320 likes | 659 Views
Safety Critical Solutions DO-178B. Joe Colloca Aonix. We’ll Cover …. Review: Ada’s role in Safety Critical Systems Aonix Raven Solution Architecture Safety-Critical Systems Aonix / Ada Safety Critical Projects. Ada in Safety Critical Systems. Ada is preferred, but not required
E N D
Safety Critical Solutions DO-178B Joe Colloca Aonix
We’ll Cover … • Review: Ada’s role in Safety Critical Systems • Aonix Raven Solution Architecture • Safety-Critical Systems • Aonix / Ada Safety Critical Projects
Ada in Safety Critical Systems • Ada is preferred, but not required • Global use • Aviation • Rail • Energy • Existing standards support with Certifiable RTs • DoD 178B • SIL 4 • RIA 23
ObjectAda Raven Safety Critical Software Development Environment
Product Structure / Approach / Benefits • Evolvable, “Base +” packaging • Supports gradual buy-in • Doesn’t require “all-at-once” commitment • Platforms, Environments, Communications for embedded development & testing • Cover the breadth of lifecycle/process • Value / price competitive • Familiar Environments; Ease-of-use; Standards
Windows XP / 2003 / NT UNIX / Linux / CDE Eclipse Core Solution Package Enterprise Scalability Out of Box Certification Product Line Organization Native x Intel x PPC x ERC 32 x 68K
SCCI Support List Files Keep Checked Out Comment Select / UnSelect All Get Latest Check Out Check In Undo Check Out Add to CM Remove from CM Show History Show Differences CM Properties Invoke External CM
ObjectAda Raven Certified / Certifiable Compiler & RTS
Case Law Precedence Interpretations Standards Guidelines Laws Regulations Standards Guidelines PROCESS Visibility Traceability EVIDENCE / RECORD Confidence / Safety Safety Systems - Legal
Runtime Certifiability DoD-178B Level A • Full Requirements through Test Results Mapping • 100% Source Level Coverage • 100% Machine Level Coverage • Full MCDC Coverage • Runtimes can be certified but, • Termed “Certifiable” • System as a whole is certified • Must deliver certification evidence record
Hercules - C130J and C27 Flight Management Unit Ground Collision Avoidance System Back-up FMU
Over 3000 signatures required on certification material for one RTS Certification system RTS ~ 6000 Lines of Code Certification Experience – C-130J Avionics • Reviews • Requirements • Design • Code • Functional Testing • Coverage testing • Large amount of test data to be analyzed
Ravenscar Profile • Industry Wide Safety Critical Standard • Ada95 Subset • Deterministic • Certifiable • Tasking Allowed • Rendezvous Disallowed • Use Protected Objects for Communication • No Dynamic Memory Allocation
Ravenscar Profile Support New support: Bounded tasking model Flags Ravenscar Profile violations at compile time New support: Segregated loads PowerPC 32 bit Intel ERC32 68K
Ravenscar Profile Support • VectorCast • Source Level Coverage & Test Harness • Integrated Code Coverage • Repeatable Testing • Compiler integration • Embedded target based testing • AdaCover • Full target-based machine level coverage testing • Out-of-Box Level A Certification Packages
Raven Example Packaging • Core Pack • Basic Development Environment • Project Pack • Advanced Language Sensitive tools for larger group source consistency / style guideline conformance • Test Pack • Provides coverage for higher levels of quality verification in mission- and safety-critical development • Safety Critical Pack • Comprehensive standards-based testing & documentation through Level A • Design Pack • Implements best practices for designing and producing safer & more reliable software applications & reusable components
Where is Ada in Safety Critical? • Lockheed Martin - C130J and C27 • Boeing 777 • Boeing 737 • Westinghouse Electric - Nuclear Shutdown • Westinghouse Brake and Signals • London Underground - Jubilee Line extension • Automatic Brakes and Signaling
Power Management Sundstrand GPS CMC Brakes Crane/Hydro-Air Axle Steering Parker/Abex-NWL Boeing 777
London Underground – Jubilee Line • Software role • Manage train separation – faster & closer together • Inter-train communication • Central control center • Architecture & Safety Standard • M68030 controllers • Software Integrity Level 4 (SIL) • RIA 23 required • Mapping document produced between RIA 23 and Aonix (DO-178B) Certification materials
ITT Avionics: Integrated RF Countermeasures Honeywell: H-764G Embedded GPS Thales Avionics: Global Positioning System Lockheed Martin: Missile and Guidance System Upgrades Thales Avionics: Flight control data concentrator AIRBUS A330-A340 Thomson CSF: Braking and steering control AIRBUS A330-A340 Navia: Air Traffic Control (ATC) ground-based instrument landing system Eurocontrol: ATC Germany, England, France, Belgium Eurocontro: Flight Management System Thales Air Defence: ATC Wilcox Electric: Avionics radar system Chandler Evans: Engine control system Lockheed Martin: Flight Management: Lockheed C130J Aerosystems International: Ground Collision Avoidance System Lockheed Sanders: Avionics Displays Lockheed C130J Canadian Marconi: GPS Boeing 777 Parker/Abex-NWL: Axle Steering System Boeing 777 Sundstrand: Power Management System Boeing 777 Crane/Hydro-Air: Braking System Boeing 777 Aonix Program Success
Astrium: Automated Transfer Vehicle Alcatel SEL: Satellite positioning system Aerospatiale: Ariane V launcher Matra Marconi Space: Ariane V launcher CNES: Galileo Mars probe - switching and telemeasuring systems CNES: Satellite imaging system Astrium Gmbh: International Space Station - Columbus project NASA / Boeing: International Space Station - Flight Control Systems Matra Marconi Space: Atmospheric Pressure Module - Data / Network management Alstom Transport: Radio Bloc Center system Rail Traffic Management GEC Alsthom: Subway network control systems Paris, Calcutta, and Cairo GEC Alsthom: Signal control system: TGV North Lines / Channel Tunnel CSEE Transports: TGV Brake system / TVM 430 project Westinghouse: Brake and Signals system London Underground Jubilee Line Swisslog Software: Supply Chain Management System XATA: Telematics application framework Kordoba: Enterprise Data Model NORTEL Networks: Optical Switch Platform Siemens: Network Management System Aonix Program Success
Coming Soon Multi-language Time & Memory partitioned kernel
Summary • Ada is a good technical choice for high-integrity systems • Aonix solution architecture delivers business value throughout the development cycle • Certification out-of-box • Evolving Aonix solutions are a good technical – and business - choice