FPGA-Based Fault Tolerance Framework for Avionics Systems

Kurzfassung

Fault tolerance is a key element in the design of safety-critical avionics systems. Thus, they must be capable of enduring a specified number of random component failures to be considered adequate for safety-critical applications. Nevertheless, the occurrence of a fault (leading to a failure event) cannot be ruled out completely during the design process. Design choices are only partially effective in preventing failures because of the unpredictability of design errors. For this reason, avionics systems are designed and developed with a combination of fault avoidance and tolerance. The goal is to preserve the avionics system functionality even when faults occur in the system. The stages a fault-tolerant system must provide are fault detection, fault containment and isolation, and reconfiguration or recovery. In today's aircraft, redundancy is primarily used to ensure the integrity and reliability of an avionics system. Replicating avionics computers and communication paths is a common practice to achieve redundancy. Comparing and/or voting multiple avionics computer replicas, i.e., channels, allows the identification of a failed or malfunctioning channel. As a consequence, the faulty channel is isolated while the correct channels maintain system functionality. Synchronization and reliable inter- and intra-channel data exchange are required to implement such concepts. This results not only in processing overhead but also increases the development effort. Ultimately, the enhancement of fault tolerance increases system complexity and makes validation of the avionics system more challenging. Because of their specific design for particular applications, the majority of redundancy management systems additionally pose challenges with reusability. This paper presents an approach for a configurable fault tolerance framework. The framework supports the development of an FPGA-based avionics redundancy management system from system design to integration on the target hardware. The aim is a modular redundancy management system that is transparent to software developers and can be configured separately based on the system design. The proposed framework achieves this using a combination of pattern-based configuration and generic FPGA building blocks.