Abstract:The dependency of complex embedded Safety-Critical Systems across Avionics and Aerospace domains on their underlying software and hardware components has gradually increased with progression in time. Such application domain systems are developed based on a complex integrated architecture, which is modular in nature. Engineering practices assured with system safety standards to manage the failure, faulty, and unsafe operational conditions are very much necessary. System safety analyses involve the analysis of c… Show more
“…Great attention has been paid to the safety of the dynamic reconfiguration system, but a feasible safety assessment theory has not been reestablished. NASA's Langley Research Center proposed a solution which added an independent decision module to the IMA system to monitor sharing independence among the applications of avionics resources [7]; The thesis [8] proposed a method for analyzing the impact of interrupt correlation using the AADL model. The thesis [9] inverted the risk of redundant sequences in the cumulative transmission of the AFDX protocol; an analysis was carried out, and a method to mitigate this risk by limiting the transmission length was proposed.…”
The reconfiguration technology, which is the significant feature of the newly designed Integrated Modular Avionics (IMA) system, enables the transfer of avionics functions from the failed module to the residual normal module, thereby enhancing the robustness of the whole system. The basic target of the IMA reconfiguration is to ensure the safe flight and correct execution of the mission. To solve the problem of lack of effective management mechanism for the IMA system development and safety assessment, a safety analysis method based on STAMP/STPA and UPPAAL for IMA reconfiguration is proposed. The method focuses mainly on system characteristics and multiparty interactions. On the basis of this approach, some studies and analyses have been carried out. Firstly, the STAMP/STPA principle is studied and used to identify unsafe control actions in the reconfiguration process. Secondly, a formal model of IMA reconfiguration is developed using UPPAAL. Finally, the accessibility analysis of the formal model is used to analyze UCAs and the corresponding loss scenarios. The method enables a detailed description of the interactions between the components and a rigorous mathematical analysis of the system, thereby diluting the effect of human factors while ensuring the accuracy and reliability of the safety constraints.
“…Great attention has been paid to the safety of the dynamic reconfiguration system, but a feasible safety assessment theory has not been reestablished. NASA's Langley Research Center proposed a solution which added an independent decision module to the IMA system to monitor sharing independence among the applications of avionics resources [7]; The thesis [8] proposed a method for analyzing the impact of interrupt correlation using the AADL model. The thesis [9] inverted the risk of redundant sequences in the cumulative transmission of the AFDX protocol; an analysis was carried out, and a method to mitigate this risk by limiting the transmission length was proposed.…”
The reconfiguration technology, which is the significant feature of the newly designed Integrated Modular Avionics (IMA) system, enables the transfer of avionics functions from the failed module to the residual normal module, thereby enhancing the robustness of the whole system. The basic target of the IMA reconfiguration is to ensure the safe flight and correct execution of the mission. To solve the problem of lack of effective management mechanism for the IMA system development and safety assessment, a safety analysis method based on STAMP/STPA and UPPAAL for IMA reconfiguration is proposed. The method focuses mainly on system characteristics and multiparty interactions. On the basis of this approach, some studies and analyses have been carried out. Firstly, the STAMP/STPA principle is studied and used to identify unsafe control actions in the reconfiguration process. Secondly, a formal model of IMA reconfiguration is developed using UPPAAL. Finally, the accessibility analysis of the formal model is used to analyze UCAs and the corresponding loss scenarios. The method enables a detailed description of the interactions between the components and a rigorous mathematical analysis of the system, thereby diluting the effect of human factors while ensuring the accuracy and reliability of the safety constraints.
“…The error model annex [4] is a state machine that can be associated with an AADL component or connection, to describe system errors, error behavior, and error propagation [5]. Including…”
Section: Aadl Error Model Overviewmentioning
confidence: 99%
“…The interaction between hardware and software [8] is shown in Figure 5 properties//random events properties explaination occurrence=>poisson os applies to fail; occurrence=>poisson os applies to detection; occurrence=>fixed dd applieds to direct_damage; occurrence=>fixed 1-dd applies to performance_degradation; occurrence=>fixed phi applies to unremovable; occurrence=>fixed 1-phi applies to removable; occurrence=>poisson mu applies to restart; occurrence=>poisson td applies to time_damage; occurrence=>poisson theta applies to recovery; Figure 4: Single software error model. 4 International Journal of Aerospace Engineering ensures that they do not have the influence on each other. However, because of the needs for communication between applications, the errors may be transferred across different partitions during the data transmission and may damage the partition [9].…”
In recent years, the integrated modular avionics (IMA) concept has been introduced to replace the traditional federated avionics. Different avionics functions are hosted in a shared IMA platform, and IMA adopts partition technologies to provide a logical isolation among different functions. The IMA architecture can provide more sophisticated and powerful avionics functionality; meanwhile, the failure propagation patterns in IMA are more complex. The feature of resource sharing introduces some unintended interconnections among different functions, which makes the failure propagation modes more complex. Therefore, this paper proposes an architecture analysis and design language- (AADL-) based method to establish the reliability model of IMA platform. The single software and hardware error behavior in IMA system is modeled. The corresponding AADL error model of failure propagation among components, between software and hardware, is given. Finally, the display function of IMA platform is taken as an example to illustrate the effectiveness of the proposed method.
“…The selection of technical parameters of machines and equipment is important due to the arduous conditions in which they will work. It is possible to evaluate correctly selected machines through active monitoring of their operating parameters and analysis of operating conditions [33][34][35][36][37][38][39]. One of the main sources of hazards causing accidents at work in mining plants is the technical infrastructure and, in particular, machinery and technical equipment.…”
A powered longwall mining system comprises three basic machines: a shearer, a scraper (longwall) conveyor, and a powered roof support. The powered roof support as a component of a longwall complex has two functions. It protects the working from roof rocks that fall to the area where the machines and people work and transports the machines and devices in the longwall as the mining operation proceeds further into the seam by means of hydraulic actuators that are adequately connected to the powered support. The actuators are controlled by a hydraulic or electro-hydraulic system. The tests and analyses presented in the developed procedure are oriented towards the possibility of introducing automatic control, without the participation of an operator. This is important for the exploitation of seams that are deposited at great depths. The primary objective was to develop a comprehensive methodology for testing and evaluating the possibility of using the system under operating conditions. The conclusions based on the analysis presented are a valuable source of information for the designers in terms of increasing the efficiency of the operation of the system and improving occupational safety. The authors have proposed a procedure for testing and evaluation to introduce an automatic control system into the operating conditions. The procedure combines four areas. Tests and analyses were carried out in order to determine the extent to which the system could be potentially used in the future. The presented solution includes certification and executive documentation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.