Validation and Verification of Safety-Critical Systems in Avionics

This research addresses the issues of safety-critical systems verification and validation. Safety-critical systems such as avionics systems are complex embedded systems. They are composed of several hardware and software components whose integration requires verification and testing in compliance with the Radio Technical Commission for Aeronautics standards and their supplements (RTCA DO-178C). Avionics software requires certification before its deployment into an aircraft system, and testing is mandatory for certification. Until now, the avionics industry has relied on expensive manual testing. The industry is searching for better (quicker and less costly) solutions. This research investigates formal verification and automatic test case generation approaches to enhance the quality of avionics software systems, ensure their conformity to the standard, and to provide artifacts that support their certification. The contributions of this thesis are in model-based automatic test case generations approaches that satisfy MC/DC criterion, and bidirectional requirement traceability between low-level requirements (LLRs) and test cases. In the first contribution, we integrate model-based verification of properties and automatic test case generation in a single framework. The system is modeled as an extended finite state machine model (EFSM) that supports both the verification of properties and automatic test case generation. The EFSM models the control and dataflow aspects of the system. For verification, we model the system and some properties and ensure that properties are correctly propagated to the implementation via mandatory testing. For testing, we extended an existing test case generation approach with MC/DC criterion to satisfy RTCA DO-178C requirements. Both local test cases for each component and global test cases for their integration are generated. The second contribution is a model checking-based approach for automatic test case generation. In the third contribution, we developed an EFSM-based approach that uses constraints solving to handle test case feasibility and addresses bidirectional requirements traceability between LLRs and test cases. Traceability elements are determined at a low-level of granularity, and then identified, linked to their source artifact, created, stored, and retrieved for several purposes. Requirements’ traceability has been extensively studied but not at the proposed low-level of granularity

Ethernet - a survey on its fields of application

During the last decades, Ethernet progressively became the most widely used local area networking (LAN) technology. Apart from LAN installations, Ethernet became also attractive for many other fields of application, ranging from industry to avionics, telecommunication, and multimedia. The expanded application of this technology is mainly due to its significant assets like reduced cost, backward-compatibility, flexibility, and expandability. However, this new trend raises some problems concerning the services of the protocol and the requirements for each application. Therefore, specific adaptations prove essential to integrate this communication technology in each field of application. Our primary objective is to show how Ethernet has been enhanced to comply with the specific requirements of several application fields, particularly in transport, embedded and multimedia contexts. The paper first describes the common Ethernet LAN technology and highlights its main features. It reviews the most important specific Ethernet versions with respect to each application field’s requirements. Finally, we compare these different fields of application and we particularly focus on the fundamental concepts and the quality of service capabilities of each proposal

Model based code generation for distributed embedded systems

Embedded systems are becoming increasingly complex and more distributed. Cost and quality requirements necessitate reuse of the functional software components for multiple deployment architectures. An important step is the allocation of software components to hardware. During this process the differences between the hardware and application software architectures must be reconciled. In this paper we discuss an architecture driven approach involving model-based techniques to resolve these differences and integrate hardware and software components. The system architecture serves as the underpinning based on which distributed real-time components can be generated. Generation of various embedded system architectures using the same functional architecture is discussed. The approach leverages the following technologies – IME (Integrated Modeling Environment), the SAE AADL (Architecture Analysis and Design Language), and Ocarina. The approach is illustrated using the electronic throttle control system as a case study

Reusable Agena study. Volume 2: Technical

The application of the existing Agena vehicle as a reusable upper stage for the space shuttle is discussed. The primary objective of the study is to define those changes to the Agena required for it to function in the reusable mode in the 100 percent capture of the NASA-DOD mission model. This 100 percent capture is achieved without use of kick motors or stages by simply increasing the Agena propellant load by using optional strap-on-tanks. The required shuttle support equipment, launch and flight operations techniques, development program, and cost package are also defined

PRISE: An Integrated Platform for Research and Teaching of Critical Embedded Systems

In this paper, we present PRISE, an integrated workbench for Research and Teaching of critical embedded systems at ISAE, the French Institute for Space and Aeronautics Engineering. PRISE is built around state-of-the-art technologies for the engineering of space and avionics systems used in Space and Avionics domain. It aims at demonstrating key aspects of critical, real-time, embedded systems used in the transport industry, but also validating new scientific contributions for the engineering of software functions. PRISE combines embedded and simulation platforms, and modeling tools. This platform is available for both research and teaching. Being built around widely used commercial and open source software; PRISE aims at being a reference platform for our teaching and research activities at ISAE

Centaur operations at the space station

A study was conducted on the feasibility of using a Centaur vehicle as a testbed to demonstrate critical OTV technologies at the Space Station. Two Technology Demonstration Missions (TDMs) were identified: (1) Accommodations, and (2) Operations. The Accommodations TDM contained: (1) berthing, (2) checkout, maintenance and safing, and (3) payload integration missions. The Operations TDM contained: (1) a cryogenic propellant resupply mission, and (2) Centaur deployment activities. A modified Space Station Co-Orbiting Platform (COP) was selected as the optimum refueling and launch node due to safety and operational considerations. After completion of the TDMs, the fueled Centaur would carry out a mission to actually test deployment and help offset TDM costs. From the Station, the Centaur could carry a single payload in excess of 20,000 pounds to geosynchronous orbit or multiple payloads

Reusable Agena study. Volume 1: Executive summary

The shuttle Agena upper stage interim tug concept is based on a building block approach. These building block concepts are extensions of existing ascent Agena configurations. Several current improvements, have been used in developing the shuttle/Agena upper stage concepts. High-density acid is used as the Agena upper stage oxidizer. The baffled injector is used in the main engine. The DF-224 is a fourth generation computer currently in development and will be flight proven in the near future. The Agena upper stage building block concept uses the current Agena as a baseline, adds an 8.5-inch (21.6 cm) extension to the fuel tank for optimum mixture ratio, uses monomethyl hydrazine as fuel, exchanges a 150:1 nozzle extension for the existing 45:1, exchanges an Autonetics DF-224 for the existing Honeywell computer, and adds a star sensor for guidance update. These modifications to the current Agena provide a 5-foot (1.52m) diameter shuttle/Agena upper stage that will fly all Vandenberg Air Force Base missions in the reusable mode without resorting to a kick motor. The delta V velocity of the Agena is increased by use of a strap-on propellant tank option. This option provides a shuttle/Agena upper stage with the capability to place almost 3900 pounds (1769 kg) into geosynchronous orbit (24 hour period) without the aid of kick motors