Transcript Document
RECOMP Avionics Communication Modem Peter de Waard and Peter Gillick Thales UK Research and Technology Thales The Thales Corporate presentation can be found at: http://www.thalesgroup.com/Group/Documents/2013_Corporate_presentation/ © Thales UK 2013 Aims for RECOMP Reduced cost Reduced certification costs by employing better tool-chains Reduced re-certification costs: improved methodologies that enable better re-use of certification information Reduced hardware costs: processors can perform more functions, so fewer processors and fewer Line Replaceable Units are required Reduced power, reduced size and reduced weight © Thales UK 2013 Processors can perform more functions so fewer processors and fewer Line Replaceable Units are required reducing power, reducing size and reducing weight Research Aims Identify how to use multicore processors in Avionics safety critical systems Identify how to run applications with different criticalities on a multicore processor that is to be used in Avionics safety critical systems Understand issues related to creating independent processes for safety critical systems Evaluate tools that will be useful to using multicore processors in safety critical Avionics systems © Thales UK 2013 RECOMP work - overview Developed demonstrator: Subset of an Avionics communications modem (Signal generator) Added Monitor, Controller and GUI for RECOMP Demonstrator developed in C++ safe subset Used benefits of object orientation Use of unsafe capabilities of C/C++ are not permitted The demonstrator targeted a multicore Core i7 PC © Thales UK 2013 RECOMP work - overview Investigated the use of the best of the breed COTS tools to support the DO-178B process: AccuRev – for configuration management, issue tracking and process enforcement Reqtify – for traceability analysis Code Collaborator – for code review and document review VectorCAST – for testing and code coverage analysis PR-QA – for static code analysis including language subset enforcement. Assessed RECOMP tools: DO-178B certifiable Real Time Operating System (RTOS) – PikeOS, Aalto University (Helsinki) LIME Concolic Tester (LCT) Investigated safety issues related to multi-core processors and mixed criticality applications © Thales UK 2013 Creating a safe subset of C++ The objective of creating a safe subset of C++ is: To use Object Oriented techniques to make the scope and access to functions and variables smaller and better defined To use the benefits of C++ to enable the valid use of functions and variables to be automatically checked by the compiler More explicit definition, no pointers To remove problems associated with C Private, Protected, Parameter list, Constants … to enable the valid use of functions and variables to check more easily by hand during code reviews Class, Private, Protected, Name spaces, Local scope … No pointers, no globals, Casting, reduced #defines To not bring in any additional problems related to C++ This work was based on: Federal Aviation Administration (FAA) CAST-4 Position Paper: Object Oriented Technology (OOT) In Civil Aviation Projects: Certification Concerns FAA CAST-8 Position Paper: Use of the C++ Programming Language, (FAA, 20 January 2002) Motor Industry Software Reliability Association (MISRA) C++ © Thales UK 2013 Thales UK Research and Technology demonstrator UDP Driver Communications TAC User Command User Command Interpreter TAC Overall Control Control TAC Monitor control Monitor TAC Receive data Transmission control Transmission Generation TAC Driver control Driver data Hardware Driver Communications Qnx TAC A TAC is a Threaded Application Components © Thales UK 2013 User Display Text Thales UK Research and Technology GUI © Thales UK 2013 M & C Console Avionics Communications Modem Monitor MUXA POSIX POSIX System Software Application Software SysGo PikeOS Evaluation Hardware SYSGO PikeOS © Thales UK 2013 Core 0 Core 1 LIME Concolic Tester © Thales UK 2013 Successes/Achievements of RECOMP We have validated a safe subset of C++ for safety critical systems that will make future safety critical software safer, easer to write, easier to review and easier to certify Analysed safety issues related to multicore processors and running independent mixed criticality applications Ran the demonstrator on SysGo PikeOS on a multicore processor with different processes running on different cores D4.2b provides an analysis of the work that needs to be done to solve the temporal issues for certification covering the improvements needed to tools, methodologies and operating systems © Thales UK 2013 The Impact of RECOMP Thales Avionics have already participated with the EASA on the MULCORS program in order to use multicore processors in Avionics RECOMP will feed into a number of Thales programs that are identifying how to use multicore processors in a variety of avionics systems EASA is the European Aviation Safety Agency © Thales UK 2013