Sie sind nicht angemeldet
Kompetenzzentrum
Wissensdatenbank
Anwendungsfelder
SE-Themen
Glossar
Forschungsprojekte
Anbieterverzeichnis
Datenbanksuche
Highlights
Wissensbrowser starten
Einordnung im Wissensnetz
Thema
MDA
Themeneinstiege
Einführung_MDA
MDA aus Praxissicht
Middleware
Zuordnung zu SE-Themen
Nicht verfügbar
Eintrag kommentierenEintrag bewerten
Dieser Eintrag wurde im Schnitt mit 0 von 5 Punkten bewertet
Erfahrung
The Sensor Voting UML Model I
Erfahrung:29200
Externe Quellen zum Thema NEU: Externe Quellen zum Thema suchen 
Beschreibung der Erfahrung
Zum Vergrößern bitte klicken

Figure 1: Flight control computers and their control relation to the physical sensors and actuators deployed in aircraft. The lines from flight control computers to sensors indicate which sensor is triggered by which flight control computer. A bold line from a flight control computer to the actuator indicates the channel written to by this flight control computer.

The investigated sensor voting system [8] is taken from the domain of avionics. It models a part of the flight control system that periodically obtains parameters of the aircraft from sensors and computes commands for servo actuators (cf. Fig. 1). As the sensor voting system - comprising the sensors, the flight control computers, and the channels to the actuators - is safety critical, a very high reliability is required. To this end, the sensors for each aircraft parameter, the channels to the actuators, and the flight control computers are implemented triple redundant. The instance of a sensor voting system shown in Fig. 1 reads sensors for two kinds of parameters, namely an angle and a velocity, and commands a single actuator.

Sensors are operated by the sensor voting system in the following phases:

  • acquire: each flight control computer triggers one sensor of each kind of parameter to conduct a measurement and to write the measured value to the shared memory, e.g. in Fig. 1, FC3 triggers the bottom-most angle and velocity sensors;
  • sample: each flight control computer reads the values of all sensors and all kinds of parameters from the shared memory, i.e. in Fig. 1, each flight control computer reads three values for the angle and three values for the velocity;
  • vote: each flight control computer decides whether a sensor's value is considered to be correct or faulty based on a comparison of the three values read in the last phase. That is, it is principally possible that one flight control computer considers a sensor correct while another one considers it failed, e.g., if both receive different values due to transmission errors when reading from the shared memory. Two sensors are considered correct if the difference between their measured values lies within a fixed tolerance. The third sensor is considered correct if the difference of its measured value lies within a fixed tolerance to any of the two other sensors.
  • monitor: each flight control computer stores the result of the last voting using one monitor for each sensor. The overall number of failures is counted and if a sensor fails more often than a fixed maximum, it is marked as out of order.
  • compute: each flight control computer computes the arithmetic average of the values sampled by all sensors that are considered correct and are not marked as out of order. Thus there is one final value per kind of parameter in each flight control computer. If no sensor is considered correct, an error value is the result of the compute phase, but this error value is actually not handled in the concrete model.
After these phases, each flight control computer computes an actuator command from the final values for each parameter kind, e.g. from the angle and the velocity in Fig. 1, and writes it to its channel, i.e. the connection to the actuator. Each flight control computer votes and monitors the three channels based on the command values as read back from the channels, i.e. each flight control computer has an individual perception of each channel's health. The effect of the channel voting lies, in contrast to the sensors, outside the scope of the model, i.e. the result is actually not used in the model.


To The Sensor Voting UML Model II

Back to overview Formal Verification of a Sensor Voting and Monitoring UML Model
Externe Quellen zum Thema NEU: Externe Quellen zum Thema suchen 
 Eintrag kommentieren 
 Eintrag bewerten 
Zu dieser Seite wurden noch keine Kommentare oder Bewertungen abgegeben.
The Sensor Voting UML...
 
Zum Seitenanfang Top Drucken Impressum AGB
Home
VSEK ©2001-2012