ASTM F3269-21 - Standard Practice for Methods to Safely Bound Behavior of Aircraft Systems Containing Complex Functions Using Run-Time Assurance
Standard Practice for Methods to Safely Bound Behavior of Aircraft Systems Containing Complex Functions Using Run-Time Assurance
| Standard number: | ASTM F3269-21 |
| Released: | 15.07.2021 |
| Status: | Active |
| Pages: | 21 |
| Section: | 15.09 |
| Keywords: | adaptive; airworthiness; artificial intelligence; assurance; automated; autonomous software; autonomy; certification; complex; control systems; deep neural networks; fuzzy logic; machine learning; online verification; reinforcement learning; run-time assurance; safety; safety monitor; security; software; unmanned aircraft system; validation; verification; |
1.1 The scope of this practice includes the following:
1.1.1 A set of components that comprise an RTA system.
1.1.2 Requirements and best practices to determine safe boundaries and RTA system coverage.
1.1.3 Requirements and best practices for an RTA system and RTA components, as applicable.
1.1.4 Appendixes with examples that demonstrate key RTA system concepts.
1.2 RTA components are required to meet the design assurance level dictated by a safety assessment process. Guidance for the safety assessment process may be found in references appropriate for the intended operations (ARP4754A, ARP4761, Practice F3178, etc.).
1.3 This practice was developed with UAS in mind. It may be applicable for aspects of manned aircraft certification/approval, as well as aviation ground systems. The scope of this practice is also envisioned to allow a variety of aircraft implementations where a human may perform the role of either the Complex Function or a Recovery Function.
1.4 The scope of this practice does not cover aspects of hardware/software integration. These should be considered separately during the development process.
Note 1: This practice does not suggest a one-size-fits-all strategy knowing that not all use cases may fit well into this architecture. There may exist additional components required to satisfy specific applications to the practice.
1.5 The values stated in inch-pound units are to be regarded as standard. No other units of measurement are included in this standard.
1.6 Table of Contents:
| Title | Section | |||
| Introduction |
| |||
| Background |
| |||
| Scope | 1 | |||
| Referenced Documents | 2 | |||
|
| ASTM Standards | 2.1 | ||
|
| FAA Advisory Circular | 2.2 | ||
|
| RTCA Standards | 2.3 | ||
|
| SAE Standards | 2.4 | ||
| Terminology | 3 | |||
|
| Unique and Common Terminology | 3.3 | ||
|
| Definitions of Terms Specific to This Standard | 3.4 | ||
|
| Abbreviations | 3.5 | ||
| Significance and Use | 4 | |||
| RTA Functional Architecture | 5 | |||
|
| Overall Architecture | 5.4 | ||
|
|
| Components and Interfaces | 5.4.1 | |
|
|
| RTA System Coverage | 5.4.2 | |
|
|
| RTA Scenarios | 5.4.3 | |
|
|
|
| Event Sequencing and Timing | 5.4.3.8 |
|
|
| Best Practices | 5.4.4 | |
|
|
| Requirements | 5.4.5 | |
|
| RTA Interfaces | 5.5 | ||
|
| Input Manager | 5.6 | ||
|
|
| Description | 5.6.1 | |
|
|
| Requirements | 5.6.2 | |
|
| Safety Monitor | 5.7 | ||
|
|
| Requirements | 5.7.2 | |
|
| RTA Switch | 5.8 | ||
|
|
| Description | 5.8.1 | |
|
|
| Requirements | 5.8.2 | |
|
| Recovery Function | 5.9 | ||
|
|
| Description | 5.9.1 | |
|
|
| Best Practices | 5.9.2 | |
|
|
| Requirements | 5.9.3 | |
| Keywords | 6 | |||
| Ground Collision Avoidance System (GCAS) as an Example | Appendix X1 | |||
|
| Introduction |
| ||
|
| Unassured Function | X1.1 | ||
|
| RTA Required Inputs | X1.2 | ||
|
| RTA Input Manager | X1.3 | ||
|
| Safety Monitor | X1.4 | ||
|
| Recovery Function | X1.5 | ||
|
| RTA Switch | X1.6 | ||
|
| Vehicle Management System | X1.7 | ||
| Machine Learning AI Autopilot (MLAA) | Appendix X2 | |||
|
| Introduction |
| ||
|
| Assured and Unassured Data | X2.1 | ||
|
| Input Manager | X2.2 | ||
|
| Complex Function | X2.3 | ||
|
| Safety Monitors | X2.4 | ||
|
| Recovery Control Function | X2.5 | ||
|
| RTA Switch | X2.6 | ||
|
| Summary | X2.7 | ||
| Run-Time Assurance for a Neural Network-Based Adaptive | Appendix X3 | |||
|
| Visual Line-of-Sight Operations | X3.1 | ||
|
| Beyond Visual Line-of-Sight Operation | X3.2 | ||
| Run-Time Assurance for Risk-Based Operation | Appendix X4 | |||
| Example Implementation of Timing and Latency Requirement | Appendix X5 | |||
| References |
| |||
1.7 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.
1.8 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.