Transcript Document
RECOMP
Avionics Communication Modem
Peter de Waard and Peter Gillick Thales UK Research and Technology
Thales
The Thales Corporate presentation can be found at:
http://www.thalesgroup.com/Group/Documents/2013_Corporate_presentation/
© Thales UK 2013
Aims for RECOMP
Reduced cost
Reduced certification costs by employing better tool-chains
Reduced re-certification costs: improved methodologies that enable better
re-use of certification information
Reduced hardware costs: processors can perform more functions, so fewer
processors and fewer Line Replaceable Units are required
Reduced power, reduced size and reduced weight
© Thales UK 2013
Processors can perform more functions so fewer processors and fewer Line
Replaceable Units are required reducing power, reducing size and reducing
weight
Research Aims
Identify how to use multicore processors in Avionics
safety critical systems
Identify how to run applications with different criticalities
on a multicore processor that is to be used in Avionics
safety critical systems
Understand issues related to creating independent
processes for safety critical systems
Evaluate tools that will be useful to using multicore
processors in safety critical Avionics systems
© Thales UK 2013
RECOMP work - overview
Developed demonstrator:
Subset of an Avionics communications modem (Signal generator)
Added Monitor, Controller and GUI for RECOMP
Demonstrator developed in C++ safe subset
Used benefits of object orientation
Use of unsafe capabilities of C/C++ are not permitted
The demonstrator targeted a multicore Core i7 PC
© Thales UK 2013
RECOMP work - overview
Investigated the use of the best of the breed COTS tools
to support the DO-178B process:
AccuRev – for configuration management, issue tracking and process
enforcement
Reqtify – for traceability analysis
Code Collaborator – for code review and document review
VectorCAST – for testing and code coverage analysis
PR-QA – for static code analysis including language subset enforcement.
Assessed RECOMP tools:
DO-178B certifiable Real Time Operating System (RTOS) – PikeOS,
Aalto University (Helsinki) LIME Concolic Tester (LCT)
Investigated safety issues related to multi-core
processors and mixed criticality applications
© Thales UK 2013
Creating a safe subset of C++
The objective of creating a safe subset of C++ is:
To use Object Oriented techniques to make the scope and access to
functions and variables smaller and better defined
To use the benefits of C++ to enable the valid use of functions and variables
to be automatically checked by the compiler
More explicit definition, no pointers
To remove problems associated with C
Private, Protected, Parameter list, Constants …
to enable the valid use of functions and variables to check more easily by
hand during code reviews
Class, Private, Protected, Name spaces, Local scope …
No pointers, no globals, Casting, reduced #defines
To not bring in any additional problems related to C++
This work was based on:
Federal Aviation Administration (FAA) CAST-4 Position Paper: Object
Oriented Technology (OOT) In Civil Aviation Projects: Certification Concerns
FAA CAST-8 Position Paper: Use of the C++ Programming Language, (FAA,
20 January 2002)
Motor Industry Software Reliability Association (MISRA) C++
© Thales UK 2013
Thales UK Research and Technology demonstrator
UDP Driver Communications TAC
User Command
User Command Interpreter TAC
Overall Control
Control TAC
Monitor control
Monitor TAC
Receive data
Transmission control
Transmission Generation TAC
Driver control
Driver data
Hardware Driver Communications Qnx TAC
A TAC is a Threaded Application Components
© Thales UK 2013
User Display Text
Thales UK Research and Technology GUI
© Thales UK 2013
M & C Console
Avionics Communications
Modem
Monitor
MUXA
POSIX
POSIX
System Software
Application
Software
SysGo PikeOS Evaluation
Hardware
SYSGO PikeOS
© Thales UK 2013
Core 0
Core 1
LIME Concolic Tester
© Thales UK 2013
Successes/Achievements of RECOMP
We have validated a safe subset of C++ for safety critical
systems that will make future safety critical software
safer, easer to write, easier to review and easier to certify
Analysed safety issues related to multicore processors
and running independent mixed criticality applications
Ran the demonstrator on SysGo PikeOS on a multicore
processor with different processes running on different
cores
D4.2b provides an analysis of the work that needs to be
done to solve the temporal issues for certification
covering the improvements needed to tools,
methodologies and operating systems
© Thales UK 2013
The Impact of RECOMP
Thales Avionics have already participated with the EASA
on the MULCORS program in order to use multicore
processors in Avionics
RECOMP will feed into a number of Thales programs that
are identifying how to use multicore processors in a
variety of avionics systems
EASA is the European Aviation Safety Agency
© Thales UK 2013