A review of fault management techniques used in safety-critical avionic systems

In order to achieve high integrity levels in complex, real-time, safety-critical systems, it is necessary to detect failures and take appropriate fault recovery action, to maintain safe system operation or fail to a safe state. It may also be necessary to alert the operator of the failure. In order to take appropriate maintenance action it is also necessary to isolate the failed component. This process is termed fault management. Airline experience with modem avionic systems is that, despite the apparent sophistication of the Built-in Test Equipment and Centralised Maintenance Systems, spurious fault detection is unacceptably high. Fault detection coverage is not uniformly good and fault isolation is often inaccurate or imprecise. This paper presents a critical analysis of the methods currently used in fault management, in the light of personal experience of safety-critical systems development within the aircraft industry and work by other researchers. It makes recommendations about the use of the various approaches and attempts to highlight areas where future research could be most usefully directed. It also assesses the impact that new avionics architectures may have on the utility of the various approaches to fault management in future aircraft systems. Copyright (C) 1996 Elsevier Science Ltd.