/04/2009

Page 65

FbW: DEPENDABILITY THREATS

· A320 ... A340

ELECT RICAL GENERATION EMER GEN GEN 1 GEN 2 APU GEN HY DRAULIC GENERATION GREEN PUMP YELLOW PUMP BLUE PUMP

FbW: DEPENDABILITY THREATS

HUMAN-MACHINE INTERFACE HUMAN-

Avionics

Flight Controls Actuators

Protection

· A380 A400M A350

ELECT RICAL GENERATION EMER GEN GEN 1 GEN 2 APU GEN HY DRAULIC GENERATION GREEN PUMP YELLOW PUMP

Detection, warning Situation Awareness, Advisory Aircraft handling, SOPs, environment

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Avionics

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

AUTOMATISATION · Ultimate safety net · Instant flight management of danger · Routine tasks

Airbus Embedded Systems

DECISION HELP · Reduction of workload, stress, complexity · Pilot as a supervisor

Flight Controls Actuators

ELECTRICAL ACTUATION MORE REDUNDANCY DISSIMILAR (HYDRAULIC / ELECTRICAL) INCREASED SEGREGATION

Airbus Embedded Systems 14/04/2009 Page 67

14/04/2009

Page 68

FbW: DEPENDABILITY THREATS

FLY-BY-WIRE ARCHITECTURE FUTURE TREND?

-Flight envelope protections - TCAS, TAWS ... - Airbus protections

Stick released : Aircraft will fly inside normal Flight Envelope

Architecture :

network, standard ressources

Normal

Let the crew concentrate on trajectory

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Peripheral

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Stick on the stops : Aircraft will fly at the maximum safe limit

Functions : systems manage short term situation (stab, protections), the pilot manages the flight. Completions of protections. Integration with structure and the airframe (loads alleviation).

Airbus Embedded Systems

14/04/2009

Page 69

Airbus Embedded Systems

14/04/2009

Page 70

AIRBUS EMBEDDED SYSTEMS · Aircraft system overview

· System development

Requirement capture Safety requirements & safety process Integration Time issues

AIRBUS EMBEDDED SYSTEMS

· Some lessons

The system will function if

properly integrated within its environment (other systems, platform, people ...) requirements are correctly integrated (no inconsistency, correct balance between requirements)

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

· Example: integrated modular avionics · Example: Fly-by-Wire design for dependability

The route to « fly-by-wire » dependability threats

The system will be successful if

the overall aircraft (at least) is successful (= if optimisation is done at aircraft level) for the whole development & in-service life of the aircraft the customer needs are well understood

Airbus Embedded Systems 14/04/2009 Page 72

· Concluding remarks

Airbus Embedded Systems 14/04/2009 Page 71

AIRBUS EMBEDDED SYSTEMS

Safety is the priority in aviation ­ flying in safe Nothing is granted Duty for continuous improvement Need to forecast future threat

Club Inter-associations Systèmes Embarqués Critiques - CISEC

Séminaires, journées d'étude, ateliers ... http://cisec.enseeiht.fr/

cisec

Continuous need to

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document. © AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Look at the global picture (complete airplane, design .. Certification .. In-service, stack of redundancy vs. common point) Management to be supportive and pro-active Never compromise

Airbus Embedded Systems 14/04/2009 Page 73

· Association Aéronautique et Astronautique de France · Société de l'électricité, de l'Electronique et des Technologies de l'information et de la communication · Société des Ingénieurs de l'Automobile

Airbus Embedded Systems

14/04/2009

Page 74

THANK YOU ­ QUESTIONS?

This document and all information contained herein is the sole property of AIRBUS S.A.S. No intellectual property rights are granted b y the delivery of this document and the disclosure of its content. This document shall not b e reproduced or disclosed to a third party without the express written consent of AIRBUS S.A.S. This document and its content shall not be used for any purpose other than that for which it is supplied. The statements made herein do not constitute an offer. They are based on the mentioned assumptions and are expressed in good faith. Where the supporting grounds for these statements are not shown, AIRBUS S.A.S. will b e pleased to explain the b asis thereof.

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Airbus Embedded Systems

14/04/2009

Page 75

© AIRBUS S.A.S. All rights reserved. Confidential and proprietary document.

Airbus Embedded Systems

14/04/2009

Page 76

Information

Airbus_embedded_systems[1]

13 pages

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

673652