The capability to reconfigure provides multiple benefits, yielding significant added value for distributed systems. This ranges from adaptive resource management and defence against cyberattacks by means of frequency hopping to the reduction of computational units. In flight operation, new configurations and system functions could be loaded, distributed, and brought into operation to react to potential system changes. However, an erroneous or incomplete reconfiguration during flight, can result in catastrophic consequences for the aircraft.

Therefore, this presentation investigates how a safe reconfiguration can be derived. The configuration generation framework should provide a method to be capable of adapting to system changes and, at the same time, remain deterministically predictable. A possible solution could be a gradual (re)-configuration of the different modules. The concept is to break down the configuration into minimal incremental steps, ensuring that any applied change does not immediately impact the system. The sequence of individual reconfiguration steps must preserve the system’s existing functionality and operate in a fully deterministic manner. Where the current status of the configuration must be known. A possible solution is the use of generated Finite State Machines (FSM), which formally describe the transition logic between individual configuration states. However, creation of configuration transitions, requires system knowledge, as each signal routing must be defined by the system engineer through hardware and functional modeling and may not be altered in its operational behavior.

For this purpose, functional, hardware, and allocation models are extracted from the Open Avionics Architecture Model (OAAM) and transformed into discrete configuration states. Each state represents the current configuration of an avionics module, including information about which hardware resource hosts which allocated functions at a specific configuration step in time. A transition between states describes, how a new configuration can be derived and which action is needed to do so. Therefore, atomic commands in the form of CRUD operations (Create, Read, Update, Delete) are used to execute configuration changes. For instance – to change the signal routing between modules – A “Create” command to enable signal connection between modules is executed. Due to the atomic behavior of the underlying database, a rollback can take place whenever a failure occours. For the automated generation of the reconfiguration state machine, a meta-model (M2) of a state machine was defined. This meta-model forms the basis for instantiating the M1 reconfiguration model. Instantiation is performed using the detected hardware resources, defined functions, and the allocation results derived from solver algorithms within the OAAM model. At its current stage, the generation process is still primitive and does not yet include formally verified logic to guarantee system integrity and deterministic behavior throughout the reconfiguration process.

The presentation introduces the concept of model-based reconfiguration state machines, which can be deployed onto reconfigurable avionics modules. Particular focus is set on the automated generation of the state machine. By decomposing the configuration into discrete incremental steps, this approach establishes the foundation of formalized reconfiguration rules, which will be applied to the current model to provide a valid and operationally compliant transition sequences during the reconfiguration process.