共查询到20条相似文献,搜索用时 937 毫秒
1.
Changing software to implement new features, correct problems, update functions, or replace obsolete hardware components (e.g., microprocessors) is a way of life in today's industry. A systematic software change process is essential for the maintenance and reuse of safety-critical software. This paper presents activities to consider when changing software in safety-critical systems. The focus is on the aviation industry; however, the concepts are also applicable to other safety-critical domains, such as medical or nuclear 相似文献
2.
The Ada programming language was chosen by NASA as the primary computer programming language for the development of new software for the US Space Station. Ada was selected based on the results of investigations coordinated through Johnson Space Center (JSC) and that resulted in the identification of a set of problems and risks associated with using software developed in Ada. Some of the specific solutions to problems identified through these investigations are described. Three areas in which Ada's use poses risks are discussed: real-time process control; the testing and verification of flight software for man-rated systems; and software error detection, identification, and recovery required in safety-critical systems 相似文献
3.
A career development program for information systems practitioners currently being used widely by employers in the UK and now becoming available in North America is described. The program, called the Professional Development Scheme (PDS), was developed by the British Computer Society to address the lack of structure and quality control generally present in the way computing professionals were being trained. The performance standards underpinning the program (The British Computer Society Industry Structure Model) have been thoroughly updated and now include material specific to the development, maintenance, and management of software for safety-critical applications. The use of the program for this purpose and potential developments in the field of training and registration for safety-critical software specialists are discussed 相似文献
4.
5.
The huge and rapid progress in electric drives offers new opportunities to improve the performances of aircraft at all levels:fuel burn,environmental footprint,safety,integration and production,serviceability,and maintainability.Actuation for safety-critical applications like flight-controls,landing gears,and even engines is one of the major consumers of non-propulsive power.Conventional actuation with centralized hydraulic power generation and distribution and control of power by throttling has been well established for decades,but offers a limited potential of evolution.In this context,electric drives become more and more attractive to remove the natural drawbacks of conventional actuation and to offer new opportunities for improving performance.This paper takes the stock,at both the signal and power levels,of the evolution of actuation for safety-critical applications in aerospace.It focuses on the recent advances and the remaining chal lenges to be taken toward full electrical actuation for commercial and military aircraft,helicopters,and launchers.It logically starts by emphasizing the specificity of safety-critical actuation for aero space.The following section addresses in details the evolution of aerospace actuation from mechanically-signaled and hydraulically-supplied to all electric,with special emphasis on research and development programs and on solutions entered into service.Finally,the last section reviews the challenges to be taken to generalize the use of all-electric actuators for future aircraft programs. 相似文献
6.
Robustness testing for safety-critical embedded software is still a challenge in its nascent stages. In this paper, we propose a practical methodology and implement an environment by employing model-based robustness testing for embedded software systems. It is a system-level black-box testing approach in which the fault behaviors of embedded software is triggered with the aid of modelbased fault injection by the support of an executable model-driven hardware-in-loop (HIL) testing environment. The prototype implementation of the robustness testing environment based on the proposed approach is experimentally discussed and illustrated by industrial case studies based on several avionics-embedded software systems. The results show that our proposed and implemented robustness testing method and environment are effective to find more bugs, and reduce burdens of testing engineers to enhance efficiency of testing tasks, especially for testing complex embedded systems. 相似文献
7.
8.
Lingfeng Wang 《Aerospace and Electronic Systems Magazine, IEEE》2008,23(1):28-34
The software complexity is continuously increasing and the competition in the software market is becoming more intensive than ever. Therefore, it is crucial to improve the software quality, and meanwhile, minimize software development cost, and reduce software delivery time in order to gain competitive advantages. Recently, Component-Based Software Development (CBSD) was proposed and has now been applied in various industry and business applications as a possible way to achieve this goal. As verified by numerous practical applications in different fields, CBSD is able to increase software development productivity as well as improve software quality. Modern embedded real-time systems have both strict functional and non-functional requirements and they are essentially safety-critical, real-time, and embedded software-intensive systems. In particular, the crucial end-to-end quality-of-service (QoS) properties should be assured in embedded systems such as timeliness and fault tolerance. Herein, I first introduce the modern component technologies and commonly used component models. Then, the middleware in distributed real-time embedded systems is discussed. Further, adaptive system resource management is elaborated upon. Finally, the prospects of a component-based approach in implementing modern embedded real-time software is discussed and future research directions are suggested. 相似文献
9.
In safety-critical systems such as transportation aircraft, redundancy of actuators is introduced to improve fault tolerance. How to make the best use of remaining actuators to allow the system to continue achieving a desired operation in the presence of some actuators failures is the main subject of this paper. Considering that many dynamical systems, including flight dynamics of a transportation aircraft, can be expressed as an input affine nonlinear system, a new state representation is adopted here where the output dynamics are related with virtual inputs associated with the intended operation. This representation, as well as the distribution matrix associated with the effectiveness of the remaining operational actuators, allows us to define different levels of fault tolerant governability with respect to actuators’ failures. Then, a two-stage control approach is developed, leading first to the inversion of the output dynamics to get nominal values for the virtual inputs and then to the solution of a linear quadratic(LQ) problem to compute the solicitation of each operational actuator. The proposed approach is applied to the control of a transportation aircraft which performs a stabilized roll maneuver while a partial failure appears. Two fault scenarios are considered and the resulting performance of the proposed approach is displayed and discussed. 相似文献
10.
Peters Lloyd S. Brackmann Elizabeth J. Park William T. 《Aerospace and Electronic Systems Magazine, IEEE》1987,2(2):12-16
The current emphasis on designing flexible manufacturing systems, particularly in the electronics manufacturing industry, is bringing automation and robotics technologies to the factory at increasing rates. The rate of advance in these technologies raises serious concerns among engineers and managers about how to proceed in building modern manufacturing systems. A large portion of this uncertainty results from the difficulty of fitting technological advances into the existing models of manufacturing. What is needed is a new framework within which to perceive automation and robotics which will permit the adoption of more encompassing design strategies and principles to be followed in the practice of modernizing and maintaining advanced electronics manufacturing systems. This paper provides a framework that might be adopted to structure new strategies for incorporating automation and robotics in manufacturing. The approach is one that we at SRI have found useful in considering automation and robotics issues for the NASA Space Station and other complex systems which need to incorporate new technologies throughout long lifetimes. These same issues are becoming increasingly important in electronics manufacturing system design and development. 相似文献
11.
The success of kernels for enforcing security in software systems has led to proposals to use kernels for enforcing safety. This paper presents a feasibility demonstration of one particular proposal for a safety kernel via the application of traffic light control. The paper begins with the safety properties for traffic light control and specifies a kernel that maintains the safety properties. An implementation sketch of the kernel in Ada is given and use of the kernel is discussed. The contribution of the paper is a demonstration that a kernel is a feasible and desirable technique for software in a realistic, safety-critical application. The paper also illustrates how formal methods aid the software engineer in constructing and reasoning about such software 相似文献
12.
Over the past 30 years, safety-critical avionics systems such as Fly-By-Wire (FBW) flight controls, full-authority digital engine controls, and other systems have been introduced on many commercial and military airplanes and spacecraft. Early FBW systems, such as on the F-16 and Airbus A320, were considered revolutionary and introduced with extreme caution. These early systems and their successors all make use of redundant and fault-tolerant avionics to provide the required dependability and safety, but have used significantly different architectures. This paper examines the different levels of criticality and fault tolerance required by different types of avionics systems, establishes architectural categories of fault-tolerant architectures, and identifies the discriminating features of the varied approaches. Examples of discriminators include the level of redundancy, methods of engaging backup systems, protection from software errors, and the use of dissimilar hardware and software. The strengths and weaknesses of the approaches will be identified. The paper concludes with some speculation on trends for future systems based on this evaluation of previous systems 相似文献
13.
基于FC光传总线的分布式容错系统组通信协议 总被引:1,自引:0,他引:1
分布式容错系统常用于构造高可靠的关键应用,其核心构件组通信协议(GCP)实现了带有可靠性语义的多对多的通信原语。本文主要讨论基于光纤通道(FC)总线用于分布式容错的组通信协议,探讨了使用冗余消息技术实现实时、可靠数据传输的方法,提出了将数据和控制消息分开处理来实现数据输入实时性和控制消息按因果顺序提交的算法,力求获得最大程度的并行性。提出并设计了基于领导者-跟随者的故障处理机制,利用两阶段事务处理协议实现故障处理中的视图同步和状态切换,给出了协议的设计原理和实现框架。最后给出了该协议在基于PowerPC单板计算机的三余度容错飞行控制计算机系统中的运行结果,并对该结果进行了简要分析。 相似文献
14.
The use of commercial-off-the-shelf (COTS) microprocessors for safety-critical applications usually implies derating of the device to make it work in harsh environments. We discuss derating concerns for state-of-the-art microprocessors. Issues addressed herein include noise margins due to low voltage levels, multiple power supplies, frequency and current derating concerns, error sources, timing degradation, power-aware architectures, and new advanced microprocessor derating features. 相似文献
15.
Abdul-Baki B. Baldwin J. Rudel M.-P. 《Aerospace and Electronic Systems Magazine, IEEE》2000,15(8):3-21
This paper describes the specification-based testing, analysis tools, and associated processes used to independently validate, verify, and ultimately, provide for certifying safety-critical software developed for the Traffic Alert and Collision Avoidance System (TCAS II) program. These tools and processes comprise an effective and Independent Validation and Verification (IV and V) activity applied to the Collision Avoidance Subsystem (GAS) software development process. A requirements specification language called the Requirements State Machine Language (RSML), originally developed by the University of California, Irvine (UCI), was employed for the specification of GAS. The end result is the next generation of TCAS II collision avoidance logic, referred to as Version 7, that is of a higher quality than its predecessors, meets the certification requirements of DO-178B Level B (Ref. 1), and can be shown to satisfy the new operational requirements it was developed to address 相似文献
16.
A hazard analysis via an improved timed colored petri net with time–space coupling safety constraint
Petri nets are graphical and mathematical tools that are applicable to many systems for modeling, simulation, and analysis. With the emergence of the concept of partitioning in time and space domains proposed in avionics application standard software interface(ARINC 653), it has become difficult to analyze time–space coupling hazards resulting from resource partitioning using classical or advanced Petri nets. In this paper, we propose a time–space coupling safety constraint and an improved timed colored Petri net with imposed time–space coupling safety constraints(TCCP-NET) to fill this requirement gap. Time–space coupling hazard analysis is conducted in three steps: specification modeling, simulation execution, and results analysis. A TCCP-NET is employed to model and analyze integrated modular avionics(IMA), a real-time, safety-critical system. The analysis results are used to verify whether there exist time–space coupling hazards at runtime. The method we propose demonstrates superior modeling of safety-critical real-time systems as it can specify resource allocations in both time and space domains. TCCP-NETs can effectively detect underlying time–space coupling hazards. 相似文献
17.
螺旋桨滑流对带后缘襟翼机翼气动特性影响的数值分析 总被引:5,自引:2,他引:5
采用动量理论结合有限体积法求解N-S方程的方法,进行了螺旋桨滑流对带后缘襟翼机翼气动特性干扰的数值模拟分析.螺旋桨模型简化为一个激励盘,即一个无厚度可穿透的圆盘,以给定的圆盘拉力载荷,即压强差来模拟螺旋桨滑流的效果.采用嵌套网格技术处理桨盘与机翼间复杂的几何关系.算例计算表明,该计算方法能够较好的模拟滑流对带后缘襟翼机翼气动特性的影响. 相似文献
18.
The use of the XT-1 radar by Dr. Luis Alvarez in 1941, at the newly formed MIT Radiation Laboratory, to provide aircraft approach guidance, and the subsequent development of a new radar concept for ground control approach, are described. Their use during World War II and subsequent adoption for civil aviation are discussed 相似文献
19.
TP-Satellite: A New Transport Protocol for Satellite IP Networks 总被引:1,自引:0,他引:1
《IEEE transactions on aerospace and electronic systems》2009,45(2):502-515
As a result of the exponential growth of the worldwide Internet, satellite systems are used to support broadband Internet access. Existing TCP protocols perform very well for Internet access on wired networks. However, in the case of satellite channels, due to the effects of high bandwidth asymmetry, long propagation delay, high sporadic bit error rate (BER) and burst errors, TCP performance degrades significantly. In this paper, a new end-to-end transport protocol, TP-Satellite, is proposed for satellite IP networks. TP-Satellite replaces the traditional slow start algorithm with a novel super start algorithm. In order to distinguish congestion events from link errors, a new scheme is introduced, which is based on alternate transmission of different class priority packets. Bandwidth asymmetry problems are addressed by the adoption of a modified negative acknowledgement (M-NACK) strategy, which periodically sends M-NACK packets. Simulation results show that TP-Satellite enhances the throughput performance on the forward path, reduces the bandwidth used in the reverse path, and offers a fair share of network resources. 相似文献