Interactive Cockpits as Critical Applications: a Model-Based and a Fault-Tolerant Approach
Résumé
The deployment of higher interactivity in avionic digital cockpits for critical applications is a challenge today both in terms of software engineering and fault-tolerance. The dependability of the user interface and its related supporting software must be consistent with the criticality of the functions to be controlled. The approach proposed in this paper combines fault prevention and fault-tolerance techniques to address this challenge. Following the ARINC 661 standard, a model-based development of interactive objects (namely widgets and layers) aims at providing zero-defect software. Regarding remaining software faults in the underlying runtime support and also physical faults, the approach is based on fault tolerance design patterns, like self-checking components and replication techniques. The proposed solution relies on the space and time partitioning provided by the executive support following the ARINC 653 standard. Defining and designing resilient interactive cockpits is a necessity in the near future as these command and control systems provide a great opportunity to improve maintenance, evolvability and usability of avionic systems.