Traditionally, the research at FSD was focused on functions and algorithms. With the new focus on prototyping application systems with small and medium enterprises as main partners for UAS / RPAS and General Aviation Aircraft, implementation aspects have gained high importance. With the cost, weight, volume and other constraints of the markets addressed and the limited personnel and financial resources of typical SMEs, a transfer of solutions, processes, components and tools from large and military aviation would lead to a gigantic failure. Based on the specific requirements of the considered market and utilizing disruptive technologies and innovations from non-aerospace domains, tailored processes, tools and solutions are required.

Research focuses are model-based design of functional algorithms for guidance, navigation and control applications, model based safety assessment as well as the development of avionics system architectures and the contributing components (flight control computers, data concentrator units, electromechanical actuators, navigation systems and power system components). The work is accomplished in tight collaboration with highly innovative SMEs, manufacturers of RPAS and general aviation aircraft as well as tool vendors.

 

Innovative Development Process

Model-based development is one of the techniques to reduce the development effort and thus a main research focus at TUM-FSD. It enables smooth transition from the system to the software process. Therefore, we employ formal, executable models, facilitating model validation and verification tasks and enabling comprehensive automation. For that purpose, a consistent tool chain from the system to the software level is built up. The tool chain is based on the MathWorks tool suite, its main goal being that parts of the airborne software design can already be developed during the system phase where the controllers are designed.

A similar approach is applied to safety assessment. Avionics systems, integrating software, digital hardware, sensors and actuators need to be simulated as an ensemble, taking their nominal and failure behavior into account. Again, based on the MATLAB tool chain, TUM-FSD has a research focus on modelling and simulation of failure behavior. This way, we hope to automate the most tedious and error-prone task in safety assessment: Predicting system behavior in the presence of faults. Together with assisted planning of simulation runs to gather safety requirement fulfilment or violation proof and automated comparison of simulation results with formalized safety requirements, the effort of safety assessment can be greatly lowered without changing certification-relevant aspects of the safety assessment process.

 

Innovative System Architectures

To increase the safety of airborne systems the TUM-FSD is working on innovative system architectures and redundancy concepts. In contrast to the common approach to implement the same functionality on independent, dissimilar devices with a dissimilar software, we are working on functionally dissimilar monitoring approaches. The goal of these monitors is to evaluate the input/output behavior of the controller. The challenge is to define the expected output and the comparison in such a way that a high failure detection coverage is reached but still keeping the availability of the system as high as possible. Another concept to increase the safety is that functions are distributed on different systems, as explored in our research focus on redundant electro-mechanical actuators.

While offering two fully redundant actuation channels in one housing, those actuators can provide a second level of functional monitoring to the flight control system architecture. Based on access to dedicated guidance, navigation and control sensors, incoming position commands are evaluated for validity and checked against dynamic performance and envelope criteria. Thereby, potential degradations of the overall flight control system or actuator internal failures are taken into account. Moreover, the distributed availability of smart actuation systems enables the execution of backup flight control laws for aircraft stabilization and basic maneuverability.

The institute also addresses future avionic equipment and safe system architectures based on modern COTS multi-core processors and highly integrated System-On-a-Chip solutions. A dedicated research project is currently evaluating possible certification paths for the application of multi-core COTS processors in the safety-critical context, which not only targets the avionic market, but also certification in safety relevant systems in other industries. The goal is to provide a hardware and software architecture with detailed design descriptions, leading to an integrated, self-monitoring unit based on existing principles such as dissimilar monitoring, with the possibility to execute critical and non-critical functions side-by-side on a single unit.