CNRS Nov 2003

RTP CNRS-STIC 21 15 Nov 03 - Paris

Pascal Traverse

1. Principes2. Architecture


1. Principes

2. Architecture avionique A380

Commandes de vol électriques

- disponibilité

- mouvement intempestif de gouvernes


man-machine interface•flight envelope protection

•maintenability

•challenges & trends

system failures•control and monitoring computers

•components redundancy


particular risks•segregation

•ultimate back-up


design and manufacturing errors•error avoidance

•error tolerance



(BULKHEAD)WATCHDOG

RAMROMPROCESSOR

WATCHDOG

POWER SUPPLY

INPUT / OUTPUT

RAMROMPROCESSOR

POWER SUPPLY

INPUT / OUTPUT

MONITORING

CONTROL

28 VDC

Lightning strike protectionsACTUATORS

relays

relays

system failures

•control and monitoring computers


Servo valve

Command

computer

Monitoring

Solenoid valve

system failures

•control and monitoring computers


A340- 500/600 EFCS architecturesystem failures

•components redundancySpeedbrakes/ground spoilers

YB

ELEVATOR

THS

M

ELEVATOR

1 2 3P1 P2 P3

GB G YP1P2

S2 S1

P1 P2

S2S1

AILERONS

BGP1 P2

S2S1

AILERONS

Y GS2 P3

B G

G Y

SLATS

FLAPS

roll surfacesroll surfaces

GYP3 S1

outboard inboard outboardinboardG B

P1 P2

S2S1

SPOILERS(1 ->6)SPOILERS(6 -> 1)

YP2

BP3

YS1

GP1 P3

GBS2

G B B Y G YP3 P3 S2 P2 P1 S1

RUDDER

Y

B

TRIMS2S1 G

P2

P1 S1

P3

BCM

BPS YBPS B

Speedbrakes/ground spoilers


Hydraulicsystem(power)

AccumulatorServovalve

Modeselectordevice

Ram

Hydraulic block

Electronics

Modeselectordevice

Ram

Hydraulic block

Motor

PumpAccumulator

ELECTRO-HYDROSTATIC ACTUATOR

HYDRAULIC SERVOCONTROL

system failures


Electro-Hydrostatic Actuator

Electricalsystem(power)


Avionics

Avionics Flight Controls Actuators

ELECTRICAL GENERATION HYDRAULIC GENERATION

HYDRAULIC GENERATIONELECTRICAL GENERATION

EMERGEN

GEN1

GEN2

APUGEN

EMERGEN

GEN1

GEN2

APUGEN

GREENPUMP

YELLOWPUMP

BLUEPUMP

GREENPUMP

YELLOWPUMP

• A320 ... A340

• A380 A400M

system failures


A380 A400M - Four power sources

Flight Controls Actuators


system failures


EHA are a great opportunity (weight, dissimilarity, segregation)and a challenge with new failure modes


Airbus Fly-by-Wire:system is developed to ARP 4754 level AComputers to DO178B & DO254 level A

Two types of dissimilar computers are usedPRIM ≠ SEC

Error avoidance

Error tolerance

design and manufacturing errors



•error avoidance

- formalised specification(SAO/SCADE)

- automatic programming


Iron Bird

Simulator•full cockpit•desktop

Bench for system

integration

SAO/SCADEautomatic programming


•error avoidance

Testing Facilities



•error tolerance

ELAC ≠ SECPRIM ≠ SEC

COM ≠ MON

with EHA � electrical power AND hydraulic power

� 4 different softwares

data diversity




PRIM / SEC dissimilarity: from random to managed dissimilarity

in-service experience: dissimilarity for system availability is essential


particular risks

•segregation

Computers separation

avoidance of a common failure point- loose luggages- spilling liquid- ...


particular risks

•segregation

Power sources separation

A380, A400M: increased segregation thanks to EHA


particular risks

•ultimate back-up

goal of Airbus ultimate back-up: continued safe flight while crew restore primary flight controls

•reset PRIM and SEC•reset electrical generation

use of ultimate back-up designed to be Extremely Improbable

no credit in certification

goal of Airbus ultimate back-up


particular risks

•ultimate back-up A320: mechanical linkage to THS & rudder

A340: ditto, plus Back-up Yaw DampingA340-600: mechanical linkage to THSautonomous, electrical back-up from pedals to rudder

A380 A400M: electrical back-up on rudder, elevator, aileron

solution for Airbus ultimate back-up

yawrategyro

hydr → elec servoloop

pedalsposition


particular risks


•military environment on A400M

•A340-600 Taxi Aid Camera System: open the way to affordable, maintainable flight-by-light


Stick released :Aircraft will fly inside normal

Flight Envelope

Stick on the stops :Aircraft will fly

at the maximum safe limit

Peripheral flight envelopePositive static stability

Normal flight envelopeNeutral static stability

• Pilot reaction immediate and instinctive in case of an emergency situation

• Full authority available to consistently achieve the maximum available performance on the A/C

• Potential of over-control and overstress reduced

A/C protected against: • stall• excessive attitude (pitch, bank)• over-speed• excessive load factor

man-machine interface

•flight envelope protection


Pitch attitude 30°

Angle of attack

Bankangle 67°

Pitch attitude - 15°

- 1.0 g

+ 2.5 g

LoadFactor

Excessive speed(VMO + 6 Kt)


•flight envelope protection



•maintenability

•challenges and trends

•extensive fool-proofing

•precise trouble shooting

(800 different failure diagnostic)

•maturity at entry into service


A380 Aircraft Data Communication Network

• dual redundant network

• Switched Ethernet type

COM

MON

network


A380 Aircraft Data Communication Network

FCGU1A FCGU1BPRIM1

SEC1SFCC1

ADIRU1

FCGU2AFCGU2BPRIM2

SEC2 SFCC2

ADIRU2

FCGU3AFCGU3BPRIM3

SEC3

OSCU

SPDB5

SW-16

SW-6

IOM 1

IOM 3

FM1

EEC2 A

B

EEC4 A

B

CDSL1

CDSL2

SW-11

SW-1

IOM 2

IOM 4

FM2

EEC1A

B

EEC3A

B

CDSR2

CDSR1

CDSC1

CDSC2

CDSR3

CDSL3

FM3 ADIRU3 CMV

CPIOM-C1

CPIOM-D1

AESU 1

IOM 5

IOM 7

CPIOM-C2

AESU 2

IOM6

IOM 8

CPIOM-F2

CPIOM-F4

CPIOM-G2

CPIOM-G4

CPIOM-E2

SPDB 2

SPDB 4

CPIOM-F1

CPIOM-F3

CPIOM-G1

CPIOM-G3

CPIOM-E1

SPDB 1

SPDB 3

ECB

SPDB7

CIDS1SDS1

CPIOM-A1CPIOM-A3 CPIOM-B1CPIOM-B3

SPDB 6

SPDB 8

CIDS2SDS2

CPIOM-A2 CPIOM-A4CPIOM-B2 CPIOM-B4

SW-12

SW-2

CDAM

SW-19

SW-9

SEPDC1 SEPDC2

SCI

18+2FT 18+2FT

12+1FT

16+2FT 15+2FT

14+2FT 12+2FT

15+2FT 14+2FT

SW-14

SW-4

SW-13

SW-3

DSMS

SW-17

SW-7

SW-15

SW-5

SW-18

SW-8

CPIOM-D3

Usual electrical separation of blocks of computers

loss of ADCN /mutated dataon network: not critical


A380 ADCN & SHARED RESSOURCES

LRM

CONFIGUREDMODULE

Hardware + resident software

FWC

1

FCD

C 1

WB

BC

1

Application Programming Interface (API)

FCU

Bac

k-up

1

Operating System (O/S)+ other functions

Hardware + resident software

FWC

2

FCD

C 2

WB

BC

2

Application Programming Interface (API)

FCU

Bac

k-up

2

Operating System (O/S)+ other functions

CPIOM-C 1 CPIOM-C 2

ADCN

Arinc 429

PRIM 1 SEC 1 PRIM 2 SEC 2 PRIM 3 SEC 3

non essential functions (warning, maintenance, …) located on shared ressources

Essential data network-old technology-Separated from ADCN

CNRS Nov 2003

Documents

Transcript of CNRS Nov 2003