Safety Critical Solutions DO178 B Joe Colloca Aonix
Safety Critical Solutions DO-178 B Joe Colloca Aonix
We’ll Cover … • Review: Ada’s role in Safety Critical Systems • Aonix Raven Solution Architecture • Safety-Critical Systems • Aonix / Ada Safety Critical Projects 2
Ada in Safety Critical Systems • Ada is preferred, but not required • Global use – Aviation – Rail – Energy • Existing standards support with Certifiable RTs – Do. D 178 B – SIL 4 – RIA 23 3
Object. Ada Raven Safety Critical Software Development Environment
Product Structure / Approach / Benefits • Evolvable, “Base +” packaging – Supports gradual buy-in – Doesn’t require “all-at-once” commitment • Platforms, Environments, Communications for embedded development & testing • Cover the breadth of lifecycle/process • Value / price competitive • Familiar Environments; Ease-of-use; Standards 5
Product Line Organization Native Core Solution Package Windows XP / 2003 / NT UNIX / Linux / CDE Eclipse x Intel x PPC Enterprise Scalability Out of Box Certification x ERC 32 x 68 K 6
Object. Ada IDE 7
8
SCCI Support List Files Keep Checked Out Comment Select / Un. Select All Get Latest Check Out Check In Undo Check Out Add to CM Remove from CM Show History Show Differences CM Properties Invoke External CM 9
Object. Ada Raven Certified / Certifiable Compiler & RTS
Safety Systems - Legal Laws Regulations Standards Guidelines PROCESS Case Law Precedence Interpretations Standards Guidelines Visibility Traceability EVIDENCE / RECORD Confidence / Safety 11
Runtime Certifiability Do. D 178 B Level A • Full Requirements through Test Results Mapping • 100% Source Level Coverage • 100% Machine Level Coverage • Full MCDC Coverage • Runtimes can be certified but, – Termed “Certifiable” – System as a whole is certified – Must deliver certification evidence record 12
170 Pounds of Certification Evidence … 13
Hercules - C 130 J and C 27 Flight Management Unit Ground Collision Avoidance System Back-up FMU 14
Certification Experience – C -130 J Avionics Over 3000 signatures required on certification material for one RTS Certification system RTS ~ 6000 Lines of Code • Reviews – Requirements – Design – Code • Functional Testing • Coverage testing • Large amount of test data to be analyzed 15
HELP!
Ravenscar Profile • Industry Wide Safety Critical Standard • Ada 95 Subset – Deterministic – Certifiable • Tasking Allowed – Rendezvous Disallowed – Use Protected Objects for Communication • No Dynamic Memory Allocation 17
Ravenscar Profile Support Flags Ravenscar Profile violations at compile time Power. PC New support: Bounded tasking model 32 bit Intel New support: Segregated loads ERC 32 68 K 18
Ravenscar Profile Support • Vector. Cast – – – Source Level Coverage & Test Harness Integrated Code Coverage Repeatable Testing Compiler integration Embedded target based testing • Ada. Cover – Full target-based machine level coverage testing • Out-of-Box Level A Certification Packages 19
Certification Record on Digital Media 20
Raven Example Packaging • Core Pack – Basic Development Environment • Project Pack – Advanced Language Sensitive tools for larger group source consistency / style guideline conformance • Test Pack – Provides coverage for higher levels of quality verification in mission- and safety-critical development • Safety Critical Pack – Comprehensive standards-based testing & documentation through Level A • Design Pack – Implements best practices for designing and producing safer & more reliable software applications & reusable components 21
Where is Ada in Safety Critical? • Lockheed Martin - C 130 J and C 27 • Boeing 777 • Boeing 737 • Westinghouse Electric - Nuclear Shutdown • Westinghouse Brake and Signals – London Underground - Jubilee Line extension – Automatic Brakes and Signaling 22
Boeing 777 GPS CMC Axle Steering Parker/Abex-NWL Power Management Sundstrand Brakes Crane/Hydro-Air 23
London Underground – Jubilee Line • Software role – Manage train separation – faster & closer together – Inter-train communication – Central control center • Architecture & Safety Standard – M 68030 controllers – Software Integrity Level 4 (SIL) – RIA 23 required • Mapping document produced between RIA 23 and Aonix (DO-178 B) Certification materials 24
Aonix Program Success • ITT Avionics: Integrated RF Countermeasures • Honeywell: H-764 G Embedded GPS • Thales Avionics: Global Positioning System • Lockheed Martin: Missile and Guidance System Upgrades • Thales Avionics: Flight control data concentrator AIRBUS A 330 -A 340 • Thomson CSF: Braking and steering control AIRBUS A 330 -A 340 • Navia: Air Traffic Control (ATC) ground-based instrument landing system • Eurocontrol: ATC Germany, England, France, Belgium • Eurocontro: Flight Management System • Thales Air Defence: ATC • Wilcox Electric: Avionics radar system • Chandler Evans: Engine control system • Lockheed Martin: Flight Management: Lockheed C 130 J • Aerosystems International: Ground Collision Avoidance System • Lockheed Sanders: Avionics Displays Lockheed C 130 J • Canadian Marconi: GPS Boeing 777 • Parker/Abex-NWL: Axle Steering System Boeing 777 • Sundstrand: Power Management System Boeing 777 • Crane/Hydro-Air: Braking System Boeing 777 25
Aonix Program Success • Alstom Transport: Radio Bloc Center system Rail Traffic Management • GEC Alsthom: Subway network control systems Paris, Calcutta, and Cairo • GEC Alsthom: Signal control system: TGV North Lines / Channel Tunnel • CSEE Transports: TGV Brake system / TVM 430 project • Westinghouse: Brake and Signals system London Underground Jubilee Line • Swisslog Software: Supply Chain Management System • XATA: Telematics application framework • Kordoba: Enterprise Data Model • NORTEL Networks: Optical Switch Platform • Siemens: Network Management System • Astrium: Automated Transfer Vehicle • Alcatel SEL: Satellite positioning system • Aerospatiale: Ariane V launcher • Matra Marconi Space: Ariane V launcher CNES: Galileo Mars probe - switching and telemeasuring systems • CNES: Satellite imaging system • Astrium Gmbh: International Space Station - Columbus project • NASA / Boeing: International Space Station - Flight Control Systems • Matra Marconi Space: Atmospheric Pressure Module - Data / Network management 26
Coming Soon Multi-language Time & Memory partitioned kernel 27
Summary • Ada is a good technical choice for high-integrity systems • Aonix solution architecture delivers business value throughout the development cycle • Certification out-of-box • Evolving Aonix solutions are a good technical – and business - choice 28
www. aoni x. com
- Slides: 29
