850 research outputs found

    A Time-Triggered Constraint-Based Calculus for Avionic Systems

    Full text link
    The Integrated Modular Avionics (IMA) architec- ture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS)

    Spacelab software development and integration concepts study report, volume 1

    Get PDF
    The proposed software guidelines to be followed by the European Space Research Organization in the development of software for the Spacelab being developed for use as a payload for the space shuttle are documented. Concepts, techniques, and tools needed to assure the success of a programming project are defined as they relate to operation of the data management subsystem, support of experiments and space applications, use with ground support equipment, and for integration testing

    Heterogeneous models and analyses in the design of real-time embedded systems - an avionic case-study

    Get PDF
    The development of embedded systems according to Model-Driven Development relies on two complementary activities: system mod- eling on the one hand and analysis of the non-functional properties, such as timing properties, on the other hand. Yet, the coupling be- tween models and analyses remains largely disregarded so far: e.g. how to apply an analysis on a model? How to manage the analysis process? This paper presents an application of our research on this topic. In particular, we show that our approach makes it possible to combine heterogeneous models and analyses in the design of an avionic system. We use two languages to model the system at di erent levels of abstraction: the industry standard AADL (Ar- chitecture Analysis and Design Language) and the more recent implementation-oriented CPAL language (Cyber-Physical Action Language). We then combine di erent real-time scheduling analy- ses so as to gradually de ne the task and network parameters and nally validate the schedulability of all activities of the system

    Static Analysis of Run-Time Errors in Embedded Real-Time Parallel C Programs

    Get PDF
    We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs. Following our work on Astr\'ee, we focus on embedded critical programs without recursion nor dynamic memory allocation, but extend the analysis to a static set of threads communicating implicitly through a shared memory and explicitly using a finite set of mutual exclusion locks, and scheduled according to a real-time scheduling policy and fixed priorities. Our method is thread-modular. It is based on a slightly modified non-parallel analysis that, when analyzing a thread, applies and enriches an abstract set of thread interferences. An iterator then re-analyzes each thread in turn until interferences stabilize. We prove the soundness of our method with respect to the sequential consistency semantics, but also with respect to a reasonable weakly consistent memory semantics. We also show how to take into account mutual exclusion and thread priorities through a partitioning over an abstraction of the scheduler state. We present preliminary experimental results analyzing an industrial program with our prototype, Th\'es\'ee, and demonstrate the scalability of our approach

    Integrated Application of Active Controls (IAAC) technology to an advanced subsonic transport project: Current and advanced act control system definition study. Volume 2: Appendices

    Get PDF
    The current status of the Active Controls Technology (ACT) for the advanced subsonic transport project is investigated through analysis of the systems technical data. Control systems technologies under examination include computerized reliability analysis, pitch axis fly by wire actuator, flaperon actuation system design trade study, control law synthesis and analysis, flutter mode control and gust load alleviation analysis, and implementation of alternative ACT systems. Extensive analysis of the computer techniques involved in each system is included

    Inherent Problems in Designing Two-Failure Tolerant Electromechanical Actuators

    Get PDF
    An electromechanical ac-powered rotary actuated four-bar linkage system for rotating the Shuttle/Centaur deployment adapter is described. The essential features of the deployment adapter rotation system (DARS) are increased reliability for mission success and maximum practical hazard control for safety. The requirements, concept development, hardware configuration, quality assurance provisions, and techniques used to meet two-fault tolerance requirements are highlighted. The rationale used to achieve a degree of safety equivalent of that of two-failure tolerance is presented. Conditions that make this approach acceptable, including single failure point components with regard to redundancy versus credibility of failure modes, are also discussed

    Design and integrity of deterministic system architectures.

    Get PDF
    Architectures represented by system construction 'building block' components and interrelationships provide the structural form. This thesis addresses processes, procedures and methods that support system design synthesis and specifically the determination of the integrity of candidate architectural structures. Particular emphasis is given to the structural representation of system architectures, their consistency and functional quantification. It is a design imperative that a hierarchically decomposed structure maintains compatibility and consistency between the functional and realisation solutions. Complex systems are normally simplified by the use of hierarchical decomposition so that lower level components are precisely defined and simpler than higher-level components. To enable such systems to be reconstructed from their components, the hierarchical construction must provide vertical intra-relationship consistency, horizontal interrelationship consistency, and inter-component functional consistency. Firstly, a modified process design model is proposed that incorporates the generic structural representation of system architectures. Secondly, a system architecture design knowledge domain is proposed that enables viewpoint evaluations to be aggregated into a coherent set of domains that are both necessary and sufficient to determine the integrity of system architectures. Thirdly, four methods of structural analysis are proposed to assure the integrity of the architecture. The first enables the structural compatibility between the 'building blocks' that provide the emergent functional properties and implementation solution properties to be determined. The second enables the compatibility of the functional causality structure and the implementation causality structure to be determined. The third method provides a graphical representation of architectural structures. The fourth method uses the graphical form of structural representation to provide a technique that enables quantitative estimation of performance estimates of emergent properties for large scale or complex architectural structures. These methods have been combined into a procedure of formal design. This is a design process that, if rigorously executed, meets the requirements for reconstructability

    Reducing V&V Cost of Flight Critical Systems: Myth or Reality?

    Get PDF
    This paper presents an overview of NASA research program on the V&V of flight critical systems. Five years ago, NASA started an effort to reduce the cost and possibly increase the effectiveness of V&V for flight critical systems. It is the right time to take a look back and realize what progress has been made. This paper describes our overall approach and the tools introduced to address different phases of the software lifecycle. For example, we have improved testing by developing a statistical learning approach tor defining test cases. The tool automatically identifies possible unsafe conditions by analyzing outliers in output data; using an iterative learning process, it can then generate more test cases that represent potentially unsafe regions of operation. At the code level, we have developed and made available as open source a static analyzer for C and C++ programs called IKOS. We have shown that IKOS is very precise in the analysis of embedded C programs (very few false positives) and a bit less for regular C and C++ code. At the design level, in collaboration with our NRA partners, we have developed a suite of analysis tools for Simulink models. The analysis is done in a compositional framework for scalability

    Avionics standards, software and IMA

    Get PDF
    International audienceThe paper covers the definition of Integrated Modular Avionics (IMA), the associated avionics standards and the impact on the Avionics Software. ARINC and RTCA/EUROCAE committees, in which all Avionic stakeholders are involved, developed these standards. 2005 is a key year for standardization: ARINC653 part1 supplement2 and part3 are ready for publishing, RTCA-SC200 / EUROCAE-WG60 is under ballot. The concepts of IMA, the new architecture in Avionics, were defined in the late Eighties and published for the first time in the ARINC651 standard in 1991. The IMA concepts were firstly applied on Boeing 777, extended and used on Airbus A380 and now selected for the future Boeing 787. These concepts divide the avionic embedded domain into Platform (Hardware+Core Software) and Applications instead of Hardware and Software. Several applications of different criticality levels could reside on the same platform. The consequences were the development of new standards and guidelines for supporting these concepts, e.g.:-ARINC653 defines the API and the behavior of the Core Software services.-DO-255/ED-96 contains the description of an Avionic Computing Resource (a platform separated from its hosted applications).-DO-248B/ED-94B clarifies DO-178B/ED-12B and defines concepts like robust partitioning.-SC200/WG60 (future ED-124) contains the IMA Development Guidance and Certification.-SC205/WG71 has started. It reviews and extends DO-178B/ED-12B and DO-248B/ED-94B in regard of new technologies The paper describes the objectives and the results of these standardization committees. It focuses on ARINC653 and ED-124 standards and presents shortly the associated standards
    corecore