Transcript Slide 1
A call for action www.open-do.org Cyrille Comar [email protected] Matteo Bordin [email protected] Summary Introduction FLOSS & Open Source Communities Introducing Open-DO Why an Open Initiative for DO-178? Keys to Success Annex: Description of the mentioned projects Introduction Which Arinc 653 OS will be around in 15 years? Commercial Solutions - WRS, Sysgo, LynuxWorks, GHS, DDCI Private Solutions maintained internally by Avionics companies - At least 3 in Europe & 1 in the US Experimental - RTEMS + 653 interface Any lessons from what happened in the Unix world? FLOSS License Free to use… for ever Free to look at sources Free to change Free to redistribute Open Source Communities Significant technologies are successfully managed by such communities: - The Linux Kernel - Eclipse - GCC - RTEMS - Mono - Python … For more than 20 years now Open Source Communities • Contributors: from individuals to corporations • Sharing technology not products The GCC example … and many more Roles in Open Source Communities Active participants Initiators & regulators Short term cost increase - Learning curve - Working in an open environment - Contributing back Long term cost decrease by - Sharing Resources - Solving a common problem - Avoiding solving already solved problems Passive Users • Benefit from the work of others • Can’t customize to their own needs • Help spread the technology • What about the DO-178 community? • Is there a need for openness & cooperation? • Potential for community growth? • AVSI (Aerospace Vehicle Systems Institute) • Certify Together • military • space, automotive, … • This comittee Some Relevant Open Projects & Technologies OSEE Couverture SPARK Some Relevant Open Projects & Technologies OSEE Couverture SPARK Open - DO Concepts The meeting of 3 worlds High Assurance Certification Libre Open Source Agile Lean Open - DO Concepts Qualified tools Life cycle traceability Req based testing Visibility Resiliance Sharing Reuse High Assurance Certification Libre Open Source Iterative requirements Continuous Integration Test Driven Development … Agile Lean Relevant Agile/Lean Concepts Test Driven Development Requirement Based testing Executable Specifications Iterative requirements Continuous Integration IP 217 Open - DO Challenges Opening & sharing more than “source code” - requirements, designs, testcases … Life-Cycle Traceability Agile Workflows for the DO-178 Some DO-178B workflows Top level workflow System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle Process Software Life Cycle - section 3 Transition criteria between activities Software Planning Process – Section 4 Software Development Processes – Section 5 Integral Processes Software Verification - section 3 Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Additional Considerations – Section 12 Workflow support Workflow verification Some DO-178B workflows (2) Component certification workflow System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle Process Software Life Cycle - section 3 Software Planning Process – Section 4 Traceability Requirements Design Coding Software Development Processes – Section 5 Reviews Integral Processes Software Verification - section 3 Testing Completeness Analysis Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Additional Considerations – Section 12 Requirement coverage Code coverage Some DO-178B workflows (3) Qualification of Verification Tools Workflow System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle Process Tool Operational Requirements Software Life Cycle - section 3 Software Planning Process – Section 4 Software Development Processes – Section 5 Reviews Integral Processes Software Verification - section 3 Testing Completeness Analysis Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Requirement Coverage Additional Considerations – Section 12 OSEE Traceability Open DO Components Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials Open DO Components Specialized for given certification standards Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials Open DO Components Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials OSEE Couverture … Gene-auto Topcased Open DO Components Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials Toy certifiable projects Specialized Examples (e.g. for do-178c annexes) Open DO Components Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials OS runtimes IP stack middleware … Open DO Components Document Templates Workflows Open-Do Qualifiable Tools Certifiable Components Education Materials PSAC SDP, SVP, SCMP… Standards SAS … Why an open initiative for the DO-178 world? Why Open-DO? A support to the DO-178C effort Educational materials for clarifying intent Experimental test-bed for annexes Why Open-DO? Avionics industrial community Provides a shared infrastructure - For long term investment - For long term cost reduction Allows some level of cooperation with competitors Lower training costs (especially for subcontractors) Why Open-DO? Certification authorities Lower training costs for DERs Vehicle for clarifying specific issues Help sharing or practices between authorities Why Open-DO? Tool providers Offers an ideal showcase for their open technologies Tool sharing makes it easier to provide a complete supported solution Creates and ecosystem where everyone can meet potential customers and partners Keys to success Balance - Europe vs US - Boeing vs Airbus - Authorities vs Industry Find key participants for critical mass - Certification authorities - Major Aeronautics players - Established tool providers - Academics Attract public funds for bootstrap define « Open Source 2010 » certification workflows Find appropriate governance rules Annex – Information on Mentioned Projects OSEE Couverture SPARK OSEE Focus on system engineering System Engineering Environment Open to external tool integration Open development philosophy Application life cycle management system First-class Eclipse project contributed by - www.eclipse.org/osee - Apache Team (Phoenix, AZ) - 5 years in development, 5 people full-time - Not specific to DO-178 Integrated management environment OSEE Development Artifacts Tracking Requirements Test procedures Models Code Tests Test cases Tests Actual Output Tests Expected Output OSEE Development Artifacts (import artifacts from external tools) Traceability Model OSEE & Traceability End-to-End Traceability Model Requirements Design Code Test Actual Output Test cases Test procedures Tests Test Expected Output Slide: 33 OSEE & Workflow Modeling/Tracking Define Development Teams Workflow Instantiation Analysis Verification (example: verification of a REQ_1_2b) Qualification assign Joe assign Joe John Ryan Don Don Assign Members to Teams Slide: 34 TOPCASED Toolkit in OPen source for Critical Application & SystEm Development www.topcased.org Metamodel Design / Analysis Model (formal) analysis Code Slide: 35 TOPCASED (II) ECore UML SysML AADL Graphical Modeling Model Transformation Framework - An Integrated Eclipse Distribution - The Future Official Eclipse Solution for UML modeling - http://wiki.eclipse.org/MDT-Papyrus-Proposal … GeneAuto Input Model Intermediate representation Qualified Code - A Qualifiable Generic Framework for Code Generation - Dynamic Systems Modeling: Simulink/StateFlow, Scicos - Targeting C (and Ada soon) - Available as a FLOSS - along with qualification material (planned) - Partners: Airbus, Continental, Thales-Alenia, Barco, IAI, … Slide: 37 SPARK SPARK Ada - Annotation of Ada programs for Formal Analysis - Partial correctness - Information/Data Flow - The whole technology is NOW available as a FLOSS - http://www.praxis-his.com/sparkada/ Slide: 38 Couverture - Language-Independent Structural Coverage Framework - Source coverage WITHOUT instrumentation (st, dc, mc/dc) - Object Coverage (instructions, branches) - Instrumented Simulation Framework - The whole technology will be available as a FLOSS… - including the qualification material - https://libre.adacore.com/coverage/ Couverture (II) Instrumented, Virtualized Execution Environment Source Code if Pression (M) >= P_Limit then Alarme (M, « PRE ») elsif Temperature (M) >= T_Limit then Alarme (M, « TEMP ») end if; Cross Compiler Object Coverage Report (instruction, branch) Execution Traces 0x12460 0X12464+ ... Source Coverage Report (statement, DC, MC/DC) Slide: 40 Upcoming Events The Lean, Agile Approach to High-Integrity Software Paris - March 26th, 2009 Jim Sutton, Lockheed Martin Alexandre Boutin, Yahoo Emmanuel Chenu, Thales David Jackson, Praxis High-Integrity Systems Cyrille Comar, AdaCore Open-Do Masterclass @ Avionics EU Amsterdam - March 11th-12th, 2009 Franco Gasperoni, AdaCore Open-Do Masterclass @ Avionics US San Diego – June, 1st – 2nd, 2009 Ryan Brooks, Boeing Robert B.K. Dewar, AdaCore Next Informal Open-DO Meeting @ EclipseCon 2009 Santa Clara, March 21st -25th, 2009 Airbus, Boeing, AdaCore [email protected]