Você está na página 1de 12

CEAS Aeronaut J

DOI 10.1007/s13272-015-0156-1

ORIGINAL PAPER

A systems architecting framework for optimal distributed


integrated modular avionics architectures
B. Annighöfer1 • F. Thielecke1

Received: 5 December 2014 / Revised: 24 April 2015 / Accepted: 5 May 2015


 Deutsches Zentrum für Luft- und Raumfahrt e.V. 2015

Abstract This work presents a novel holistic framework aircraft system functions in an A320-like scenario. Results
for Distributed Integrated Modular Avionics (DIMA) ar- show significant optimization potential of generated ar-
chitecture design and optimization. Integrated Modular chitectures compared to a manually designed one. The
Avionics (IMA) are a standardization of avionics compo- resulting architectures are analyzed and compared in per-
nents. IMA is beneficial in weight and costs if the com- formance and structure in detail.
plexity of sizing, function allocation, and topology
selection is mastered. In preceding publications, stand- Keywords IMA  Avionics  Optimization 
alone models and optimization algorithms were developed, Architecture  Pareto  Model-based
which significantly support different aspects of DIMA ar-
chitecture design. This article extends, integrates, and
compares all methods in a holistic framework, which en- 1 Introduction
ables model and algorithm-aided design of avionics ar-
chitectures. Domain-specific modeling of systems Integrated Modular Avionics (IMA) are state-of-the art
software, hardware, and aircraft anatomy enables auto- avionics systems of recent aircraft. An IMA system consists
mated verification and early evaluation of architectures. of standardized hardware for computing and I/O, as well as a
Moreover, the model is the foundation for a flexible kit of common high-bandwidth network. The resources of the
eight optimization routines. For design issues in which hardware are shared in a safe manner between hosted aircraft
humans likely lose the overview optimization routines are system functions, i.e., IMA is a single avionics system for
proposed. The degree of freedom in optimization ranges multiple avionics functions. Its purpose is defined by func-
from function mapping over routing to a complete archi- tion allocation and configuration [1]. The shared utilization
tecture generation. Routines for platform selection, net- of fewer devices and fewer device types make IMA systems
work, and topology optimization are unique and unrivaled superior in weight and costs compared to traditional avionics
today. All optimization problems are solved globally op- systems [2]. The second generations of IMA platforms, the
timal and a multi-objective solving algorithm calculates the so-called Distributed IMA (DIMA), increase the saving
best trade-off architectures for contradicting objectives, the potential by the separation of computing and I/O and by
Pareto optimum. All optimization routines are extensively spatially distributed IMA device installations [3].
tested by designing the optimal DIMA architecture for The main challenge in developing DIMA avionics sys-
tems, called DIMA architectures, is the complexity re-
This paper is based on a presentation at the German Aerospace
sulting from shared resources and spatial distribution [4, 5].
Congress, September 16–18, 2014, Augsburg, Germany. Currently CPUs, memory, and I/O are shared by ap-
proximately 1000 individual functions and peripheral
& B. Annighöfer components such as sensors and actuators. Current archi-
bjoern.annighoefer@tuhh.de
tectures comprise round about 50 DIMA modules, and up
1
Hamburg University of Technology / SYSTAR Innovation, to 1000 installation locations exist for modules and pe-
Nesspriel 5, 21129 Hamburg, Germany ripherals. Bringing systems, hardware, and anatomy

123
B. Annighöfer, F. Thielecke

addition, methods for architecture optimization from the


different domains are streamlined, and based on a mathe-
matical foundation that allows globally optimal and multi-
objective optimization. Moreover, completely novel ap-
proaches for device sizing, topology generation, and
complete architecture generation are presented. Most im-
portant, model and optimization are integrated in a seam-
less flexible framework.
This paper is structured as follows.
Chapter 2 presents a domain-specific model for DIMA
Fig. 1 The main design challenge of modern avionics architectures and requirements that allows a formal and
rigid representation of architecture data. The model
together, as visualized in Fig. 1, is the main design chal-
covers systems, hardware, anatomy, and mapping.
lenge in planning DIMA systems. Moreover, since the
In Chapter 3 a holistic set of optimization routines for
number of hosted functions and capabilities of electronic
DIMA design issues is presented. A general description
devices rises continuously [6], the number of possible ar-
of the routines, as well as the fundamental mathematical
chitecture variants explodes. Moreover, systems have
solution approach is given.
safety and performance requirements and the importance of
Chapter 4 demonstrates modeling and optimization. Four
complex contradicting economic design objectives rises.
aircraft systems from the air domain are modeled and
Today DIMA architectures have reached a number of ob-
optimization routines are extensively applied. Resulting
jects, relations, requirements, and objectives that make
improvements and architectures are analyzed.
engineers struggle with finding a valid and, especially, with
Chapter 5 includes the discussion and the concluding
finding the optimal architecture. A straight and target-ori-
remarks are given in chapter 6.
ented systems engineering, alias systems architecting [7], is
hardly possible by hand. The manual design process is an
iterative trial and error procedure. At the end of the design
process, the correctness of the architecture is assured, but 2 Avionics architecture model
the optimality is unknown. This situation could be im-
proved by computer-aided design methods. The baseline of the avionics architecting framework is a
Computer-aided design of IMA architectures is an active domain-specific model especially designed for planning
research area. Research is mainly divided in modeling, avionics architectures. Planning DIMA architectures is a
function allocation, and signal routing. Approaches for highly concurrent process [1]. The actual architecture is
modeling IMA architectures with the goal of simulation developed by the avionics design engineer. The planning,
and verification can be found in [8–12]. Most often these however, strongly depends on the functions to be hosted,
approaches are based on AADL [13] or SysML [14]. Both the peripherals to be connected, the available hardware,
seem not rigid and complete enough for holistic algorith- and the aircraft anatomy. Functions, DIMA hardware, and
mic aid. The optimal distribution of functions is a tradi- aircraft anatomy are developed in parallel. It is, therefore,
tional challenge in computer science. Approaches for IMA of major importance to decouple the system, hardware, and
can be found in [15–19]. These approaches range from structure domain as good as possible. Nevertheless, one of
function distribution to redundancy allocation. An inte- the main challenges is to bring software, hardware, and
gration of different optimization routines and a comparison anatomy together optimally. Moreover, in the early design
of their degree of freedom and the outputs have not been stages, requirements can quickly be changed and several
carried out so far. Moreover, the size for which methods architecture variants must be compared. Besides avionics
are demonstrated is typically only around 20 functions. The architectures, therefore, the system requirements that are
last major topic is the assignment of signals to a common driving for an architecture must be represented. The
bus system. This is most commonly done for AFDX as for modeling of those requirements must be rigid enough to
instance in [20–24]. The relation between function allo- enable automatic verifications. Moreover, the attributes
cation and network allocation is not considered, and the shall be modeled that allow early evaluations of architec-
demonstration scopes are again small. tures and variants with respect to mass or costs.
The framework presented supports the DIMA design The model developed is a static model of systems,
process with model-based engineering and mathematical hardware, and installations. Static means a time-invariant
optimization. Therefore, it presents a novel domain-speci- representation of functions, signals, and resource sharing.
fic model especially for planning avionics architectures. In The top-level structure of the model is depicted in Fig. 2.

123
A systems architecting framework for optimal distributed integrated modular avionics architectures

Fig. 2 Class diagram of the main layers of the avionics architectures


model

The main three layers are systems, hardware, and instal-


lation. Those are almost independent. However, all the
three layers are built upon the same components from a
definitions layer, e.g,. resource or device types. The op- Fig. 3 Model example for a system
erational avionics architecture is contained in a mapping
layer. It integrates elements from systems, hardware, and sends back a passivation signal to the controller. Therefore,
software models. Several different mappings might exist. it is necessary to enforce Controller and Monitor to dif-
Therewith high reuse of model elements and an easy ferent devices with a segregation constraint. Both tasks and
comparison of architecture variants are enabled. A scenario signals can be seen here as periodic entities.
layer includes parameters for evaluation. Both tasks and signals specify required resources. A re-
The concept and content of the systems, hardware, in- source is a countable quantity that has to be provided by the
stallation, and mapping layer, are described in detail in the hosting hardware. The task or signal specifies how much of
following section. a certain resource type is consumed upon hosting. Examples
for resources are CPU power in MIPS, memory in MB,
2.1 Systems bandwidth in Mbps, the number of analog interfaces, or the
number of CAN busses. This simple resource model allows
The main driver for an avionics architecture is the aircraft a major verification. After systems are assigned to hard-
systems to be hosted. When considering DIMA, the main ware, the resources on none of the devices must be ex-
components of systems are software functions, sensors, and ceeded. However, resources are not sufficient to express
actuators. In addition, functions and peripherals exchange operational, safety, and performance needs of systems.
data. The system functions, I/Os to connect peripherals, Therefore, eight general additional constraints have been
and the communication backbone must be provided by identified sufficient to characterize all function needs.
DIMA hardware. Therefore, systems are modeled as a set • Peripheral constraints connect functions to peripherals.
of tasks that exchange signals. During mapping, it must be ensured that the function
An example is given in Fig. 3. It represents a minimum requiring the peripheral is physically connected to the
pressure control function. The two main tasks are Con- peripheral. This requires an I/O interface, as well as
troller and Monitor. The Controller controls two valves wiring. The latter induces weight and cost
based on the information of a pressure sensor. It interacts • Device constraints limit the possible mapping of a
with the peripherals via three I/O tasks, which are function to a set of devices. Alternatively, a set of
physically connected to the peripherals and have a logical devices can be excluded for the function, although
signal-based communication to the Controller. Signals resources might be available
carry information on the current pressure and desired valve • Installation locations constraints prohibit or force
positions. The Monitor receives the same pressure signal as certain locations for functions, i.e., the device hosting
the Controller and also the controller outputs. It internally the function must or must not be in one of the specified
calculated the valve positions and compares it with the locations. For instance, the rotor burst area can be
Controller outputs. In case the abnormalities are detected, it excluded for a function

123
B. Annighöfer, F. Thielecke

• Power supply constraints specify the power supply that


a device must, or must not have if a function is mapped
on the device. For instance, safety critical functions
may only be mapped on devices connected to the
emergency power bus
• Segregation constraints prohibit two or more functions
on the same hardware. This is a very common
constraint for redundant lanes of a system
• Location segregation constraints prohibit not only the
same device, but also all devices in the same location
for the mapping of two functions. This incorporates
spatial safety considerations
• Dissimilarity constraints are applied to functions that
for redundancy reasons must be mapped to different
device types
• Latency constraints can be applied to a series of
functions and signals that form a time-critical path. It is
assumed that this chain is executed periodically, and
that each execution must be faster than the specified
maximum execution time when mapped to hardware.
Therefore, the execution and transmission times for
signals and tasks on different hardware types must be Fig. 4 Resource sharing and capabilities model
known in terms of Worst-Case-Execution-Time
(WCET).
It shows the resources available on the device and link
2.2 Hardware types, as well as the resources consumed if mapping a
Controller, Monitor, Pressure or Valve task, or a Float or
The execution platform for system functions is the DIMA Boolean signals.
hardware. This is modeled in the hardware layer. Hardware
is basically expressed by general devices and links. It is
independent of a certain technology. Each device is an 2.3 Installation
instance of a device type. Device types are stored in the
definitions layer. The device type specifies physical char- The aircraft structure or anatomy is the container for
acteristics such as weight, dimensions, or reliability. avionics. Installation space and infrastructure like fixa-
Moreover, the device type specifies the resources available tion, cooling, and power are required. The available
for task hosting. Basically, the number and type of avail- installation structure is modeled in the installation layer.
able resources is specified. Since resource provision can be Spaces for devices are installation locations. Locations
ambiguous, the resource model is extended by capabilities. provide infrastructure resources like A600 slots, volume,
For instance, for I/Os with lightning protection or current or cooling capacity. Device types define the numbers of
levels, a minimum requirement exists, but all I/Os with resources required. In a valid architecture, the resources
higher levels might be used as alternatives. Each device of locations shall not be exceeded by the infrastructure
type can have multiple capabilities. Each capability defines resources required by the installed devices. Links and
the exact resources a task would consume if mapped to this peripheral wires can be inside a location. Connections
device type. There can be multiple capabilities for the same between installation locations are modeled with cable
type with different resource consumptions on the same routes and joints. A cable route is a point-to-point
device type. Links are point-to-point communications be- connection with a fixed length. Cable routes may be
tween devices. Links provide resources and capabilities split and merged at cable route joints. Routes and joints
like devices. If the communication is a switched network or form a topology of the installation anatomy. The lengths
a bus, the switch or bus is represented by an additional of cable routes can be correlated to 3D coordinates, but
device. An example of core processing modules (CPM), this is not necessary. An example of three installation
remote data concentrators (RDC), and an AFDX network is locations, their infrastructure resources, and connections
given in Fig. 4. is depicted in Fig. 5.

123
A systems architecting framework for optimal distributed integrated modular avionics architectures

Fig. 5 Modeling elements of the installation layer

2.4 Mapping

The avionics architecture is only operational if tasks are


mapped to devices, signals to links, devices to locations, and
links to cable routes. This is modeled in the mapping layer. In Fig. 6 Eclipse ECORE based implementation of the model
one mapping definition one systems layer, one hardware
layer, and one installation layer are linked. For each element elements to assign or the number of targets, or the number
of the referenced layers, a mapping object in the mapping of cross relations is large, e.g., the assignment of all tasks
layer exists. For instance, devices are represented by device to DIMA modules. For this, the resources and constraints
assignments and tasks by task assignments. These assign- of approximately 1000 tasks must be considered. A map-
ment objects are arranged hierarchically, i.e., a task assign- ping can be derived and verified manually. However, it is
ment is a child of a device assignment which is a child of a often unknown if the mapping is optimal in respect to
location assignment. Signal and wiring assignments are split complex design objectives as for instance maintenance
in several segments along their route. Each segment is as- costs. Moreover, design engineers face contradicting de-
signed to a link, device, or cable route. With this hierarchy, sign objectives, where the best trade-off must be found. To
the mapping directly presents the realization of a certain speed up assignment issues and to get improved and ver-
architecture. All verifications and evaluations are carried out ified, architectures are envisioned by optimization, auto-
on a mapping. Moreover, the same system, hardware, and mated generation of architecture parts, and architecture
installation elements can be referenced in multiple other auto-completion.
mappings to express alternatives. In addition, changes in the Eight optimization routines as depicted in Fig. 7 were
systems, hardware, and installation layers will directly pro- developed. The routines are organized in three levels of
pagate to all referencing mappings. automation, whereby the level of automation characterizes
the degree of interaction and the amount of input infor-
2.5 Avionics architect mation required from the human design engineer. A higher
level of automation requires less interaction and less input
The model described above is implemented in the avionics information. The amount of generated information in-
architect (AA). The avionics architect (Fig. 6) is a planning creases. Moreover, the level of automation is proportional
environment for avionics architectures. It supports modeling, with the degree of freedom in optimization. Routines of the
verification, evaluation, and comparison as described above. It
is an Eclipse-based implementation, using the formal data
modeling language ECORE for the architecture domain
model. The model is extended with a flexible verification and
evaluation framework. Both verification and evaluation can
be extended by arbitrary custom rules and objectives. Rules
and objectives are evaluated on-the-fly during modeling.

3 Optimization routines

During the design of avionics architectures, several design


issues appear, where the human can likely lose the over-
view. These are all assignment issues where the number of Fig. 7 Comprehensive set of eight architecture optimization routines

123
B. Annighöfer, F. Thielecke

first level are single assignments as known from the dis- of devices and tasks. An additional input is the number
tributed systems research, e.g., task assignment or signal of ports per switch. The results are switch and link
routing. They depend on each other. For instance, task instances placed in installation locations. Moreover, all
assignment depends on device assignment and vice versa. signals are routed while resource and segregation
Level two routines are combined device type or network constraints are hold.
optimizations, which leverage some level one dependency. • Topology optimization combines device type and
The full potential for optimization has level three with network optimization. Since the only inputs are tasks,
combined device and network optimization. All routines signals, device types, and the anatomy, it is almost
can be applied to a single objective or calculate the multi- complete architecture generation. It finds the optimal
objective optimum in terms of the Pareto optimum. In number of devices and network topology, while
practice, the routines which match the process and avail- considering the trade-off between device and network
able data best are selected. In addition, the scope can be weight or costs.
chosen from single-system optimization to full or even
multiple aircraft optimizations. Each single routine has
been summarized below. This is, however, only a top-level 3.1 Algorithms and solving
summery. For details on mathematics see [25–29].
The eight optimization routines presented above are solved
• Device assignment finds the optimal installation loca- with the same mathematical foundation. All optimization
tions for a set of devices in a given anatomy. The routines are combinatorial optimization problems. A well-
devices are already assigned with functions. Optimized known mathematical representation and the most advanced
is, for instance, the minimum mass for peripheral globally optimal solving algorithms are used. All problems
wirings. are expressed as binary programs (BP) and are solved with
• Task assignment maps a set of tasks to devices installed the Branch-and-Cut approach. The difficulties are finding a
in an anatomy. The mapping considers all resource and suitable BP formulation for each DIMA design problem
segregation constraints. Task assignment can, for and making the right simplifications such that architectures
instance, minimize the device mass by using less above 100 elements can be optimized.
devices or the peripheral wiring mass. The general form of a binary program (BP) is to find a
• Peripheral wire assignment assumes an architecture binary solution vector x such that
with tasks and peripheral already assigned to locations.
It finds the optimal, shortest, routes for peripheral f Tx
wires. If the related tasks need to be segregated, routes is minimized subject to
are also segregated.
• Link assignment finds the cable routes for links from Ax  b
the hardware layer if devices are already assigned. If Aeq x ¼ beq
signals are assigned to links, spatial segregations are
x 2 f0; 1gn :
also respected.
• Signal assignment calculates the optimal routes for x encodes—depending on the optimization routine—either
signals if tasks, devices, and links are already assigned. task assignment possibilities, signal routes, or topologies
While respecting bandwidth limitations and segrega- and so on. For instance, in the solution vector for tasks
tions, signal assignment, can, for instance, minimize the assignment, a variable xi in the solution vector x represents
number of necessary links and switches. a unique assignment possibility, i.e., there is an xi for each
• Device type optimization derives the optimal number of capability on each device for each task.
devices, the allocation of tasks, and the device sizings
T1 T1 T1 T1 T1 T2 ... TN T
in parallel. Its inputs are a set of device types, system
C1 C1 C1 C2 ... ... ... CNC
tasks, and the anatomy. The resources per device types
D1 D2 . . . D1 ... ... ... DND
are not specified, but the possible types and an upper
x ¼ ðx1 x2 ... ... ... ... ... xN x Þ
limit is given. According to the infrastructure resources,
the algorithm decides how many instances of which N is the total number of elements of tasks T, capa-
device type are used in which location and how tasks bilities C, and devices D. Details on the other problem
are distributed. The objectives can not only be device formulations can be found in [30].
and wiring mass, but also costs The cost vector f allows quasi-linear objectives.
• Network optimization finds the optimal number of links ‘‘Quasi’’ means that by introducing auxiliary variables,
and switches for a given set of signals and the locations certain nonlinearities can be considered. The objectives

123
A systems architecting framework for optimal distributed integrated modular avionics architectures

Fig. 8 Pareto optimum for two minimum objectives


Fig. 9 Pareto-front-sampling example

section in the next chapter gives examples of what kind of


objectives can be expressed. Linear inequalities A and combinatorial solvers. Solving can be sped up by artifi-
equalities Aeq express consistency, resource, segregation, cially increasing the minimum stepping between two
or uniqueness constraints. The most advanced globally solutions.
optimal approach to solve BPs is Mixed-Integer-Linear-
Program (MILP) solvers based on Branch-and-Cut. Alter- 3.2 Avionics architecting toolbox
natively, Boolean Satisfiability (SAT) solvers might be used.
When considering multiple at least partially contradicting The eight optimization routines are implemented in the
objectives, a multi-objective extension must be made. In- Avionics Architecting Toolbox (AAT) which is based on
stead of calculating a single optimum, it is proposed to cal- MATLAB. Information for optimization is retrieved by
culate the set of Pareto-optimal solutions. As depicted in reading the domain-specific model of the AA. From the
Fig. 8, Pareto optimal solutions are the best trade-off solu- model, all relevant information for the selected optimization
tions for the given objectives, i.e., those candidates from is retrieved and converted into the matrix representation of
which the design engineer would chose his final favorite. the BP. In addition, pre-calculations are carried out. Matrices
Formally speaking, Pareto optimal or efficient solutions are are provided either to off-the-shelf MILP solvers or a PFS
not dominated. Domination means there is no architecture implementation. Multi-objective optimization is optionally
that is more optimal in all objectives. supported by a live feedback as shown in Fig. 10. The in-
The presented combinatorial optimization approach is terface to MILP solvers is generic. The interfaces imple-
extended for an arbitrary number of linear cost functions by mented are, for instance, CPLEX or GUROBI connectors.
surrounding it with an adapted version of the Pareto-Front- After optimization, the results are automatically converted
Sampling (PFS) algorithm from [31]. As depicted in Fig. 9, into model elements and stored in the architecture model.
PFS is an iterative algorithm. In each iteration, a single
objective BP is solved. The solution is one point of the
Pareto optimum. Between iterations, variable artificial 4 Optimization studies
bounds on the objectives are applied, such that the
boundary of the solution space is sampled point by point. Modeling and optimization are demonstrated using an
Although multi-objective optimization with PFS needs as A320-like scenario. The challenge is to find optimal DIMA
much iterations as Pareto optima exists, it enables to stay architectures for four aircraft systems from the air domain.
with the existing globally optimal combinatorial solvers at Six of the eight optimization routines which produce
the lowest level. Branch-and-cut algorithms supported by comparable results are applied to common input data.
solution polishing heuristics are used as single objective These are

123
B. Annighöfer, F. Thielecke

depend on the MTBF, the MEL level, and the individual


device costs.
Details on the four objectives and their calculation can
be found in [32] and [27].

4.2 Scenario

For demonstration, the tasks of the four aircraft systems, a


ventilation control (VCS), a bleed-air (BAS), a pneumatic
(PS), and an overheat detection system (OHDS) are mod-
eled as shown in Fig. 11. The VCS manages the cabin air
pressure with sensors, mixers, and valves. The air required
comes from engines. The flow, temperature, and pressure
are controlled by the BAS. The air distribution is controlled
Fig. 10 User interface to control the solving process and the results
of multi-objective optimizations by the PS with orifices and cross valves. The OHDS has
distributed temperature sensors along the air generation
• device assignment, and distribution network collected by a non-IMA controller
• task assignment, (1). In case of overheat, the OHDS can passivate the PS.
• signal assignment Each system is composed of two redundant controller task
• device type optimization, (C) and peripheral tasks (1–9). The controller tasks com-
• network optimization, and prise each system’s functionality. The peripheral tasks
• topology optimization. provide the transition from physical I/Os of the system
peripherals to the controller tasks. The direction of the
Link and peripheral wire routing routines are not in- arrows symbolizes if either sensor data are retrieved from
cluded in the comparison because optimal wire routes are the peripheral task and transmitted to the controller or if the
inherent in the output of any of the other routines. The controller sends commands to an actuator. Each controller
results are compared with a manual design. task, peripheral task, and peripheral exists twice for re-
dundancy reasons. The only commonly used peripheral is
4.1 Objectives the Aircraft Data Information System (ADIS) which col-
lects the status of all systems. The tasks of two redun-
The objectives considered are mass, ship-set-costs, op- dancies must be segregated and OHDS and PS must be
erational interruption costs, and initial provisioning costs. dissimilar. In total, 58 tasks and 54 signals need to be
Mass is the cumulative mass of all DIMA devices, pe- mapped. The MEL level of the VCS and OHDS is NOGO.
ripheral wires, and the network. The BAS has GOIF and the PS is a GO system. MEL level
Ship-set-costs (SSC) are the costs for all devices and and segregation is inherited to signals.
wires. SSC can also include credit, installation, and fixation The anatomy and the position of system peripherals are
costs. It is similar to mass. The major difference is that the given in Fig. 12. The dimensions are similar to an A320-
gap between device costs and wiring costs are bigger than 200. For DIMA devices on actively cooled avionics bay
for mass. and six remote locations in the nose, middle, and tail exist.
Operational interruption costs (OIC) are costs spent by Cable routes connect locations and peripheral positions.
the airline per annum for flight delays or cancelation
caused by the avionics system. It depends on the mean-
time-between-failure (MTBF) of devices, the MELlevel of
the failed functions, as well as the accessibility of the lo-
cation. The MEL level is defined roughly as
• GO for no costs,
• GOIF for low countermeasure costs, and
• NOGO for high repair costs.
Moreover, airline parameters such as spare part avail-
ability, fleet size, usage, and prices are considered.
Initial provisioning costs (IPC) must be spent for spare
parts before an airline can operate a new aircraft type. IPC Fig. 11 Systems and signals to be mapped

123
A systems architecting framework for optimal distributed integrated modular avionics architectures

Fig. 12 Installation locations and cable routes for the optimization


studies. Access times are given in minutes
Fig. 13 Manual task mapping

For each installation location, the access time for repair is


known.
The avionics hardware shall be selected from a platform
similar to the A350. Core Computing Modules (CPM) can
host up to three controller tasks and need active cooling.
Remote Data Concentrators (RDC) connect peripherals to
the AFDX network and can be installed in any installation
location. Owing to the dissimilarity constraint, two types of
RDC and CPM are needed. Each device is assigned with a
mass, cost, MTBF, and resource limit reasonable for the
selected aircraft systems. For hosting the systems, ten I/O
types are needed. For each I/O type, the space requirements
in the device, as well as the potential bundle sizes, are Fig. 14 Manually derived network topology
known. The network shall be composed of AFDX switches
with five ports and AFDX links.
As a reference, a task mapping (Fig. 13) and network
topology (Fig. 14) were derived manually in all con-
science. The architecture is a left–right symmetric utiliza-
tion of four CPMs and ten RDCs. The design drivers were
short peripheral wires to RDCs and segregation. Wire mass
and SSC should be minimal. OIC and IPC could not be
optimized manually. The network topology requires eight
switches and four redundant routes. In summary, the
manual architecture evaluates to 35.6 kg in mass, 203 k$
SSC, 2451 $/a OIC, and 768 $/aircraft IPC.

4.3 Results

In total, six optimizations were carried out. One Pareto


frontier for each of the six optimization routines selected
for comparison was calculated. The resulting six Pareto
frontiers comprise 32 valid architectures. For all architec-
tures, the four objectives were calculated. Figure 15 gives Fig. 15 Pareto optimal architectures for all optimization routines
the comparison of the optimization results and the manual
design (M) in four quadrants. It is visible that 80 % of the mass, 73 k$ (36 %) in SSC, 1850 $/a (75 %) in OIC, and
solutions dominate the manual design. It can be stated that 415 $/aircraft (54 %) in IPC. All minima are achieved for
the higher the level of automation, the higher the im- topology optimization. The minima cannot be achieved in
provement. The maximum decrease is 11.3 kg (30 %) in the same solution. Mass and OIC are clearly contradicting,

123
B. Annighöfer, F. Thielecke

Table 1 Number of solutions and calculation time for each opti- two additional GO RDC with no OIC. Because the removal
mization routine of one device and the smart shifting of tasks, mass and SSC
Routine # Solutions Time are lower than in the manual mapping, although the re-
sources per device type are the same than in the manual
Signal assignment 1 10 ms
design.
Device assignment 3 5s Results of device type optimization are up to 10 %
Task assignment 6 10 m lighter than the reference architecture. Figure 17 shows the
Network optimization 5 4h Pareto optimal solution with the lowest mass and SSC.
Device type opt. 13 45 m Obviously the decrease is made by having only six RDCs
Topology optimizationa 4 48 h compared to the ten in the manual design. By resizing the
a
Only single objective optima with 20 % uncertainty were calculated number and types of resources per device type, it is pos-
sible to increase the usage rate of RDCs from 75 to 95 %.
while Mass and SSC, as well as OIC and IPC, share some The increase in cable weight is more than compensated.
minima. Moreover, the trade-off space is not linear, but the Interestingly, no CPMs can be removed because segrega-
relative decrease in OIC and IPC is higher than the related tions are the dominating driver. By removing four RDCs,
decrease in mass/SSC. Moreover, this trade-off has some OIC and IPC are decreased.
knee-points. Optimizations including the network show a From topology optimization, only the four extreme so-
more equal distribution between mass/SSC and OIC/IPC. lutions could be determined because of extremely high
The runtimes for optimization ranged from below one runtime. Figures 18 and 19 show the mapping and network
minute for signal and device assignment to 10 and 45 min topology of the solutions with the overall lowest mass. The
for task and device type optimization up to 4 and 48 h for decrease of additional 12 kg in mass shows the major
network and topology optimization on a 3 GHz desktop
computer. For the latter only four points of the Pareto
optimum could be determined. Runtimes, therefore,
strongly correlate with the achieved improvements.
Table 1 lists the number of solutions and calculation time
of the six optimizations.
For a better understanding, three extreme solutions (1–3)
are analyzed in detail. In the following section, the archi-
tectures for the OIC-optimal task assignment, the lightest
device type optimization, and the mass-optimal topology
optimization are given.
The architecture with the lowest OIC in the Pareto op-
timum of task assignment is depicted in Fig. 16. Compared
to the manual solution, one RDC has been removed low-
ering the OIC. In addition, tasks with high MEL levels are
Fig. 17 Solution 2—device type optimization minimum mass
grouped on two nose and two middle RDC. This creates

Fig. 16 Solution 1—task assignment with minimum OIC Fig. 18 Solution 3—topology optimization minimum mass

123
A systems architecting framework for optimal distributed integrated modular avionics architectures

In this tandem, the proposed method works also on aircraft


level-sized architectures. Not only can it help discover
improved architectures, but it shows up new architecture
variants and insights into objective relations. Moreover, the
globally optimal approach enables formal justification of
architectures even if found manually. The flexibility in
scope, objectives, and level of automation allows an
adaptation of optimization to architecture sizes and specific
designer’s needs. This requires, however, an understanding
of the designer of optimization routines. This, in addition,
increases the trust in solutions.
Fig. 19 Solution 3—topology optimization minimum mass

6 Conclusion
influence of network mass and the correlation of task
placement and network links. Looking at the mapping in In avionics systems based on the DIMA concept, stan-
Fig. 18, it shows that the same number of device is used as dardized avionics modules and network are shared by
in device type optimization. The device positions and the safety critical system functions. Current architectures host
task allocation are, however, slightly different. Most im- approximately 1000 functions, which cause non-optimal
portantly, one RDC is moved from the tail to the middle. manual selections, sizings, and allocations of DIMA ar-
This saves long links and makes it lucrative to only have chitectures. To support design engineers, a model and al-
four switches in the avionics bay instead of eight in the gorithm-aided systems architecting framework for avionics
manual design. Although the mapping and network is architectures is proposed. The framework comprises a do-
asymmetric, the assignment of systems is left–right sym- main-specific model and optimization routines, both
metric. This was not the case for device type optimization seamlessly integrated. An architecture model especially for
and task assignment. Left–right symmetry seems beneficial planning enables the independent modeling of systems,
when targeting smaller networks, which is reasonable since hardware, and anatomy, which can be combined to multi-
it eases signal segregation. ple architecture variants. Information is rigid enough for
early verification, evaluation, and optimization. A set of
eight flexible optimization routines is presented, that au-
5 Discussion tomates design tasks ranging from function allocation,
module selection, and network definition to complete
Analyzing the results from the optimization studies, it can topology generation. The latter are unique in the IMA
be stated that the scenario bears high optimization poten- scope. Routines can be chosen from three levels of au-
tials in all objectives, which were not visible manually. It tomation and are free in their input scope and objectives.
shows that these improvements are especially high if The stable and efficient foundations for solving the opti-
complex and non-traditional objectives as OIC and IPC are mization problems are Binary programs and best-effort
considered. Moreover, architectures looking asymmetric or MILP solvers. Moreover, a multi-objective solver exten-
odd on the first glimpse might be optimal, but would never sion is provided that retrieves Pareto optimal architecture
be chosen manually. The assumption that DIMA design sets. Model and optimization are implemented in the
issues are dependent and that higher degree of freedom in Avionics Architect and its Toolbox. The application of six
optimization increases the room for improvements is of the optimization routines to an A320-like example of
proven. four aircraft systems reveals optimization potentials up to
The runtime was acceptable for level one and level two 75 % compared to manual design. It showed up the best
routines. For topology optimization, this small excerpt of a possible trade-offs for mass, SSC, OIC, and IPC. More-
complete aircraft hits already the computational feasibility over, the resulting architectures showed how mass or cost
limit. The latter can be weakened by restricting the solu- improvements affect the architecture. Overall, the opti-
tions space. See [29] for a successful optimization of an mization potential increases with the degree of freedom in
A380-like network. However, it is visible that for bigger optimization, which is proportional to the level of au-
architectures, such complete and unbounded optimization tomation. However, solving time increases exponentially.
studies are maybe not feasible. Therefore, the framework Nevertheless, if the solution space is manually bounded
especially optimization cannot be a replacement for the and objectives are wisely chosen, optimizations can be
design engineer, but a valuable helper and sparring partner. applied on full-scaled avionics architectures, leading to

123
B. Annighöfer, F. Thielecke

results, insights, and design justifications, hardly achieved 14. Object Modeling Group. Omg Systems Modeling Language
manually. (OMG SysML). http://www.omg.org/spec/SysML/1.3/, June
2012
15. Sagaspe, L., Bel, G., Bieber, P., Boniol, F., Castel, C.: Safe allocation
6.1 Outlook of avionics shared resources. In: IEEE International Symposium on
High-Assurance Systems Engineering, pp. 25–33 (2005)
Commercial applications showed that up to the second 16. Sagaspe, L., Bieber, P.: Constraint-based design and allocation of
shared avionics resources. In: 26th AIAA-IEEE Digital Avionics
level of automation routines can successfully be applied to Systems Conference, Dallas (2007)
the full system set of aircrafts of A380 dimensions. How- 17. Bieber, P., Bodeveix, J.P., Castel, C., Doose, D., Filali, M.,
ever, this requires a manual restriction of the search space Minot, F., Pralet, C.: Constraint-based design of avionics plat-
and the restriction of the number of objectives optimized in form—preliminary design exploration. In: 4th European Con-
gress ERTS Embedded Real Time Software (2008)
parallel. Achieving full-scale optimizations on large air- 18. Al Sheikh, A., Brun, O., Hladik, P-E.: Decision support for task
crafts or even complete aircraft families is a major aim for mapping on IMA architecture. Junior Researcher Workshop on
future works. This requires improvements in problem for- Real-Time Computing (JR-WRTC2009), pp. 31–34, Oct 2009
mulation and combinatorial optimization. The other aim is 19. Salomon, U.: Automatic design of IMA-based systems. Ph.D.
thesis, Faculty of Aerospace Engineering and Geodesy of the
to include redundancy and power distribution in architec- University of Stuttgart (2014)
ture optimization. 20. Shu, Z.: Communication infrastructure supporting real-time ap-
plications. Ph.D. thesis, Technische Universität Hamburg-Har-
burg (2008)
21. Charara, H., Scharbarg, J.-L., Ermont, J., Fraboul, C.: Methods
for bounding end-to-end delays on an AFDX network. In: 18th
References Euromicro Conference on Real-Time Systems (2006)
22. Sivanthi, T., Zhang, S., Killat, U.: A holistic framework for op-
1. Halle, M., Thielecke, F.: Konfigurationsmanagement für Inte- timal avionics system resource planning. In: AST 2007 Workshop
grierte Modulare Avionik. Deutscher Luft- und Raumfahrtkon- on Aircraft System Technologies, pp. 257–268 (2007)
gress, Hamburg (2010) 23. Carta, D.C., de Oliveira, J.M.P., Starr, R.R.: Allocation of
2. Prisaznuk, P.J.: Integrated modular avionics. Aerospace and avionics communication using boolean satisfiability. In: IEEE/
Electronics Conference, vol. 1, pp. 39–45, May 1992 AIAA 31st Digital Avionics Systems Conference (DASC),
3. Fuchsen, R.: Preparing the next generation of IMA: a new tech- pp. 6C1–1–6C1–12, Oct 2012
nology for the SCARLETT Program. Digital Avionics Systems 24. Al Sheikh, A., Brun, O., Chéramy, M., Hladik, P.-E.: Optimal
Conference, pp. 7.B.5–1 –7.B.5–8, Oct 2009 design of virtual links in AFDX networks. Real Time Syst 16,
4. Watkins, C.B.: Integrated modular avionics: managing the allo- 1–29 (2012)
cation of shared intersystem resources. 25th Digital Avionics 25. Annighöfer, B., Kleemann, E., Thielecke, F.: Model-based de-
Systems Conference, pp. 1–12, Oct 2006 velopment of integrated modular avionics architectures on air-
5. Butz, H.: Open integrated modular avionic (IMA): state of the art craft-level. In: Deutscher Luft- und Raumfahrtkongress, Bremen,
and future development road map at Airbus Deutschland. In: Sept 2011
Proceedings of the 1st International Workshop on Aircraft Sys- 26. Annighöfer, B., Thielecke, F.: Supporting the Design of
tem Technologies, pp. 211–222, Mar 2007 Distributed Integrated Modular Avionics Systems with Binary
6. Itier, J-B.: IMA1G—Genesis and results. Scarlett Moscow—1st Programming. Deutscher Luft- und Raumfahrtkongress, Berlin
Forum, Sept 2009 (2012)
7. Maier, M.W., Rechtin, E.: The Art of Systems Architecting. CRC 27. Annighöfer, B., Thielecke, F.: Multi-objective mapping opti-
Press, Boca Raton (2000) mization for distributed modular integrated avionics. In: 31st
8. Fraboul, C., Martin, F.: Modeling advanced modular avionics Digital Avionics System Conference, Williamsburg, VA, USA,
architectures for early real-time performance analysis. In: Pro- Oct 2012
ceedings of the Seventh Euromicro Workshop on Parallel and 28. Annighöfer, B., Kleemann, E., Thielecke, F.: Automated selec-
Distributed Processing, pp. 181–188 (1999) tion, sizing, and mapping of integrated modular avionics mod-
9. Forster, S., Fischer, M., Windisch, A., Balser, B., Monjau, D.: A ules. In: 32nd Digital Avionics System Conference, Syracuse,
new specification methodology for embedded systems based on NY, USA, Oct 2013
the p-calculus process algebra. Rapid Syst Prototyp 200, 26–32 29. Annighöfer, B., Reif, C., Thielecke, F.: Network topology opti-
(2003) mization for distributed integrated modular avionics. In: 33rd
10. Gamatie, A., Brunette, C., Delamare, R., Gautier, T., Talpin, J.- Digital Avionics System Conference, Colorado Springs, CO,
P.: A modeling paradigm for integrated modular avionics design. USA, Oct 2014
In: 32nd EUROMICRO Conference on Software Engineering and 30. Annighöfer, B.: Model-based architecting and optimization of
Advanced Applications, pp. 134–143, Sept 2006 distributed integrated modular avionics. Dissertation, Hamburg
11. Delange, J., Pautet, L., Plantec, A., Kerboeuf, M., Singhoff, F., University of Technology (2015)
Kordon, F.: Validate, simulate, and implement Arinc653 systems 31. Ozlen, M., Burton, B.A.: Multi-objective integer programming:
using the AADL. In: Proceedings of the ACM SIGAda Annual an improved recursive algorithm. arXiv:1104.5324v1 (2011)
International Conference on Ada and Related Technologies, 32. Neumann, K., Kleemann, E., Reichel, R., Lehmann, M.: Quan-
pp. 31–44 (2009) titative evaluation criteria for modern avionic system architec-
12. Lafaye, M., Gatti, M., Faura, D., Pautet, L.: Model driven early tures. In: Deutscher Luft- und Raumfahrtkongress. DGLR, Sept
exploration of IMA execution platform. In: Digital Avionics 2008
Systems Conference, pp. 7A2–1–7A2–11, Oct 2011
13. AADL. http://www.aadl.info (2009)

123