Avionics & Simulation products
February 2011
Prsent par
Laurent POUCHAN / Pierre MORRE
ACG Software leader / A350 ASFC Architecture, Integration & Certification Manager
OCL capabilities for a DO-178B qualifiable toolchain
Topcased days 2011
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�EYY : Avionics & Simulation product
AIRBUS Centre of Competences for
Electronics
and embedded real time applications software Avionics and Simulation Products (development, production, sales and customer support)
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�Code generator DO178B tool qualification
The tools are DO178B qualified : Airbus innovation introduced on A340 fly-by-wire computers Airbus specific expertise domain Contribution to a lean software production process : Delivery of a new embedded software standard in 48 hours Generated code customized for specific hardware target
SCADE models
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
reports source code
ICD DataBase models configuration data Misc. models Code Review Unit Tests
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
binary
�Configurable Platforms
EYY develops Segregated Configurable Platforms
IMA
(Integrated Modular Avionics) platform on A380, A400M for different certification level applications FSA-NG platform on A350 for DAL C to DAL E functions
Main actors
Platform
Module
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
supplier
Defines Usage Domain for taking advantage of segregation
Integrator
Provides the Load which configures the resource allocation (CPU, RAM, I/O, Non Volatil Memory) for Functions Ensures activities on integrated platform
Functions
Suppliers
Performs the standalone verification of the application
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�WHAT : RAM configuration problem
Platform provides a CPU with 4 Gbytes of RAM
Share
RAM between code and data Code includes OS and application code
Evaluation of the OS size Evaluation of number of applications and executable size Definition spare for evolution (new functions)
Minimum
size for Code and Data Page size for Code an Data
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Required checks
Range
(MinSize .. MaxSize) PageSize Sum of the application RAM size < 4 GBytes
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�WHERE : Verification of the RAM configuration
Verification at code generator level
-Costly -Burden of development tool qualification process -Time to delivery -Costly -Execution time
Verification at embedded level
-Late problem detection
ICD
RAM
models
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Verification tool -Early problem detection -Shorten time to delivery -Lighten process and costs
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�HOW : Previous solution
Rules definition in an Airbus proprietary mathematical language Rules development in Java (External) Additional implementation rules verification (Airbus)
RAM_allocation_compliance_with_memory_mapping Informal statement The configuration of the memory area allocated to the operating system shall comply with the module memory mapping. Formal statement data_m = GLOBAL_DATA ( IM_ICD_M )
(
[ RAM_BEGIN (data_m ), RAM_BEGIN (data_m ) + RAM_SIZE (data_m ) - 1 ] [ ADDR_RAM_MIN, ADDR_RAM_MAX ] and RAM_BEGIN ( data_m ), = (ADDR_RAM_MIN + (n x ADDR_GRANULARITY ))
(PO1)
ADDR_RAM_MIN = 0x00F0 0000 ADDR_RAM_MAX = 0x024F FFFF ADDR_GRANULARITY = 0x1000
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
- Generation and verification tool not based on the same technology
-De-synchronized life cycle between generation and verification tool
- Development process implies numerous iterations
- Maturation of formal language semantic - Potential errors in the rules specification and development
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�HOW : Improvement of the previous solution (1/2)
Model centric approach: synchronize generation and verification
ICD
DataBase models
Entry
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Data transformation
Target data
Misc. models
data
Configuration data
xmi serialization
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�HOW : Improvement of the previous solution (2/2)
Executable rules Built-in logs support for certification Data supplier export for early checking OMG standardization
Entry and target data checking
OCL
Topcased user friendly GUI
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�OCL tooling qualification strategy
Limitation of the OCL language usage Verification on a representative Limit usage to approved set of data
OCL patterns (unicity, sum,
subset inclusion )
Assess the accuracy
Coding rules of each rule
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Qualification kit (DO-178B verification tool)
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
�Conclusion
Current achievements
Cut-off
rules development by 40% Cut-off verification tool development by 50%
Target achievements
Cut-off
rule development by 75%
Request for enhanced debug capabilities (any proposal ?) Coding rules automatic checker (any proposal ?)
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Cut-off
rules validation by 50%
Model 2 ICD tools (Shall be shortly developed internally) Rules coverage analysis tools (long term )
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
� AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
Q&A
? ?
� AIRBUS Operations S.A.S. Tous droits rservs. Document confidentiel. Ce document et son contenu sont la proprit dAIRBUS Operations S.A.S. Aucun droit de proprit intellectuelle nest accord par la communication du prsent document ou son contenu. Ce document ne doit pas tre reproduit ou communiqu un tiers sans lautorisation expresse et crite dAIRBUS Operations S.A.S. Ce document et son contenu ne doivent pas tre utiliss dautres fins que celles qui sont autorises. Les dclarations faites dans ce document ne constituent pas une offre commerciale. Elles sont bases sur les postulats indiqus et sont exprimes de bonne foi. Si les motifs de ces dclarations ntaient pas dmontrs, AIRBUS Operations S.A.S serait prt en expliquer les fondements. AIRBUS, son logo, A300, A310, A318, A319, A320, A321, A330, A340, A350, A380 et A400M sont des marques dposes.
AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
OCL capabilities for a DO-178B qualifiable toolchain - Topcased days
