An Application of Relational Algebra: Specification of a Fault Tolerant Flight Control System

This paper discusses a case study where we use relations to represent the requirements of a fault tolerant flight control system. This task is part of a larger research project, carried out on behalf of Dryden Flight Research Center, whose purpose is to investigate the certification of an adaptive flight control system that is fault tolerant with respect to sensor faults. We find that relations offer a versatile tool to formulate requirements, and that they provide a sound basis for building computer supported oracles for the certification phase. 1 Analytical Redundancy: A Basis for Fault Tolerance Design and certification of complex, safe-critical systems call for a disciplined development process and rigorous tools in order to contain the consequences of component failures. The formal specification of the system requirements plays a crucial role within this process. In this paper we present some results of a study aiming at the development of formal specification for an Analytical Redundancy based Fault Tolerant Flight Control System (AR-FTFCS). The sample aircraft we used for the study is the De Havilland DHC-2, a general aviation, single engine aircraft. Analytical Redundancy (AR) [5] is an alternative approach to physical redundancy to make provision for Fault Tolerance (FT). AR-FTFCS’s exploit the correlation among sensors and the coupling among control surface actions to provide alternative means of controlling the aircraft. This study is part of a larger project, carried out for NASA’s Dryden Flight Research Center, whose purpose is the certification of an adaptive fault tolerant flight control system. 1 Email: [email protected] 2 Email: [email protected] c ©2003 Published by Elsevier Science B. V. 94