Aerospace
Fig. 1. The Trent 900-powered A380 received its joint European and US Type Certification during a ceremony held at Airbus’ Toulouse, France headquarters on 12th December. Photo courtesy: AIRBUS S.A.S. 2006
4 Embedded systems engineers designing real time aerospace and defence systems must meet stringent safety requirements. Boris Sedacca asks whether using common-off-the- shelf electronic hardware compromises safety.
4 Les ingénieurs spécialisés dans les systèmes intégrés qui conçoivent des systèmes aérospatiaux et des systèmes de défense en temps réel doivent répondre à des exigences de sécurité contraignantes. Boris Sedacca soulève la question si le fait d’utiliser des (COTS) au lieu des circuits intégrés traditionnels compromet la sécurité.
4 Ingenieure für eingebettete Systeme, die Echt- Zeit-Raumfahrt und -Verteidigungssysteme konzipieren, müssen strenge Sicherheitsanforderungen erfüllen. Boris Sedacca fragt, ob der Einsatz (COTS) elektronischer Hardware an Stelle von kundenspezifischen Kreisläufen die Sicherheit gefährdet.
62
www.engineerlive.com
COTS must cut costs safely in aerospace and defence embedded design
T
he cost of software safety assurance compared to the cost of not having a safety assurance regime in place is rather obvious. The requirements of the regulations under safety
legislation apply to a multitude of markets, including DO-178B and C standards in aerospace. Programming languages such as C++ and Ada simplify the coding of real time embedded systems in aircraft and motor vehicles but checking the results is more difficult. The use of formal methods of development for rules and standards in safety- critical software goes some way towards a solution. The DO178B or C requests the applicant to
fulfil objectives, but not the way or processes to achieve it, says Pascal Heude, Senior cost estimator at Airbus Operations SAS in Toulouse. COTS (common-of-the-shelf) can be used in two different ways: ‘tools’ like SCADE, RTRT, or ‘embedded’ like real time OS and compiler libraries. “In the case of embedded COTS, DO178x
objectives apply, which can be difficult if you do not have all the artefacts or evidence like source code,” cautions Huede. “Using qualified tools is the only
way to reduce the cost of development, by partially or fully removing the assessment of some objectives. “There are two kinds of qualified tools, for
DO178B: verification and development. Many tools can automate and/or eliminate some objectives: a requirements management tool can generate the traceability matrix and coding rules checker.” Kevin Kinsella, Architect of Global Hawk
Avionics and Power at Northrop Grumman, argues that verifying safety critical software for a COTS aerospace system is more than just a DO-178 issue and use of formal coding methods.
Control loading system
Kinsella says: “System verification can be successful when the software is executing in the context of a redundancy management system, and the system is then subsequently tested on a Control Loading System (CLS) and six degree of freedom (6DoF). Testing fails each and every signal in the system one at a time, in order to verify the system can detect and isolate it, and continue to function safely. “Hardware redundancy management is
achieved when the system is running duplex, triplex
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68