Professional Documents
Culture Documents
Civil Avionics Systems10 PDF
Civil Avionics Systems10 PDF
Design
assurance level Criteria
• Verification: Evaluate the results of a process for correctness and consistency to ensure that
they are functionally correct and that they properly translate the choices and hypotheses
made. Verification is not simply testing; it is typically a combination of reviews, analyses
and tests.
2.7.5 Languages
Ada has been the preferred language of choice for embedded systems. Ada is a powerful and
versatile language that includes provision for floating point arithmetic. It has been widely
used; its benefits include:
Spark Ada is a subset of Ada with particular properties that make it ideally suited to safety-
critical applications. It is completely unambiguous and free from implementation depen-
dencies. All rule violations are detectable. It was mandated for US Department of Defense
programmes, but is no longer enforced due to lack of qualified programmers.
C++ is the most popular realistic alternative to Ada today. Some C++ features, if not
properly controlled and verified, can lead to software code that is non-deterministic, unused,
48 Civil Avionics Systems
Check Validate
Consistency Specification Specification
Check Tests
Design
Consistency
Check Tests
Coding
Consistency
Check Derive
Code
Consistency Tests
Tests
Conduct Tests
Software Test
System Results
difficult to verify, and whose configuration can change depending on the run-time state of
the system. The Certification Authorities Software Team (CAST) published guidance in 2002
that identified common problems with C++ for DO-178 safety-critical applications. Many
organisations have defined ad hoc C++ subsets to achieve DO-178 compliance. The Motor
Industry Reliability Association (MISRA) specifies a ‘safe’ subset which defines 228 rules.
Programming Research Inc. offer a qualified static code analyser tool (QA C++) which
verifies source code conformance and is able to identify unsafe usage of C++.
Avionics Technology 49
The hitherto ‘classic’ approach to software design gives priority to functions rather than data.
Experience shows that the data handled by the software are more stable than the processes
involved with it. Object-oriented design therefore gives priority to the data. The ‘problem’
to be designed is tackled by modelling a collection of objects, each of which implements a
specific task. The possible states and behaviour of an object are defined by ‘classes’. Each
object constitutes an instance of a class. The ‘solution’ to the problem is provided by the
interaction of the objects.
Object-oriented methods have been used for software as different from each other as mission-
critical systems to commercial data processing systems. There are object-oriented methods
for software requirements analysis, software design and programming. Major milestones in
the development of object-oriented design and analysis techniques have been:
OOA and OOD model a system as a group of interacting objects communicating by messages,
where each object is responsible for the accomplishment of tasks according to its state. Each
object represents an entity of interest, characterised by its class, its state (data elements) and its
behaviour. Models can be created to show the static structure, dynamic behaviour and run-time
deployment of these collaborating objects.
Object modelling technique (OMT) applies to all the software development processes, from
analysis to implementation. It uses three different views to capture important aspects of the
software:
• Object model: Represents the static aspects of the software (classes, relationships, etc.) and
provides a framework into which the dynamic and functional models will be placed.
• Dynamic model: State transition diagrams describe the temporal aspects, the sequences of
operations and events that produce changes in state within a class.
50 Civil Avionics Systems
• Functional model: Data flow diagrams show interdependencies of input and output
processes.
OMT provides a very complete static model. It uses the same graphic notation throughout the
analysis and design phases and provides a powerful description of the internal behaviour of
the objects
Unified Modelling Language (UML) embraces the earlier notations of object-oriented anal-
ysis (OOA) and design (OOD), the Booch method and the object modelling technique (OMT),
and fuses them into a single, common, widely used modelling language. UML offers a standard
way to visualise a system’s architectural blueprints, including elements such as:
• actors;
• processes;
• (logical) components;
• activities;
• programming language statements;
• database schemas;
• reusable software components.
UML aims to be a standard modelling language which can model concurrent and distributed
systems. It is a de facto industry standard, and is evolving under the auspices of the Object
Management Group (OMG).
SCADE
SCADE is a development environment used by system and software engineers to produce
mission- and safety-critical applications. It is based upon the formal, synchronous and data-
flow-oriented Lustre programming language, and generates production-quality C or Ada code.
It is a qualified development tool for DO-178 applications up to level A and has been used in
aerospace and defence applications, for example:
• flight control systems (e.g. A340 and A380);
• power management;
• reconfiguration management;
• autopilots;
• engine control systems (FADEC);
• braking systems;
• cockpit display and alarm management (e.g. NH90);
• fuel management.
SimulinkC
SimulinkC , developed by MathWorks, is a commercial tool for modelling, simulating
and analysing multidomain dynamic systems. Its primary interface is a graphical block
diagramming tool and a customisable set of block libraries. It offers tight integration with the
MATLABC environment and can either drive MATLABC or be scripted from it. SimulinkC
is widely used in control theory and digital signal processing for multidomain simulation
and design.
A number of MathWorks and third-party hardware and software products are available for
use with SimulinkC . Stateflow extends SimulinkC with a design environment for developing
state machines and flow charts. Real-Time Workshop extends SimulinkC to generate C source
code automatically for real-time implementation of systems.
VAPS
VAPS DO-178 qualified code generator from Presagis is applicable to all types of embedded
display graphics ranging from digital and analogue instrumentation to menu-based displays. It
offers control and flexibility in the design of dynamic, interactive, real-time human–machine
interfaces (HMIs). It allows users to define both the visual appearance of a display object and
the logic (state machine) that controls it in one graphical editor. Developers and human factors
experts can define the look and feel of an object or group of objects, assign behaviour, and
subsequently generate executable source code.
The application software is run on the target machine under the control of a real-time operating
system (RTOS) which:
The operating system for integrated modular avionics systems must provide additional
features in order to support the IMA objectives discussed in Chapter 5, and in particular
Section 5.7. ARINC 653 specifies the requirements for an IMA RTOS. The operating system:
• partition management;
• process management;
• time management;
Avionics Technology 53
• inter-partition communication;
• intra-partition communication;
• error handling.
2.8 Microprocessors
A microprocessor is a semiconductor device that incorporates most or all of the features
of a central processing unit (CPU) on a single integrated circuit (also known as a chip).
Microprocessors emerged in the early 1970s and were first used in electronic calculators,
point-of-sale till machines and cash dispensers. Affordable 8-bit microprocessors capable
of performing control-type embedded applications appeared in the mid-1970s and spawned
the personal computer (PC) industry. No longer were computers the sole domain of large
corporations and government organisations. Today 32- and 64-bit multicore machines running
at clock rates exceeding 1 GHz are readily available and affordable for desktop applications
with processing power that far exceeds the imagination of computer systems designers in the
1970s. Then, similar processing power required a large room full of power-hungry computers,
requiring a handful of computer scientists to operate and maintain them.
Transistors
per Chip
Xeon
1 billion
i7
Pentium IV
100 million
Pentium III
Pentium II 10 million
Pentium
‘486 1 million
‘386 Moore’s Law
‘286
100 thousand
8086
8080 10 thousand
8008
4004
1 thousand
1970 1980 1990 2000 2010
Intel 8086
Released in 1978, this was the first 16-bit microprocessor. An earlier 8-bit version, the Intel
8080, was the basis for the first IBM PC. Intel later released a maths co-processor (Intel
8087) which supported floating point arithmetic. A simplified version of the architecture and
instruction set are used in the CPU execution example in Section 2.6. It had the following
features:
The Intel 8086 was probably the first microprocessor to be widely used in avionics appli-
cations by several companies in the mid-1980s for embedded federated architecture avionics
computers in both civil and military applications (e.g. flight management computers, display
symbol generators, mission computers, autopilots, fuel gauging and management comput-
ers, etc.).
Motorola M68020
Released in 1984, the Motorola M68020 was a 32-bit processor first used in the Apple Mac
II personal computer, SUN workstations and many industrial and aerospace applications.
It was selected by the Eurofighter Typhoon project to be the processor of choice for all
the avionics systems computers. It was also used in the French TGV. It had the following
features:
Data Bus
Buffer
4 Bit Internal Bus
Temp
Accumulator Instruction Register
Register
Register Multiplexer
0 1
Stack
Multiplexer 2 3
Flags
Program Counter 4 5
Instruction
Decoder and Level No 1
Execution 6 7
Unit Level No 2
8 9
Stack Pointer
Level No 3
10 11
Index Register Select
Address Stack
12 13
Decimal
Adjust 14 15
Scratch Pad
Most significantly, the M68020 provided extensive memory management functions to protect
and segregate areas of memory to facilitate robust partitioning.
Intel Pentium
Probably the most universally known microprocessor family used in desktop computing, the
Intel Pentium D was released in 2008 as a dual-core, 64-bit, x86 microprocessor on the
multichip module. It has the following features:
PowerPC
Performance Optimization With Enhanced RISC – Performance Computing (PowerPC), is
a reduced instruction set computing (RISC) architecture created by the 1991 Apple–IBM–
Motorola alliance, known as AIM. RISC allows scalable designs for low-end (8-bit) applica-
tions to high-end (64-bit and above) applications. The small size of the CPU core allows a
great deal of room on each die for additional components, such as instruction and data cache
or maths co-processors.
Originally intended for personal computers, PowerPC CPUs have since become popular as
embedded and high-performance processors. PowerPC was the cornerstone of AIM’s Common
Hardware Reference Platform initiatives in the 1990s, and while the POWER1 architecture is
well known for being used by Apple’s Macintosh products from 1994 to 2006 (before Apple’s
transition to Intel), its use in video game consoles and embedded applications provided an
array of uses. Most importantly, the suppliers of PowerPC components are prepared to support
industrial applications by providing industrial and aerospace grade components with specified
performance over a wider operating temperature range and a more severe environment than
the Pentium.
In 2004, Motorola exited the chip manufacturing business by spinning off its semiconductor
business as an independent company called Freescale Semiconductor. IBM exited the 32-bit
embedded processor market by selling its line of PowerPC products to Applied Micro Circuits
Corporation (AMCC) and focused on 64-bit chip designs. The IBM–Freescale alliance was
replaced by an open standards body called Power.org. IBM continues to develop PowerPC
microprocessor cores for use in their server products for large businesses, and continues to
evolve POWER processors which implement the full PowerPC instruction set architecture.
Freescale Semiconductor continues to evolve products for embedded systems.
The evolution and some key examples of the PowerPC range are shown below.