隐蔽失效适航要求符合性验证分析

Compliance verification analysis on latent failure airworthiness requirement

隐蔽失效的适航符合性验证对飞机系统安全性水平会产生重大影响。经过十余年论证,EASA在CS/AMC 25.1309中新增了隐蔽失效的要求。例如要求尽可能消除重大隐蔽失效;为了防止再发生一个失效即导致灾难性失效状态的情况,对由两个失效导致的每个灾难性失效状态,其中任一个在大于单次飞行中是隐蔽失效,要求从隐蔽限制方面限制运行时间,并且从剩余概率限制方面假定一个隐蔽失效已发生时限制所有单个显性失效组合的平均概率。针对系统安全性条款CS 25.1309(b)新增的隐蔽失效相关要求,分析条款的符合性方法,通过典型故障树分析及其最小割集的示例,说明隐蔽限制和剩余概率限制准则的应用方法。从工程角度说明了条款的应用范围,给出了隐蔽失效的概率和限制暴露时间的计算方法,提升型号系统安全性水平。

The compliance verification of latent failure has significant impact on the system safety level of aircraft.After a decade argument,EASA added new requirements of latent failure in CS/AMC 25.1309.For example,any significant latent failure is eliminated as far as possible.In order to prevent the aircraft from one failure away from catastrophe,for each catastrophic failure condition that results from two failures,either one of which is latent for more than one flight,the time of operating is required to be limited from the latency point,meanwhile the combined average probability of all the single active failures is required to be limited from the residual probability point,assuming one single latent failure has occurred.In view of new requirement of latent failure in CS 25.1309(b),its methods of compliance are analyzed.Two criteria limit latency and limit residual probability,are illustrated by minimal cut set of typical Fault Tree Analysis example.The application scope is analyzed from the engineering point of view,and the calculation methods of probability and exposure time limit of latent failure are illustrated,to promote system safety level of aircraft.