fault tolerant systems

Question 1

what is a function

Answer 1

a behavior or performance of a system

• can be achieved via numerous systems
• “perform as intended”
• fxnl breakdown to separate staff

Question 2

why fault tolerant systems

Answer 2

• all systems have faults
• we want Integrity, Reliability, Availability
• consequences can range from operational to financial problems

Question 3

FTS definition

Answer 3

can still proide fxn even in the presence of a limited number of faults

Question 4

what is reliability

Answer 4

probaility of a system operating fault free at a given time

-gives MTBF

Question 5

what is availability

Answer 5

degree of availbility to provide intended functinos

avail = MTBF/(MTBF + MTTR)

Question 6

what is deterministic? when does it fail?

Answer 6

output can be predetermined given we know the input

system faults or
security breaches

Question 7

how are aircraft manufacturers differentiated?

Answer 7

NOT safety (either is or isn’t)

• TOC -> total cost of ownership (how much technical and financial means went into making product)
• lastly is travel comfort

Question 8

why do systems fail?

Answer 8

human error 
technical faults
    -hardware
    -software 
    -communiction

draw associated graphs

Question 9

what is (initial) airworthiness?

Answer 9

• def: an aircraft that receives a certification from an authority
• part of national legislation -> many differ to larger countries

Question 10

how do EASE, JAR, and FAA relate?

Answer 10

jar was joint of europe. THey modeled after FAR Part 25.
EASA formed recently (first is a350) with CS (certification Specification) -> also closely model for flying in several locations

Question 11

what does CS Book 1 Subpart F Section 1309 do?

Answer 11

says system smust perform as intended

says potentially catastrophic systems failures must not be possible froma single fault

Question 12

where is the table defining the probabilities for certain failure problem levels
as well as several definitions relating to probabilty of failures and fault tolerant systems

Answer 12

CS Part 25 Book 2 (gives AMC) Subpart F Section 1309

Question 13

main task of DO 254

Answer 13

design assureance guidance for complex electronic hardware

Question 14

main task of DO 178 C

Answer 14

software considerations in airbourne systems and equipment certifications

Question 15

what is the basis of software qualification

Answer 15

high level spec -> (via driving) low level spec -> (via coding) source code -> (via compiling) executable (binary on H/W target)

Question 16

what is required to show DAL A

Answer 16

• complete robust performance on the proper hardware
• full scope testing (complete unit tests)
• s/w h/w segregation

Question 17

what does the DO-178C outline

Answer 17

objective, whether it is applicable to the given DAL, documents for how to reach it, and who it is controlled by.

Question 18

how often does the qualification process outlined in DO178C have to be completed?

Answer 18

every life cycle.

-can perform an impact analysis to show partitioning (of software and hardware) to reduce requlify

Question 19

elaborate on the software requirements process and software design process

Answer 19

high level requirements are derived from system requirements and further, derived high level requirements can be derived (not directly from system reqs). These are outlined in software requirements document

Low level requirements (and derived) LLR and specifications, functions, style etc derived from teh high level requirements. Decripbed in SDD.

Question 20

elab on software integration process

Answer 20

s/s integration: machine code from source code.

s/h machine code onto target computer

Question 21

what is redundancy

Answer 21

having more systems (functions, provisions) than needed to accomlish a task in fault-free operation

Question 22

what is the purpose of redundancy?

Answer 22

• fault recognition (eg recording via BITE)
• fault management (deal with fault)
  
  • fault correction (ex. channel coding)
  • fault mask (priority voting)
  • fault compensate (switching to another system potentially with less functionality)

Question 23

what is graceful degredation

Answer 23

switching to a system with less functionality when original is not working

Question 24

what purpuses of redundancy are possible with different levels?

Answer 24

simplex -> none (no detection of management)

duplex -> detect one fault

triplex -> detect two faults or mask/ compensate for one fault

Question 25

what is a common mode failure?

Answer 25

a failure that occurs in multiple redundancies from the same occurance.

Question 26

how can you avaid common mode failures

Answer 26

dissimilar redundancy

-sometimes defferent development cycles completely -> very costly.

Question 27

what are teh two basic methods of redundancy management

Answer 27

• master/slave

- comand monitor

Question 28

explain master-slave principle of redundancy management

Answer 28

both fully capable. One is active(master). slave channel in stand-by mode
master send “good health signal” to slave. If not received, slave takes over.

Question 29

explain command monitor

Answer 29

onle comand can operate. Monitor checks command system and if disagreement, switch to another system.