We provide EU funding and world-class technical support to engineering and technology businesses.

Find out more about who we are and what we do

Stay in Touch

EventBrite logo Twitter logo RSS logo Linked In  logo Email us

Join our mailing list

Join our mailing list to receive notification of CPSE Labs events and upcoming calls

Smart Anything Everywhere

Cyber-Physical Systems Engineering Labs is part of the Smart Anything Everywhere initiative.

This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 644400.

DAL allocation calculus (DALculus)

The DALculus method has been developed to assist the breakdown of safety requirements during the design of aircraft systems. CPSE Labs project explore its usability in a wider context.

Aircraft functions such as "Control the aircraft speed on ground" can be performed thanks to a set of system functions such as "Control wheel braking" and "Control thrust reversion".

At early stages of the development of an aircraft, designers have to assign safety requirements to system functions consistent with the aircraft function requirements. The work in question describes a method and associated tools to assist the derivation of safety requirements for system functions.

Safety requirements associated with aircraft and system functions come in two forms:

  • quantitative requirements, which impose safe bounds on the mean probability per flight hour of the function failures (probability budget and maintenance check intervals).
  • qualitative requirements, which impose a) safe bounds on the size of minimal combinations of the component failures leading to the function failure, b) function independences and c) sufficient Development Assurance Level (DAL) for the functions contributing to the most severe failure conditions.

The approach proposed here, named DALculus, takes a set of aircraft failure conditions and their causes (i.e., sets of minimal combinations of system function failures leading to an aircraft function failure) as input, as well as user defined constraints.

It simultaneously solves three constraint satisfaction problems capturing the requirements that the system functions should fulfil in order to satisfy the aircraft function requirements. A set of requirements is extracted from the solution to each problem and is proposed to the designers:

  1. Solving the first constraint satisfaction problem allows to identify independence requirements between system functions which guarantee that no minimal cut set will be degraded below a minimal size as long as no common failure mode is introduced between independent functions.li>
  2. Solving the second constraint satisfaction problem (simultaneously with 1) ) generates an allocation of Development Assurance Levels to system functions that is consistent with the aerospace recommended practices.
  3. Solving the third problem (using the independence relation identified in 1) and 2) as input) will generate an allocation of failure rates and maintenance check intervals to system functions which guarantees that the probability of occurrence of the given set of failure conditions remain below a given probability bound derived from the severity of the failure conditions.

Problems 1 and 2 are purely discrete and can be solved using very efficient pseudo-boolean solvers (e.g., SAT4J, wbo, Minisat+, etc.). The third problem is a mixed integer linear programming problem and can be solved using MILP solvers. The formal theory has been implemented in a tool named DAL-culator (the DAL-calculator) which allows to effectively parse failure condition files and user defined directives, generate the problems, solve them using appropriate solvers and produce results in a human-readable format.

The general principles and formalization of these problems can be found in [3] [2], while [1] provides a very detailed description of the actual constraints and solving process.

The DALculus can also be used as a means to assess the criticality of certain system components, by asking the tool to allocate the lowest DAL possible for such components. The lower the DAL the component can tolerate while satisfying system-wide DAL allocation rules, the less critical it is.

The DALculator tool can be provided on request for research project and it is hosted on the forge.

Case studies

The DALculator has been applied in the European project here or here).

More recent work [2] generalizes the system assessment approach to systems with human components which participate in system failure conditions and the tools has been applied to allocate DAL to all automated systems and human actors which contribute to the collision avoidance of en route aircraft.

Further reading

  1. DALCulus Optimization Benchmarks, LION9 Conference benchmarks description paper, 2015.
  2. Lucia Sanzez-Infante and Andra-Teodora Tonie and Patrick Fabiani and Christel Seguin and Rémi Delmas and Pierre Bieber, Model Based Risk Assessment of Procedures and Systems for Aircraft Trajectory Management, ERTS International Conference, 2014.
  3. Pierre Bieber and Rémi Delmas and Christel Seguin, DALculus. Theory and Tool for Development Assurance Level Allocation presented atthe SafeComp International Conference in 2011.
  4. Pierre Bieber and Rémi Delmas and Christel Seguin and Matthias Bretschneider Automatic derivation of qualitative and quantitative safety requirements for aircraft systems, presented at the ESREL international conference in 2011.

Design centre

This platform is supported by our France design centre.