CN109543251B - Method for guaranteeing grade distribution in development of airborne equipment - Google Patents

Method for guaranteeing grade distribution in development of airborne equipment Download PDF

Info

Publication number
CN109543251B
CN109543251B CN201811311142.4A CN201811311142A CN109543251B CN 109543251 B CN109543251 B CN 109543251B CN 201811311142 A CN201811311142 A CN 201811311142A CN 109543251 B CN109543251 B CN 109543251B
Authority
CN
China
Prior art keywords
development
equipment
function
functional
guarantee
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811311142.4A
Other languages
Chinese (zh)
Other versions
CN109543251A (en
Inventor
马庆林
张丽
张茂
车程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AVIC First Aircraft Institute
Original Assignee
AVIC First Aircraft Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AVIC First Aircraft Institute filed Critical AVIC First Aircraft Institute
Priority to CN201811311142.4A priority Critical patent/CN109543251B/en
Publication of CN109543251A publication Critical patent/CN109543251A/en
Application granted granted Critical
Publication of CN109543251B publication Critical patent/CN109543251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/10Geometric CAD
    • G06F30/15Vehicle, aircraft or watercraft design

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Safety Devices In Control Systems (AREA)
  • Emergency Alarm Devices (AREA)

Abstract

A method for allocating grades for developing and guaranteeing airborne equipment is characterized in that correlation is carried out on functional failures of the airborne equipment to airplane functional failures based on a flow chart; after airborne equipment functional faults of which development guarantee levels are definitely required to be determined are determined, and specific failure states of the airplanes, which can be associated with the functional faults, are determined to be associated with corresponding failure states, distribution is carried out according to a basic distribution principle provided in SAE ARP4754A civil airplane and system development guidelines. The method is suitable for determining the level of the dangerous state caused by the functional failure of the airplane. The purpose of determining the development guarantee level is to make a corresponding working procedure and a development standard for the corresponding development guarantee level from the perspective of safety in the development process of the system so as to minimize errors in design. In the invention, on the basis of a general development guarantee grade distribution principle, a step-by-step judgment method is adopted on the basis of a development guarantee grade distribution flow chart, so that the development guarantee grade of the functions of airborne equipment is determined.

Description

Method for guaranteeing grade distribution in development of airborne equipment
Technical Field
The invention belongs to the field of airplane safety design and evaluation, and relates to a flow chart-based distribution method for function development guarantee levels of airborne equipment, which is mainly used for determining the development guarantee levels of the equipment and formulating corresponding control programs and methods according to the development guarantee levels so as to minimize errors in design.
Background
In the development process of modern aircraft systems, particularly in the process of airworthiness qualification and approval of civil aircraft, safety design and evaluation are indispensable parts, and the whole development cycle is run through to ensure that the development result meets the safety requirement. With the continuous improvement of the complexity and the integration of modern aircraft systems, the airworthiness examination department focuses more and more on errors possibly generated in the development process, and like random failure of components, the errors generated in the development process can also finally influence the performance of the aircraft/systems. However, unlike random failures which can be quantitatively evaluated by probability of occurrence calculation, development errors cannot be evaluated by probability calculation. Thus, for development errors, a flow should be established to ensure that the errors have been reduced to an acceptable level with a suitable level of stringency. This process is called a development guarantee process, and the level of the severity of the corresponding development process is called a development guarantee level.
In SAE ARP4754A "guidelines for civil aircraft and systems development", a basic principle for developing guaranteed level allocation is proposed, and in a specific operable allocation method, a top-down allocation method using a fault tree as a typical case is given: firstly, in primary system safety evaluation, distributing development guarantee levels of top-level events according to the categories of the functional failure states of the airplane; then, after the top-level function is decomposed into a plurality of sub-functions, the development guarantee levels of the sub-functions are distributed; and finally, further decomposing the functions into equipment, and distributing development guarantee levels for the equipment.
The top-down distribution method based on the fault tree provided by SAE ARP4754A has clear hierarchy and clear thought, but the working efficiency needs to be further improved because a more complex fault tree needs to be drawn.
Disclosure of Invention
Objects of the invention
The invention mainly adopts a bottom-up distribution method based on a flow chart to realize the distribution of development assurance levels. The invention mainly provides a method for developing guaranteed grade distribution by bottom-up airborne equipment based on a flow chart. Through a flow chart, the functional failure of the equipment is associated with the failure of the top-level function of the airplane, and the development guarantee grade of the functions of the airborne equipment is judged step by step through the decision on the functional redundancy and the equipment backup condition.
The technical scheme of the invention is that
The method is based on the flow chart, and the functional failure of the airplane is correlated with the functional failure of the airborne equipment. After a functional failure of an onboard device that clearly requires a level of warranty for development is determined, a specific failure state of the aircraft (e.g., catastrophic failure state, dangerous failure state, significant failure state) to which the functional failure can be associated is determined. After being associated with the corresponding failure state, the distribution is performed according to the basic distribution principle proposed in SAE ARP4754A, and the following takes the failure state of the disaster as an example to explain a specific distribution flow and describe the scheme of the invention.
A method for allocating grades for development guarantee of airborne equipment is characterized in that correlation is carried out on functional failures of aircrafts through functional failures of the airborne equipment based on a flow chart; after airborne equipment functional faults of which development guarantee levels are definitely required to be determined are determined, and specific failure states of the airplanes, which can be associated with the functional faults, are determined to be associated with corresponding failure states, distribution is carried out according to a basic distribution principle provided in SAE ARP4754A civil airplane and system development guidelines.
The method comprises the following specific steps:
the first step is as follows: the method comprises the steps of (1) carding out an airborne equipment list needing to determine development guarantee grade, and carding out a function that the airborne equipment needs to be distributed with development guarantee;
the second step is that: the functional failure of the airborne equipment which needs to be assigned with the development guarantee level is related to the functional failure of the airplane, and the failure states of disasters, dangers or serious failures caused by the functional failure of the airborne equipment are determined;
the third step: according to the failure state associated with the functional fault of the airborne equipment, the distribution is carried out according to the following steps by combining a development guarantee level distribution flow chart:
1) Whether the functional failure of the airborne equipment is related to the failure state of the airplane disaster or not, if so, carrying out development guarantee grade distribution according to the steps 2-5, and if not, directly executing the steps 6-14 to carry out development guarantee grade distribution;
2) Judging whether the function of the fault has independent redundant design in the design scheme of the aircraft system, if not, allocating the equipment function development guarantee level to be A, and if so, entering the next judgment;
3) Judging whether the number of the redundancies is greater than or equal to 2 in the redundancy design, if so, allocating the equipment function development guarantee level as C, if only one redundancy exists in the equipment function, selecting not, and entering the next judgment;
4) Judging whether a main function and a standby function are different in only one redundancy design, if not, allocating the equipment function development guarantee level to be B, and if so, entering the next judgment;
5) Judging whether the equipment function is a main function, if so, allocating an equipment function development guarantee level to be A, and if not, allocating an equipment function development guarantee level to be C;
6) Judging whether the functional fault of the airborne equipment is related to the dangerous failure state of the airplane, if so, carrying out development guarantee grade distribution according to the step 7-10, and if not, directly executing the step 11-14 to carry out development guarantee grade distribution;
7) Judging whether the function of the fault has independent redundant design in the design scheme of the aircraft system, if not, allocating the equipment function development guarantee level as B, and if so, entering the next judgment;
8) Judging whether the number of the redundancies is greater than or equal to 2 in the redundancy design, if so, allocating the equipment function development guarantee level as D, if only one redundancy exists in the equipment function, selecting not, and entering the next judgment;
9) Judging whether the difference between the main function and the standby function exists in only one redundancy design, if not, then the equipment function development guarantee grade is distributed as C, if so, then entering the next judgment;
10 Judging whether the equipment function is a main function, if so, allocating the development guarantee grade of the equipment function to be B, and if not, allocating the development guarantee grade of the equipment function to be D;
11 Judging whether the fault function has independent redundant design in the design scheme of the aircraft system, if not, allocating the equipment function development guarantee level as C, and if so, entering the next judgment;
12 Judging whether the number of redundancy is more than or equal to 2 in the redundancy design, if so, then the equipment function development guarantee grade is distributed as E, if so, namely, the equipment function has only one redundancy, then the selection is no, and then the next judgment is carried out;
13 Judging whether the difference between the main function and the standby function exists in only one redundancy design, if not, then the equipment function development guarantee grade is distributed as D, if so, then entering the next judgment;
14 Judging whether the equipment function is a main function, if so, allocating the development guarantee grade of the equipment function to be C, and if not, allocating the development guarantee grade of the equipment function to be E;
the fourth step: and (4) combing the development guarantee grades of all functions of the airborne equipment according to the distribution result, and forming an equipment function development guarantee grade distribution list.
The equipment function development assurance levels A, B, C, D, E are defined by SAE ARP4754A civil aircraft and System development guidelines. The functional failure of the aircraft includes a catastrophic failure state, a dangerous failure state. The functional failure of the equipment is associated with the failure of the top-layer function of the airplane, and the development guarantee level of the functions of the airborne equipment is gradually judged by deciding on functional redundancy and equipment backup situations. The method is a bottom-up distribution approach. The method is suitable for determining the level of a dangerous state caused by the functional failure of the airplane.
The invention has the advantages that:
a method for developing and guaranteeing grade distribution of airborne equipment breaks through a top-down distribution mode based on a fault tree, directly correlates functional failure of the equipment with the influence grade of a top-layer functional failure state of an airplane, combines an airplane system architecture and a redundancy design state to carry out distribution through a flow chart, and is a bottom-up distribution mode. The method avoids drawing a more complicated fault tree, judges the failure influence level of the airborne equipment by using the flow chart layer, and improves the distribution efficiency of the development guarantee level of the airborne equipment. In addition, the analysis input of the invention is the functional failure state of the airborne equipment, and the development and guarantee grade of all functions of the airborne equipment can be realized only by comprehensively combing out all possible functional failures of the airborne equipment, thereby avoiding missing items.
Drawings
FIG. 1 is a schematic diagram of a development assurance level assignment process
Detailed Description
The invention is further described below with reference to fig. 1. Only the failure states associated with disaster and danger are illustrated in fig. 1, and the distribution of other failure states is based on the basic principles of development assurance level distribution and so on.
The first step is as follows: the method comprises the steps of (1) carding out an airborne equipment list needing to determine development guarantee grade, and carding out a function that the airborne equipment needs to be distributed with development guarantee;
the second step is that: the functional failure of the airborne equipment needing to be distributed with the development guarantee level is related to the functional failure of the airplane, and the failure states of disasters, dangers or serious failures caused by the functional failure of the airborne equipment are determined;
the third step: according to the failure state associated with the functional fault of the airborne equipment, the distribution is carried out according to the following steps by combining a development guarantee level distribution flow chart:
1. whether the functional failure of the airborne equipment is related to the failure state of the airplane disaster or not, if so, carrying out development guarantee grade distribution according to the steps 2-5, and if not, directly executing the steps 6-14 to carry out development guarantee grade distribution;
2. in the design of an aircraft system, is the functionality that failed a separate redundant design? If the selection is not, the equipment function development guarantee grade is distributed as A, and if the selection is yes, the next judgment is carried out;
3. in a redundant design, is the amount of redundancy redundant or equal to 2? If the selection is yes, the equipment function development guarantee grade is distributed as C, and if the selection is not (namely the equipment function has only one redundancy), the next step of judgment is carried out;
4. is there a difference between the primary and standby functions in a redundant design with only one? If the selection is not, the equipment function development guarantee grade is distributed as B, and if the selection is yes, the next judgment is carried out;
5. is the device function primary? If the selection is yes, the device function development assurance level is assigned as a, and if the selection is no, the device function development assurance level is assigned as C.
6. Whether the functional fault of the airborne equipment is related to the dangerous failure state of the airplane or not, if so, carrying out development guarantee grade distribution according to the step 7-10, and if not, directly executing the step 11-14 to carry out development guarantee grade distribution;
7. in the design of an aircraft system, is the functionality that failed a separate redundant design? If the selection is not, the equipment function development guarantee grade is distributed as B, and if the selection is yes, the next judgment is carried out;
8. in a redundant design, is the amount of redundancy redundant or equal to 2? If the selection is yes, the equipment function development guarantee level is distributed as D, and if the selection is not (namely the equipment function only has one redundancy), the next judgment is carried out;
9. is there a difference between the primary and standby functions in a redundant design with only one? If the selection is not, the equipment function development guarantee grade is distributed to be C, and if the selection is yes, the next judgment is carried out;
10. is the device function primary? If the selection is yes, the device function development assurance level is assigned as B, and if the selection is no, the device function development assurance level is assigned as D.
11. In the design of an aircraft system, is the functionality that failed a separate redundant design? If the selection is not, the equipment function development guarantee grade is distributed to be C, and if the selection is yes, the next judgment is carried out;
12. in a redundant design, is the amount of redundancy redundant or equal to 2? If the selection is yes, the equipment function development guarantee grade is distributed to be E, and if the selection is not (namely the equipment function has only one redundancy), the next step of judgment is carried out;
13. is there a difference between the primary and standby functions in a redundant design with only one? If the selection is not, the equipment function development guarantee grade is distributed to be D, and if the selection is yes, the next step of judgment is carried out;
14. is the device function primary? If the selection is yes, the device function development assurance level is assigned as C, and if the selection is no, the device function development assurance level is assigned as E.
The fourth step: and (4) combing the development guarantee grades of all functions of the airborne equipment according to the distribution result, and forming an equipment function development guarantee grade distribution list.
The invention breaks through the conventional traditional method of carrying out development guarantee grade distribution from top to bottom by adopting the fault tree, and carries out development guarantee grade distribution through the flow chart. The functional failure of the equipment is directly related to the influence level of the top functional failure state of the airplane, and the top effect caused by the specific functional failure of the equipment is judged step by step, so that the method is a bottom-up distribution mode. The problem that a fault tree which is relatively complex to draw is avoided, the top-layer function failure of the airplane caused by the function failure of the airborne equipment only needs to be analyzed, the failure influence level of the airborne equipment is judged by using the flow chart, and the distribution efficiency of the development guarantee level of the airborne equipment can be improved; the analysis input of the method is the functional failure state of the airborne equipment, so that all possible functional failures of the airborne equipment can be comprehensively combed out, and missing items are avoided.

Claims (6)

1. A method for allocating development guarantee grades of airborne equipment is characterized in that correlation is carried out on functional failures of the airborne equipment through functional failures based on a development guarantee grade allocation flow chart; after airborne equipment functional faults of which the development guarantee level is definitely required to be determined are determined, and after the specific failure state of the airplane which can be associated with the functional faults is judged to be associated with the corresponding failure state, the airplane is distributed according to a basic distribution principle provided in SAE ARP4754A civil airplane and system development guidelines; the method comprises the following specific steps: the first step is as follows: the method comprises the steps of (1) carding out an airborne equipment list needing to determine development guarantee grade, and carding out a function that the airborne equipment needs to be distributed with development guarantee; the second step is that: the functional failure of the airborne equipment which needs to be assigned with the development guarantee level is related to the functional failure of the airplane, and the failure states of disasters, dangers or serious failures caused by the functional failure of the airborne equipment are determined; the third step: according to the failure state associated with the functional fault of the airborne equipment, the distribution is carried out according to the following steps by combining a development guarantee level distribution flow chart: 1) Whether the functional failure of the airborne equipment is related to the failure state of the airplane disaster or not, if so, carrying out development guarantee grade distribution according to the steps 2-5, and if not, directly executing the steps 6-14 to carry out development guarantee grade distribution; 2) Judging whether the function of the fault has independent redundant design in the design scheme of the aircraft system, if not, allocating the equipment function development guarantee level to be A, and if so, entering the next judgment; 3) Judging whether the number of the redundancies is greater than or equal to 2 in the redundancy design, if so, allocating the equipment function development guarantee level as C, if only one redundancy exists in the equipment function, selecting not, and entering the next judgment; 4) Judging whether a main function and a standby function are different in only one redundancy design, if not, allocating the equipment function development guarantee level to be B, and if so, entering the next judgment; 5) Judging whether the equipment function is a main function, if so, allocating the development guarantee grade of the equipment function to be A, and if not, allocating the development guarantee grade of the equipment function to be C; 6) Judging whether the functional fault of the airborne equipment is related to the dangerous failure state of the airplane, if so, carrying out development guarantee grade distribution according to the step 7-10, and if not, directly executing the step 11-14 to carry out development guarantee grade distribution; 7) Judging whether the fault function has independent redundant design in the design scheme of the aircraft system, if not, allocating the equipment function development guarantee level to be B, and if so, entering the next judgment; 8) Judging whether the number of the redundancies is greater than or equal to 2 in the redundancy design, if so, allocating the equipment function development guarantee level as D, if only one redundancy exists in the equipment function, selecting not, and entering the next judgment; 9) Judging whether the difference between the main function and the standby function exists in only one redundancy design, if not, then the equipment function development guarantee grade is distributed as C, if so, then entering the next judgment; 10 Judging whether the equipment function is a main function, if so, allocating the development guarantee grade of the equipment function to be B, and if not, allocating the development guarantee grade of the equipment function to be D;11 Judging whether the fault function has independent redundant design in the design scheme of the airplane system, if not, assigning the equipment function development guarantee level as C, and if so, entering the next judgment; 12 Judging whether the number of redundancy is more than or equal to 2 in the redundancy design, if so, then the equipment function development guarantee grade is distributed as E, if so, namely, the equipment function has only one redundancy, then the selection is no, and then the next judgment is carried out; 13 Judging whether the difference between the main function and the standby function exists in only one redundancy design, if not, then the equipment function development guarantee grade is distributed as D, if so, then entering the next judgment; 14 Judging whether the equipment function is a main function, if so, allocating the development guarantee grade of the equipment function to be C, and if not, allocating the development guarantee grade of the equipment function to be E; the fourth step: and (4) combing the development guarantee grades of all functions of the airborne equipment according to the distribution result, and forming an equipment function development guarantee grade distribution list.
2. The on-board equipment development assurance level distribution method of claim 1, wherein the equipment function development assurance levels a, B, C, D, E are defined by SAE ARP4754A civil aircraft and systems development guidelines.
3. The on-board equipment development assurance grade distribution method of claim 1, wherein the functional failure of the aircraft includes a catastrophic failure state, a dangerous failure state.
4. The on-board equipment development assurance grade distribution method as claimed in claim 1, characterized in that the functional failure of the equipment is associated with the failure of the top-level function of the airplane, and the development assurance grade of the on-board equipment function is judged step by the choice of the functional redundancy and the equipment backup condition.
5. The on-board unit development assurance grade distribution method of claim 1, wherein the method is a bottom-up distribution.
6. The on-board unit development assurance level assignment method of claim 1, wherein the method is adapted for level determination of hazardous conditions resulting from aircraft functional failure.
CN201811311142.4A 2018-11-05 2018-11-05 Method for guaranteeing grade distribution in development of airborne equipment Active CN109543251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811311142.4A CN109543251B (en) 2018-11-05 2018-11-05 Method for guaranteeing grade distribution in development of airborne equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811311142.4A CN109543251B (en) 2018-11-05 2018-11-05 Method for guaranteeing grade distribution in development of airborne equipment

Publications (2)

Publication Number Publication Date
CN109543251A CN109543251A (en) 2019-03-29
CN109543251B true CN109543251B (en) 2023-03-24

Family

ID=65844666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811311142.4A Active CN109543251B (en) 2018-11-05 2018-11-05 Method for guaranteeing grade distribution in development of airborne equipment

Country Status (1)

Country Link
CN (1) CN109543251B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111639871A (en) * 2020-06-04 2020-09-08 中国航空综合技术研究所 Civil aircraft reliability test assessment method

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3279004B2 (en) * 1993-10-15 2002-04-30 株式会社日立製作所 Redundant resource management method and distributed fault tolerant computer system using the same
JP4018548B2 (en) * 2003-01-08 2007-12-05 株式会社東芝 Navigation support apparatus, aircraft equipped with this navigation support apparatus, and navigation support method
JP5002336B2 (en) * 2007-05-31 2012-08-15 株式会社東芝 Data recording apparatus, data recording method, and program for data recording
US8560376B2 (en) * 2007-05-31 2013-10-15 Airbus Operations S.A.S. Method, system, and computer program product for a maintenance optimization model
JP5369774B2 (en) * 2009-03-10 2013-12-18 トヨタ自動車株式会社 Aircraft risk assessment device
CN101527011B (en) * 2009-03-27 2011-08-31 西安交通大学 Method and device for automatically guiding recovery processing flow in real-time
DE102010056232B4 (en) * 2010-12-24 2022-10-20 Volkswagen Ag Method for storing diagnostic data for a vehicle control unit and corresponding device
CN103853622A (en) * 2012-11-28 2014-06-11 中国航空工业集团公司第六三一研究所 Control method of dual redundancies capable of being backed up mutually
CN103699698B (en) * 2014-01-16 2017-03-29 北京泰乐德信息技术有限公司 A kind of being based on improves Bayesian rail transit fault identification method and system
CN105718336A (en) * 2014-11-30 2016-06-29 上海航空电器有限公司 Dual-redundancy dispatching control system for aircraft alarm computer
CN105550757B (en) * 2015-12-25 2020-01-17 中国铁路总公司 Motor train unit maintenance decision method and device based on fault statistical analysis
CN106201981B (en) * 2016-06-24 2018-12-28 北京临近空间飞艇技术开发有限公司 A kind of near space ship load computer multi-CPU system self-adapting reconstruction method
CN206115261U (en) * 2016-08-17 2017-04-19 中国航空工业集团公司西安飞行自动控制研究所 Trying on clothes from dynamic testing of flight control is put
CN107491818A (en) * 2017-08-02 2017-12-19 中国航空工业集团公司西安飞机设计研究所 A kind of fast evaluation method of operational aircraft war wound grade

Also Published As

Publication number Publication date
CN109543251A (en) 2019-03-29

Similar Documents

Publication Publication Date Title
US20100100259A1 (en) Fault diagnosis device and method for optimizing maintenance measures in technical systems
Bieber et al. DALculus–theory and tool for development assurance level allocation
CN109543251B (en) Method for guaranteeing grade distribution in development of airborne equipment
US20040153864A1 (en) Device for aiding the locating of failure of a complex system
US8219276B2 (en) Method and device for aiding the maintenance of a system
CN109522718A (en) FADEC software security analysis method and device
CN110175359B (en) Method and device for modeling security of complex system based on business process
CN108122061A (en) Aircraft equipment software reusage degree stage division based on Danger Indexes index matrix
US8831901B2 (en) Methods systems and apparatus for ranking tests used to identify faults in a system
Cotter Structural analysis of Hfacs in unmanned and manned air vehicles
US7287195B1 (en) Method and system for maintenance of a vehicle
Hasson et al. Boeing's safety assessment processes for commercial airplane designs
EP3206126A1 (en) Top-event assessment apparatus
CN114118790A (en) Security analysis method and system based on SysML civil communication navigation system
WO2015075812A1 (en) Failure restoration plan drafting device, failure restoration plan drafting system, and failure restoration plan drafting method
Spiridonov et al. Design testability analysis of avionic systems
Kobayashi et al. The effectiveness of D-Case application knowledge on a safety process
Ye et al. Contract-based justification for COTS component within safety-critical applications
RU2731740C1 (en) Method of automotive equipment operation
Sun et al. A Safety Analysis Method of Airborne Software Based on ARP4761
Rong et al. Incorporating Model Based Safety Design into Development Process of Civil Aircraft Systems
de Matos et al. Using design patterns for safety assessment of integrated modular avionics
Yulasmana FTA and Markov Analysis Comparison Applied to N219 Aircraft Hydraulic System based on Fail to Generate Hydraulic Power
Xiao et al. Comparative study on the safety assessment technology between civil airborne system and railway signal system
Song et al. Research on Application of Design Assurance for Aviation Hardware Based on DO-254

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant