Fault Tolerance Techniques of The Boeing 777 Samuel Hishmeh December 6th, 2006

Fault Tolerance Techniques of the Boeing 777 Background Boeing to Develop “Fly-By-Wire” Fly-By-Wire Advantages Safer Cheaper Revolutionized Flight Developed in the early 90’s Boeing wanted to develop a fly-by-wire plane, One of first. Fly-by-wire design several advantages Potentially safer (human error), could you trust your life to a computer? Cheaper (less upkeep, less weight (materials and gas) ) Fault Tolerance Techniques of the Boeing 777

Design Considerations Cosmic Rays Hardware Failures “Fly-By-Wire” Functional Separation No Single Fault can Cause Failure The likelihood that cosmic rays will interfere with communication greatly increases at high altitudes Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Design Philosophy REDUNDANCY Triple Modular Redundancy (TMR) Computing System Electrical Power Hydraulic Power Communication Path 4 Modular Redundancy Actuator Control Electronics Unit (ACE) TMR in used in hardware SAFETY CRITICAL AVIONICS FOR THE 777 PRIMARY FLIGHT CONTROLS SYSTEM Fault Tolerance Techniques of the Boeing 777

Flight Control Surfaces Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 TMR on data buses. 4MR on ACES – Actuator Control Electronics Fault Tolerance Techniques of the Boeing 777

Primary Flight Computer 3 processors. Each had 3 lanes computing the result, and they can communicate. Despite access to all 3, the only output to one channel. All code written in ADA, but compiled with different compilers. Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 ACE Hardware Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Communication Bus ARINC 629 Line Replaceable Units (LRU) Triple Modular Redundancy CRC Checking Asynchronous Serial 2 MHz Physical and Electrical Isolation Developed by Boeing Up 120 devices Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Communication Bus [2] Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Flight Modes 3 Modes Direct Secondary Normal Normal – Autopilot Secondary – somewhere in between normal and direct. PFC still using some calculations, but not autopilot Direct – Switch on or if ACE’s detect invalid data from PFC’s. Pilot has full control. Analog data from transducers used to control actuators. Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Honorable Mentions Deferred Maintenance Electrical Isolation CRC Checks Line Replaceable Units (LRU) Electrical isolation - every piece of hardware has multiple power systems. Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 Questions… Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 References Y. Yeh. Triple-triple redundant 777 primary flight computer. In Proceedings of the 1996 IEEE Aerospace Applications Conference, volume 1, pages 293–307, February 1996. Y.Yeh. SAFETY CRITICAL AVIONICS FOR THE 777 PRIMARY FLIGHT CONTROLS SYSTEM. In Digital Avionics Systems, 2001. DASC. The 20th Conference, Volume 1, pages 1C2/1-1C2/11, October 2001. Fault Tolerance Techniques of the Boeing 777

Fault Tolerance Techniques of the Boeing 777 CRC Diagram Fault Tolerance Techniques of the Boeing 777