Figure 1. The concept of a Plug&Ffy Avionics (PAFA) system which detects topology and capabilities on its own and manages this information in a formal consciousness model.
What if avionics computers could be taken from the shelf and configure themselves after being installed? What if system function development could restrict to the pure function and safety is for free? This is the long-term vision of a research group in Stuttgart, Germany, pursued as so-called “plug&fly” avionics.
Plug&fly avionics is the concept of an avionics platform that is completely self-organizing in terms of configuration, failure management and qualification. As depicted in Figure 1 (above), it is composed of modules that dynamically detect the connection topology, capabilities and actual resource consumption.
This information is managed in a common platform consciousness. The consciousness is complete in the sense that it allows for reliable decisions on function allocation, redundant instantiations and reconfigurations. Besides the topology, this requires information about hardware reliabilities, latencies and synchronicity.
Functions for a plug&fly system need to be defined differently. A function shall be composed of prequalified blocks and include information about failure conditions, max occurrence probabilities and failure propagation. Like with the flexible platform approach, a simplex-minded definition of the system function shall be sufficient, i.e. the pure function without redundancy or failure management.
Safety is managed by the platform by deriving the appropriate system-management and redundancy. Current research aims at technical foundations of plug&fly (i.e. topology detection, self-organization algorithms and formal consciousness modeling). A first result is the open avionics architecture model (OAAM), which is designed to be the plug&fly consciousness and function definition language.
The Open Avionics Architecture Model (OAAM)
The challenge was to derive a formal model, which is rigid enough to allow for computer processing, but is generic enough to represent all current avionics technologies, as well as future technologies, such as optics or wireless communication. The result is the open avionics architecture model (OAAM) visualized in Figure 2.
Figure 2: Structure of the Open Avionics Architecture Model (OAAM) organized in nine layers.
OAAM holds the avionics architecture in terms of software, hardware and physical installation (anatomy). Moreover, it includes all information necessary to decide if an avionics architecture is valid. This includes resource information as well as safety and performance restrictions.
It is generic since the basic architecture building blocks are defined within the model, i.e. the resources, capabilities and inner composition of any hardware or connection type is defined generically within OAAM. The nine layers of OAAM respect the traditional development process. Since they are almost independent, they allow for in concurrent development of the avionics system definition.
Therefore, OAAM is viable for being used online as the plug&fly consciousness, but also for offline avionics architecture planning and optimization. OAAM is based on the Eclipse Modeling Framework and the meta-modeling language ECORE. Only modeling concepts are used that result in deterministic structures, which allow for an integration in safety-critical embedded system. The model and the Eclipse framework of OAAM (Figure 3) are available as open source under www.oaam.de.
Model-driven approaches can simplify the development process of safety-critical digital avionics systems. The flexible platform, the adaptive platform and architecture optimization achieved signification simplifications, but the ultimate goal is plug&fly avionics. With the OAAM, a first step was made in the direction of a realization.
However, it is expected that more than a decade passes until we see plug&fly in the air. One of the biggest challenges is the safe, trustworthy and qualified operation of a plug&fly system. The traditional certification process can only be applied to the initial setup. For all later self-organizations qualified self-verification methods and acceptable means of compliance have to be developed.
Read the full article in our August/September 2018 edition of Avionics.
Björn Annighöfer is a professor at the University of Stuttgart, Germany, at the Institute of Aircraft Systems. He represents methods of complex avionics systems in teaching and research. He has been contributing to various avionics research programs over the past 10 years.