A Software-Implemented Fault-Tolerance Approach for Control and Display Systems in Avionics

Engineering interactive systems for safety critical applications such as in avionic digital cockpits (and more generally Graphical User interfaces) is a challenge from a dependability viewpoint. The dependability of the user interface and its related hardware and software components must be consistent with the criticality of the functions to be controlled and their required DAL levels. This paper proposes a stepwise refinement approach going from systematic identification of failure modes of these systems to their detection via formally defined assertions. The last steps of the approach present how the assertions can be included into the monitoring part of self-checking interactive components and how they can be deployed on an architecture compliant with the ARINC 653 specification, ensuring temporal and spatial segregation, thus detecting errors and preventing failures due to both physical and transient software faults. We present how these contributions have been applied to the Flight Control Unit Backup interactive application which is available in A380 interactive cockpits.