The invention lies in the field of onboard systems, and more particularly that of avionics systems which implement a navigation computer, such as the Flight Management System FMS.
In a conventional manner, each real-time avionics system is architectured and developed so as to meet performance requirements in terms in particular of failure rate (reset) and functional Quality of Service (QoS), in a defined framework of use.
Onboard avionics systems are qualified, with a demonstrated performance level, for a given environment and have different levels of software development, that are more or less expensive, corresponding to different safety or criticality requirements. Indeed, these levels of software development arise from the aircraft risk analysis FHA (Functional Hazard Analysis), termed “operating dependability analysis”, according to the international standards RTCA DO178C (USA) or ED-12C (European equivalent of EUROCAE). This risk analysis establishes the contribution of each function in the aircraft's operational chain so as to determine which maximum failure level must be reached. In order to achieve the objective in question, the standard constrains the required quality of the hardware and software in which the function is embedded and which implements it. These development quality levels are called “DALs” (Development Assurance Levels).
Current avionics architectures are the result of a history, in which economic considerations have played a significant role. Thus, for reasons to do with “certification credit” or incremental qualification, and also for reasons to do with wiring costs relating to the interfaces, the new navigation functions have been systematically integrated within a single computer, namely either the flight management system FMS, the taxiing system TAXI or the Automatic Pilot PA.
Likewise, monitoring functions are systematically integrated within a single computer, depending on what is monitored: TCAS (Traffic Collision Avoidance System), TAWS (Terrain Awareness and Warning System), WMS (Weather Management System), the CMU (airspace-related constraints), the EFB (operational constraints of the company).
Likewise, the monitoring of the aircraft states is centralized in computers of FWS (Flight Warning Systems) and OMS (Onboard Maintenance Systems) type.
Currently, the automatic pilot PA is developed in level DAL A which corresponds to the highest criticality level, and the FMS is, depending on the aircraft, developed in level DAL B or C, with a trend to switch to DAL development level B in view of its increasing use in procedures. The TCAS for its part is developed in level DAL C or DAL D, and acts as a safeguarding device, it not being used to guide the craft but to forewarn of danger when the other systems have failed.
Now, for iso-functional, that is to say for one and the same operationally rendered service, it may be estimated that each change of DAL development level multiplies the development cost tenfold. Indeed, when the software development level increases from D to A via C and B, the safety requirement increases, this being manifested by an increase in the complexity of the algorithm and its degree of validation.
Thus, a visual aid function for navigation, whose risk analysis FHA requires a level D, is currently integrated into one of the existing computers, FMS or PA, of level A to C, thus giving rise to a development cost that is ten to a hundred times greater than it would be in a level D hardware environment.
On top of this development cost, the insertion of new functions or services into an existing architecture frequently leads to complex solutions between the systems, which generate a training load for crews and maintenance teams, and increases the risk of error when operating the equipment in order to carry out the function.
Solutions are currently proposed in a first French patent application published under the number FR3013880 and a second French patent application filed on 16 May 2014 and registered under the filing number 14/01108 aimed at integrating into an avionics system, comprising a core module and a peripheral module, additional functionalities without needing to modify the software elements of the core module and using from the latter only generic services which are offered. Thus, the impact of integrating new services or functionalities on a core module of high development level such as an FMS and/or an PA is minimized.
However, the insertion of new hardware, of peripheral type, and of a lower development level than that of a core module, into existing so-called “Legacy” architectures, and supporting new functionalities of compatible development level, itself has a crippling development cost in terms in particular of the re-wiring of thousands of aircraft, the hardware integration of the new computer into the bay for interfacing it with other equipment, and its electrical power supply.
Thus, the technical problem of defining an architecture of an avionics onboard system which is more flexible and more adaptable, and which makes it possible to ensure the integration of new navigation functions at minimum cost, while guaranteeing clients the DAL level of the whole, still remains.
Thus, this need exists particularly when involved in defining an open navigation architecture of server-client type which makes it possible to integrate the manoeuvres for relative spacing (referred to by the acronym FIM for Flight Interval Management) between aircraft.
This therefore involves redefining collaborations and functions between aircraft systems which make it possible to place a new operational service, which minimize the costs of integration into a navigation system with open architecture whose core is a computer of FMS and/or PA type of high DAL and at least one peripheral computer of lower DAL, which minimize staff training and maintenance costs, and which minimize more particularly the impact on the computers of high criticality (in particular the FMS whose development cost is currently among the aircraft's highest because of its size and criticality).
The general technical problem is to propose a method for operationally, functionally and physically integrating a new aeronautical service or function into an onboard avionics system with open architecture of “client-server” type, which minimizes the means for developing the integration of the new function in terms of extra hardware, interfacing and software, of reuse of hardware, interfacing and software, of number of tasks and of hardware and software qualification time, and which minimizes the means for operating the service in terms of maintenance and training time, while guaranteeing the client the DAL level of the aircraft as a whole.
In a particular manner, the technical problem is to propose a method for operationally, functionally and physically integrating an FIM manoeuvres service for the relative spacing between aircraft into an onboard avionics system of “client-server” type, which minimizes the means for developing the integration of the new function in terms of extra hardware, interfacing and software, of reuse of hardware, interfacing and software, of number of tasks and of hardware and software qualification time, and which minimizes the means for operating the service in terms of maintenance and training time, while guaranteeing the client the DAL level of the aircraft as a whole.
The technical problem is further to provide an integrating onboard avionics system with open architecture of “client-server” type which operationally, functionally and physically integrates an application of FIM manoeuvres for the relative spacing between aircraft while minimizing the means for developing the integration of the application in terms of extra hardware, interfacing and software, of reuse of hardware, interfacing and software, of number of tasks and of hardware and software qualification time, and which minimizes the means for operating the application in terms of maintenance and staff training time, in compliance with the DAL level of the aircraft as a whole.