The Airbus flight control system utilizes a 'fly-by-wire' approach, replacing mechanical systems with electronic signals processed by computers to control the aircraft's surfaces. It features quintuple redundancy, meaning it has five flight control computers for reliability, allowing continued operation even with multiple failures. The system incorporates hardware and software diversity, self-monitoring architecture, and dynamic reconfiguration to ensure safe and effective flight control.

1. The Airbus flight control system
Ian Sommerville
Airbus Flight Control System, 2013
Slide 1

2. • The organisation of the Airbus
A330/340 flight control system to
provide software and hardware
reliability
Airbus Flight Control System, 2013
Slide 2

3. Airbus Flight Control System, 2013
Slide 3

4. Airbus flight control systems
• Airbus were the first commercial
aircraft manufacturer to use „fly by
wire‟ flight control systems
Airbus Flight Control System, 2013
Slide 4

5. “Fly by wire” control
• Older aircraft control systems rely on
mechanical and hydraulic links between the
aircraft‟s controls and the flight surfaces on
the wings and tail.
• The cockpit controls and flight surfaces are
directly connected – pilot actions are
transmitted directly to the control system
Airbus Flight Control System, 2013
Slide 5

6. Airbus Flight Control System, 2013
Slide 6

7. • In fly-by-wire systems, the cockpit
controls generate electronic signals that
are interpreted by a computer system
and are then converted into outputs that
drive the hydraulic system connected to
the flight surfaces.
Airbus Flight Control System, 2013
Slide 7

8. Advantages of „fly-by-wire‟
• Weight reduction
– By reducing the mechanical linkages
and hydraulic fluids, a significant
amount of weight (and hence fuel) is
saved.
Airbus Flight Control System, 2013
Slide 8

9. • Pilot workload reduction
– The fly-by-wire system provides a
more usable interface and takes over
some computations that previously
would have to be carried out by the
pilots.
Airbus Flight Control System, 2013
Slide 9

10. • Airframe safety
– By mediating the control commands,
the system can ensure that the pilot
cannot put the aircraft into a state that
stresses the airframe or stalls the
aircraft.
Airbus Flight Control System, 2013
Slide 10

11. Fault tolerance
•
Fly-by-wire systems must be fault tolerant as there is
no „fail-safe‟ state when the aircraft is in operation.
•
In the Airbus, this is achieved by replicating
sensors, computers and actuators and providing
„graceful degradation‟ in the event of a system failure.
•
In a degraded state, essential facilities remain
available allowing the pilot to fly and land the plane.
Airbus Flight Control System, 2013
Slide 11

12. • The Airbus FCS has quintuple
redundancy i.e it has 5 flight control
computers but only 1 computer is
needed to fly the place
• Therefore, the system can stand to lose
4 computers and the plane will still be
flyable.
Airbus Flight Control System, 2013
Slide 12

13. Airbus FCS organization
• Three primary flight control computers
• These are the main flight control
systems and are responsible for
calculations concerned with aircraft
control and with sending signals to the
flight surfaces and aircraft engines.
Airbus Flight Control System, 2013
Slide 13

14. • Two secondary flight control computers
which are backup systems for the flight
control computers.
• Control switches automatically to these
systems if the primary computers are
unavailable.
Airbus Flight Control System, 2013
Slide 14

15. Hardware diversity
•
The primary and secondary flight control computers
use different processors.
•
The primary and secondary flight control computers
are designed and supplied by different companies.
•
The processor chips for the different computers are
supplied by different manufacturers.
•
All of this reduces the probability of common errors in
the hardware causing system failure.
Airbus Flight Control System, 2013
Slide 15

16. Software diversity
•
The primary and secondary computers run different
software
•
The secondary computer software is a simpler
version of the primary control software
•
The software for each system has been developed by
different teams
Airbus Flight Control System, 2013
Slide 16

17. Self-monitoring architecture
Airbus Flight Control System, 2013
Slide 17

18. Self-monitoring architectures
•
Multi-channel architectures where the system
monitors its own operations and takes action if
inconsistencies are detected.
•
The same computation is carried out on each channel
and the results are compared. If the results are
identical and are produced at the same time, then it is
assumed that the system is operating correctly.
•
If the results are different, then a failure is assumed
and a failure exception is raised.
Airbus Flight Control System, 2013
Slide 18

19. Self-monitoring systems
•
Hardware in each channel has to be diverse so that
common mode hardware failure will not lead to each
channel producing the same results.
•
Software in each channel must also be
diverse, otherwise the same software error would
affect each channel.
•
If high-availability is required, you may use several
self-checking systems in parallel.
–
This is the approach used in the Airbus family of aircraft for 19
Slide
Airbus Flight Control System, 2013

20. Airbus Flight Control System, 2013
Slide 20

21. Channel diversity
• The software for the different channels
in each computer has been developed
by different teams using different
programming languages
Airbus Flight Control System, 2013
Slide 21

22. Primary/secondary diversity
•
The software for the primary and secondary flight
control computers has been developed by different
teams.
•
For the secondary computers, the channels are
programmed by different teams using different
languages.
•
Therefore, 4 different versions of the flight control
software have been developed.
Airbus Flight Control System, 2013
Slide 22

23. Dynamic reconfiguration
•
The FCS reconfigures itself dynamically to cope with
a loss of system resources if 2 FCS computers fail
•
Dynamic reconfiguration involves switching to a
simpler mode of software control, with less to go
wrong.
•
Three operational modes are supported
–
Normal - control plus reduction of workload
–
Alternate - minimal computer-mediated control
–
Direct - no computer-mediation of pilot commands
Airbus Flight Control System, 2013
Slide 23

24. Control diversity
•
The linkages between the flight control computers
and the flight surfaces are arranged so that each
surface is controlled by multiple independent
actuators.
•
Each actuator is controlled by different computers so
loss of a single actuator or computer will not mean
loss of control of that surface.
•
The hydraulic system is 3-way replicated and these
take different routes through the plane.
Airbus Flight Control System, 2013
Slide 24

25. Summary
•
Airbus FCS designed around hardware and software
redundancy and diversity
•
Quintuple redundancy with 5 control computers –
only one required to fly aircraft
•
Each computer based on a self-monitoring
architecture with 2 channels
•
Multiple different versions of software developed and
execute simultaneously
Airbus Flight Control System, 2013
Slide 25