This method and this device can be applied to complex installations with a specific or open-ended configuration. These installations generally include combined devices, such as sensors, processing systems including computers controlling, for example, servo-systems, and generally speaking interacting combined devices so as to obtain the sought-after result.
The configuration of an installation is determined by those who design said installation. This configuration more particularly defines the organization of the various operational devices comprising the installation, the essential functional specifications of these devices, the linkings, as well as interactions between said devices. A predetermined configuration of an installation enables the latter to carry out processings in order to accomplish predetermined actions so as to obtain the desired result. Conversely, a non-authorized configuration of an installation does not enable this installation to embody everything expected from it in desired conditions, these conditions extending from an insufficient level of security to a total absence of the service rendered.
Installations of this type may be complex units, such as stations for tracking satellites and stations for processing signals exchanged with these satellites, navigation stations on sea vessels, motor vehicles equipped with on-board computers processing signals derived, for example, from sensors furnishing the parameters relating to movement or braking, operating control stations of nuclear power stations, airplane pilot cockpit stations, etc.
The checking methods and devices of complex installations ought to be able to provide increased operating safety of these installations by means of affording strict monitoring of their configurations.
For example, in an aircraft, safety is a major concern of aircraft constructors who are increasingly seeking to provide "electric flight control" installations or systems including in particular computers, servo-systems, sensors, etc. A large portion of these systems mainly concerns the monitoring and manoeuvering of the aircraft by one or several pilots from a central piloting station.
Each installation generally has a long period of life (several years). The placing into operation of the installation is only effective after successive phases including in particular the research and design phases, the production of a prototype, the first start up, the tests rendering the need for modifications and then the production of series installations.
The series installations are themselves subjected to configuration evolutions over a period of time, either for the particular needs of a user, or so as to improve quality, robustness, the reliability of the installation, but also so as to obey new regulations or use new technologies having improved performances, or because the earlier technologies had become unavailable.
This configuration evolution is common in larger aircraft which are that much more concerned when the latter are more modern and consequently make use of a larger number of computers. Any configuration evolution needs to be managed carefully and methodically, especially for reasons of safety. This is particularly necessary when replacing an old functionnal device by a new one in an installation for checking the compatibility of this new device with the other devices of the installation. In fact, any new functional devices introduced into an installation to replace the older device must not disturb the functioning of the installation and the latter needs to remain able to provide at least the orders supplied up to there, or even better, improve their quality.
Currently, there is no automatic way to check the validity of the configuration of a data and signal processing installation, especially when one or several of the combined functional devices of this installation are replaced by new devices.
In the current state of the art, for an installation comprising in particular several computers receiving and exchanging data or information for processing this data or information, the maintenance technician, who replaces one computer by another or modifies a program of a computer in an installation or replaces one sensor by another, modifies the configuration of the installation. For example, this replacement may occur when the computer has broken down. The technician then has the choice of replacing the old computer by an identical computer functioning with the same program, or replacing the old computer by an equivalent computer with a program so that the inputs/outputs of the new computer are identical to the inputs/outputs of the old computer (throughout the continuation of the description, the term "computer" shall denote, not merely the hardware, but also the software).
By observing certain conditions, the technician is also able to replace one computer by a non-equivalent computer, this being the case when no identical or equivalent computer is available or when this replacement is asked for by the designer of the installation who wishes to modify the installation configuration, when requested by a user, or to improve the quality of functioning of this installation. The configuration modification of the installation resulting, for example, from replacing one computer by a non-equivalent computer, requires that the technician upkeeps the procedures for verifying the coherence of the functioning of the installation. These procedures are long, complicated and human error during these checks is still a risk which might result in serious consequences.
The above-mentioned example of a replacement concerns a computer, but this replacement may be that of one or several other functional devices of the installation, such as sensors, measuring circuits, etc.
The maintenance technician checks the coherence of the installation on the basis of information contained in a maintenance manual or on technical cards.
So as to check this coherence, he needs first of all to check the interchangeability conditions of an existing device of the installation by means of a new device.
He then needs to check the compatibility conditions between the new device replacing the predetermined existing device and the other devices of the installation cooperating with this new device. All the devices of the installation, as well as the new device, are marked by identification codes.
The interchangeability conditions needing to be verified are the following: