The present invention relates to the diagnosis of elements of complex systems, in particular of aircraft, and more particularly to a method, devices and a program for computer-aided analysis of the failure tolerance of an aircraft system, using critical event charts.
The latest failure diagnosis systems in aircraft generally use failure models designed by the manufacturers and their equipment suppliers during the aircraft development cycle. They can be used for the purpose of setting up preventive diagnostics on board the aircraft in question or on the ground via web services for example.
These diagnostic systems can use messages originating from equipment monitoring systems comprising self-diagnosis software applications, also called built-in test equipment (BITE), reporting maintenance messages involving items of equipment suspected of failure as soon as the monitoring systems detect them.
Thus, for example, the diagnostic systems known as on-board maintenance systems (OMS), in particular used in the Airbus A380 (Airbus and A380 are trade marks) make it possible to group messages received from equipment monitoring systems and to access reports generated in flight in order to carry out statistical analysis allowing potential future failures to be identified.
The grouping of messages is here carried out by a software application of a centralized maintenance system (CMS) which collects and consolidates these maintenance messages in order to identify the more relevant maintenance messages allowing the maintenance teams on the ground to complete the necessary repairs. Such messages indicate failed equipment as well as providing information on possible failures based on statistical analyses such as mean time between failures (MTBF).
Access to reports generated in flight typically involves access to reports known as aircraft condition monitoring system (ACMS) reports which are systematically generated at certain phases of each flight or when particular events are detected, for example when a predetermined threshold is exceeded by a given parameter of the aircraft. Such reports thus represent a view of the status of a certain number of parameters and equipment of the aircraft. When collated, these ACMS reports allow the airline operating the aircraft to monitor its status and to intervene when deemed necessary.
The ability to prevent possible effects of future failures in the cockpit (called flight deck effect (FDE)) is offered by some aircraft manufacturers in a ground system called airplane health management (AHM) interfaced with the reports issued by an aircraft. To this end, the AHM calculates and adapts a time remaining for carrying out maintenance (called time to failure (TTF)) for the maintenance messages reported by a centralised maintenance computing function (CMCF) of the aircraft and based on the history of these messages.
In order to plan preventive maintenance tasks, an airline needs to have advance knowledge of a future dysfunction. But this is not sufficient on recent-generation aircraft where the systems are very interdependent, incorporate components with complex malfunction modes, and have architectures that have single failure tolerance.
A failure tolerance capability allows an aircraft to remain available even if an item of equipment has failed. A list of the minimum operational equipment (called minimum equipment list (MEL)) sets the conditions according to which an aircraft in which at least one item of equipment has failed can remain operational (dispatch reliability). By way of illustration, an airline can be permitted to operate an aircraft for 10 days with certain equipment failed. Thus, these operating conditions are encompassed by the MEL and are often accompanied by mandatory maintenance operations to inspect the equipment in working order associated with the failed equipment and/or to provide safe manual deactivation of the failed equipment.
A failure tolerance capability also allows an airline to operate an aircraft while, at the same time, preparing for the purchase and procurement of spares as well as the associated maintenance.
In this context, it is necessary not only to obtain a list of equipment failures in an aircraft in order to decide on its operation but moreover, the airline operating this aircraft wishes to know exactly the tolerance margin remaining before a dysfunction with greater impact occurs, for example a situation named NO GO in the MEL, which does not permit the airline to operate the aircraft in this condition or a situation according to which the passenger experience would not accord with the image the airline wishes to project (for example if the cabin video system no longer functions).
There is a need to provide predictive maintenance and failure tolerance information.