In the design of fault tolerant real time systems, the most important issue is fault handling and redundancy managing. Adding hardware as well as software in order to tolerate faults requires a redundancy strategy to attain and prove the expected as well as the required fault tolerance. This paper presents fault handling strategies of a future distributed architecture for a flight control system (FCS) designed for the JAS 39 Gripen, a modern 4th generation multi-purpose combat aircraft. The results are based on knowledge of and experience from the JAS 39 Gripen, with over 15000 flight hours. Consequently, a highly dependable real time control system is addressed, however, the principles of the distributed system are general and can be applied to other combat and commercial aircraft as well as for other embedded control systems, e.g. in cars, trains etc. The distributed architecture aims to tolerate permanent and transient physical faults, whereas software design faults are not catered for. Simulations give experimental results for validation of the fault tolerance qualities of the distributed control system. The fault handling simulations include transient fault recovery, exploring three redundancy principles and also tests of time limits for permanent fault handling, i.e. system reconfiguration. The results are based on experiments on a simulator validated against the actual aircraft.
[1]
Martin Hiller,et al.
Executable assertions for detecting data errors in embedded control systems
,
2000,
Proceeding International Conference on Dependable Systems and Networks. DSN 2000.
[2]
Stefan Poledna,et al.
Fault-tolerant real-time systems - the problem of replica determinism
,
1996,
The Kluwer international series in engineering and computer science.
[3]
Jan Torin,et al.
The Evolution of Microelectronics and Its Impact on a Vionics
,
1998
.
[4]
Jan Torin,et al.
Future Electrical Flight Control Systems, Final report NFFP no 349
,
2002
.