Professional Documents
Culture Documents
The Mean Time Between Failures (MTBF) for the Table 2 shows a sample functional FMEA worksheet for
receiver is obtained by inverting the total failure rate of one function. Similar worksheet is to be created for all the
the system multiplied by 1e+06 hours. major functions of the equipment.
The Fault Tree Analysis is an important technique in the so as to satisfy the top level undesired event. The faults
overall assessment of the safety critical system. A fault that will result in predefined undesired event include,
tree analysis is a deductive failure analysis, which focuses component hardware failure, human error and other
on one particular undesired event and provides a method events.
for determining causes for the occurrence of this event.
The fault tree analysis is a ‘top-down’ system evaluation The fault tree analysis focuses on one particular undesired
procedure in which a quantitative model for a particular event and which provides a method for determining the
undesired event is formed and then evaluated. In this cause of the event. The list of undesired events are
method to begin with all the top level undesired events are complied first. Each undesired event would become the
identified and is reduced or analyzed to sufficient detail top-level event in a fault tree. Depending upon the system
ION GNSS 17th International Technical Meeting of the
Satellite Division, 21-24 Sept. 2004, Long Beach, CA 1542
indenture level, these top-level events can have different In reliability terms, we know component survival and
origins. Some major undesired events are: component failure are complementary and mutually
exclusive. Hence
• Loss or misleading position information
• Loss or misleading integrity information Ps + Pf = R + Q = 1,
• Loss or misleading ETA informatoin OR,
• Loss or misleading Pseudorange and Doppler Pf = Q = 1 – e-λt
information
• Loss or misleading DOP information where
• Loss or misleading PTTI information Pf = Probability of failure.
Q = Unreliability
In the fault tree analysis, the probability of failure is The probabilities of two events are added if they are
calculated at each branch level and hence the probability branched using the OR Gate. If they are branched using
of the top level undesired event is calculated. The the AND gate then the probability of two events are
probability of the events is calculated using the formula multiplied. That is because,
Loss of position
Digital section fails RF section fails Antenna section fails Discrete components Less than 4 satellite Host communication
Event can occur when all the The following receiver integrity aspects are addressed in
AND- Gate next lower conditions are the receiver:
true.
Event can occur if any one or 1. Step error detection
OR – Gate more of the next lower 2. Cross correlation error detection
conditions are true. 3. Double ephemeris collection and usage
Basic Event, which is internal to 4. RAIM availability
Event system under analysis, 5. Fault detection and exclusion with and without
requires no further WAAS
development. 6. Fault detection and exclusion in presence or
absence of SA
Table 3: Fault Tree Symbols 7. Fault detection and exclusion with and without
RAIM Baro altitude
8. Predictive RAIM
One of the most critical aspects of the GPS-SBAS 9. Figure of merit computation
receiver to be used in an aircraft for navigation purposes 10. Navigation data integrity monitor functions
is to ensure that the receiver meets the integrity
requirements in terms of detecting faults and if possible to Appendix A and B show flow chart for the RAIM logic
make corrective actions in addition to generate timely and FD/FDE logic used in the receiver. The flowcharts
alerts. The Fault Detection (FD) and Exclusion (FDE) are self explanatory
algorithm, which is often known as FD/FDE is
implemented in the receiver. CONCLUSIONS
Even prior to the FD/FDE the receiver performs step error Accord’s GPS-SBAS receiver built around a DSP has a
detection as per DO-229C. It monitors the quality of the unique architecture and has all the required safety and
signal before using it to generate the measurements data. reliability checks. It meets all the relevant requirements
The GNSSU monitors the quality of the ephemeris data, specified in DO-229C, DO-208, DO-160D, ARINC-743
ionospheric data etc. by collecting two sets of data and and was developed as per DO-178B.
comparing them before use.
RAIM
Detect step error and
unavailability
remove bad SV
alert
availability
= no Check RAIM
Check RAIM
availability without availability with
Baro altitude Baro altitude
no
no Output position,
velocity
Compute
Figure of Output FOM
Merit
RAIM
failure
alert Notify
position not
available
If # meas > 4
no yes
Compute range
residuals
Slope max =
(A 2
1i )
+ A 22i (n − 4)
1 − Pii
Compute max
Slopemax
A= G G ( T
)
−1
G T
no P=GG G ( T
)−1
GT
Check for FD
availability
HPL < HAL ?
availability = no
availability = yes
yes