fault tolerant systems Flashcards
what is a function
a behavior or performance of a system
- can be achieved via numerous systems
- “perform as intended”
- fxnl breakdown to separate staff
why fault tolerant systems
- all systems have faults
- we want Integrity, Reliability, Availability
- consequences can range from operational to financial problems
FTS definition
can still proide fxn even in the presence of a limited number of faults
what is reliability
probaility of a system operating fault free at a given time
-gives MTBF
what is availability
degree of availbility to provide intended functinos
avail = MTBF/(MTBF + MTTR)
what is deterministic? when does it fail?
output can be predetermined given we know the input
system faults or
security breaches
how are aircraft manufacturers differentiated?
NOT safety (either is or isn’t)
- TOC -> total cost of ownership (how much technical and financial means went into making product)
- lastly is travel comfort
why do systems fail?
human error
technical faults
-hardware
-software
-communiction
draw associated graphs
what is (initial) airworthiness?
- def: an aircraft that receives a certification from an authority
- part of national legislation -> many differ to larger countries
how do EASE, JAR, and FAA relate?
jar was joint of europe. THey modeled after FAR Part 25.
EASA formed recently (first is a350) with CS (certification Specification) -> also closely model for flying in several locations
what does CS Book 1 Subpart F Section 1309 do?
says system smust perform as intended
says potentially catastrophic systems failures must not be possible froma single fault
where is the table defining the probabilities for certain failure problem levels
as well as several definitions relating to probabilty of failures and fault tolerant systems
CS Part 25 Book 2 (gives AMC) Subpart F Section 1309
main task of DO 254
design assureance guidance for complex electronic hardware
main task of DO 178 C
software considerations in airbourne systems and equipment certifications
what is the basis of software qualification
high level spec -> (via driving) low level spec -> (via coding) source code -> (via compiling) executable (binary on H/W target)
what is required to show DAL A
- complete robust performance on the proper hardware
- full scope testing (complete unit tests)
- s/w h/w segregation
what does the DO-178C outline
objective, whether it is applicable to the given DAL, documents for how to reach it, and who it is controlled by.
how often does the qualification process outlined in DO178C have to be completed?
every life cycle.
-can perform an impact analysis to show partitioning (of software and hardware) to reduce requlify
elaborate on the software requirements process and software design process
high level requirements are derived from system requirements and further, derived high level requirements can be derived (not directly from system reqs). These are outlined in software requirements document
Low level requirements (and derived) LLR and specifications, functions, style etc derived from teh high level requirements. Decripbed in SDD.
elab on software integration process
s/s integration: machine code from source code.
s/h machine code onto target computer
what is redundancy
having more systems (functions, provisions) than needed to accomlish a task in fault-free operation
what is the purpose of redundancy?
- fault recognition (eg recording via BITE)
- fault management (deal with fault)
- fault correction (ex. channel coding)
- fault mask (priority voting)
- fault compensate (switching to another system potentially with less functionality)
what is graceful degredation
switching to a system with less functionality when original is not working
what purpuses of redundancy are possible with different levels?
simplex -> none (no detection of management)
duplex -> detect one fault
triplex -> detect two faults or mask/ compensate for one fault
what is a common mode failure?
a failure that occurs in multiple redundancies from the same occurance.
how can you avaid common mode failures
dissimilar redundancy
-sometimes defferent development cycles completely -> very costly.
what are teh two basic methods of redundancy management
- master/slave
- comand monitor
explain master-slave principle of redundancy management
both fully capable. One is active(master). slave channel in stand-by mode
master send “good health signal” to slave. If not received, slave takes over.
explain command monitor
onle comand can operate. Monitor checks command system and if disagreement, switch to another system.
