Service Communautaire d'Information sur la Recherche et le Développement - CORDIS

Case study: a vote monitor

The case study is a flight control mechanism that implements "sensor voting" and "sensors monitoring" operations in a typical flight control system. The main role of a Flight Control Computer of an aircraft is to implement control loops based on computations of Command values to Servo actuators controlling the air vehicle surfaces. These computations are parameterised by the actual values provided periodically by different sensors installed in the air vehicle. This system is critical and requires a very high reliability in presence of hardware faults. For achieving this reliability, we realize the avionics system using a triple redundancy of the different Sensors and Flight Control Computers.

Evaluation summary:
On the basis of this case study, IAI has used and done some evaluation of three tools developed in Omega. For this evaluation, the case study has been tailored:

Using Play Engine (Weizmann Institute):
The case study has been reduced and simplified for fitting the tool limitations and the case study version that was used on the LSC Play engine consists of one channel and three sensors.

In order to run the tool with our case study we needed to seriously simplify the model and reduce it to only 4 statecharts and 12 classes focusing in this way on the non real time issues in the model.

Using IF (Verimag):
With the IF tool, we wanted to verify time related properties of our case study. In order to do so, we have modelled the timing aspects of the system with Rational Rose, as using Rhapsody posed problems with the export of the action language part and also with the timed annotations. The model used for timed verification is based on the same state machines, but the functionality (in particular the voting mechanism, including the health monitor) has been omitted; on the other hand, all objects are active, and here we have taken into account two CPUs. The model was extended with timing specifications: we defined time triggered actions and time consuming activities of variable duration.

Reported by

Israel Aircraft Industries Ltd.
Ben Gurion International Airport
70100 -