Interactive cockpits as critical applications: a model-based and a fault-tolerant approach

The deployment of higher interactivity in avionic digital cockpits for critical applications is a challenge today both in terms of software engineering and fault-tolerance. The dependability of the user interface and its related supporting software must be consistent with the criticality of the functions to be controlled. The approach proposed in this paper combines fault prevention and fault-tolerance techniques to address this challenge. Following the ARINC 661 standard, a model-based development of interactive objects namely widgets and layers aims at providing zero-defect software. Regarding remaining software faults in the underlying runtime support and also physical faults, the approach is based on fault tolerance design patterns, like self-checking components and replication techniques. The proposed solution relies on the space and time partitioning provided by the executive support following the ARINC 653 standard. Defining and designing resilient interactive cockpits is a necessity in the near future as these command and control systems provide a great opportunity to improve maintenance, evolvability and usability of avionic systems.

[1]  Horst Oberquelle Human-Machine Interaction and Role/Function/Action-Nets , 1986, Advances in Petri Nets.

[2]  Philippe A. Palanque,et al.  A Petri Net based Environment for the Design of Event-driven Interfaces , 1995, Application and Theory of Petri Nets.

[3]  David L. Parnas,et al.  On the use of transition diagrams in the design of a user interface for an interactive computer system , 1969, ACM '69.

[4]  S. S. Yau,et al.  Design of self-checking software , 1975 .

[5]  Philippe A. Palanque,et al.  Verification of an interactive software by analysis of its formal specification , 1995, INTERACT.

[6]  Paul Prisaznuk,et al.  ARINC Specification 653, Avionics Application Software Standard Interface , 2006, Avionics.

[7]  M. H. Hamilton Zero-defect software: The elusive goal: It is theoretically possible but difficult to achieve; logic and interface errors are most common, but errors in user intent may also occur , 1986, IEEE Spectrum.

[8]  E. Normand Single-event effects in avionics , 1996 .

[9]  Y. C. Yeh,et al.  Triple-triple redundant 777 primary flight computer , 1996, 1996 IEEE Aerospace Applications Conference. Proceedings.

[10]  Jean Arlat,et al.  Definition and analysis of hardware- and software-fault-tolerant architectures , 1990, Computer.

[11]  Ben Shneiderman,et al.  Severity and impact of computer user frustration: A comparison of student and workplace users , 2006, Interact. Comput..

[12]  Eric Barboni,et al.  High-Fidelity Prototyping of Interactive Systems Can Be Formal Too , 2009, HCI.

[13]  Eric Barboni,et al.  Model-Based Engineering of Widgets, User Applications and Servers Compliant with ARINC 661 Specification , 2006, DSV-IS.

[14]  Regina Bernhaupt,et al.  Evaluating User Experience in Games - Concepts and Methods , 2010, Human-Computer Interaction Series.

[15]  Rémi Bastide,et al.  A formal notation and tool for the engineering of CORBA systems , 2000 .

[16]  Amir Pnueli,et al.  Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends , 1986, Current Trends in Concurrency.

[17]  Philippe A. Palanque,et al.  A tool-supported design framework for safety critical interactive systems , 2003, Interact. Comput..

[18]  Philippe A. Palanque,et al.  Formal specification of CORBA services: experience and lessons learned , 2000, OOPSLA '00.

[19]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[20]  Isabelle Lacaze,et al.  Airbus fly-by-wire - A total approach to dependability , 2004, IFIP Congress Topical Sessions.

[21]  David A. Carr,et al.  Specification of interface interaction objects , 1994, CHI '94.

[22]  Philippe A. Palanque,et al.  Self-Checking Components for Dependable Interactive Cockpits Using Formal Description Techniques , 2011, 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing.

[23]  Eric Barboni,et al.  ICOs: A model-based user interface description technique dedicated to interactive systems addressing usability, reliability and scalability , 2009, TCHI.

[24]  Andreas Beu,et al.  Engineering Joy , 2001, IEEE Softw..