This page contains a Flash digital edition of a book.
Aerospace


Fig. 3. Now upgraded with a more powerful 1600 Shaft Horsepower Pratt and Whitney PT6A-68D engine, the AT-6 is a structurally strengthened derivative of the proven Beechcraft T-6 trainer.


“For example, a COTS based device I was using was processing radar data, when some months later, intermittent and ominous readings from the device would appear on the display. Fortunately the controller identified the track data as an error. Had the mistake not been identified there was a real risk tracks would be labelled incorrectly. The COTS device was replaced, but this did not fix the fault. “Weeks of fault finding later it was discovered a replacement


cable interfacing the COTS device to the system was replaced at the time the failure occurred. The cable was within electrical specification but for one key difference, its length. The increased length of the cable had meant the software on the COTS device could not handle the increased periods of time it took to retrieve data, process it, and send it to the display. Instead it took its best guess and sent the data anyway.” COTS is an emotive subject for Chris Andrews, product


marketing manager at C-MAC Aerospace, who believes that in some ways, it is the enemy of his business as customers strive to cut costs by using commercial grade parts for harsh environment applications. He says: “It is hugely controversial


in the space market in particular, where the added issue of radiation tolerance hinders the life of electronics. A major producer of small satellites known for using COTS solutions has been highly successful at producing mini-sats using COTS electronics.”


Lot homogeneity


A key requirement for high reliability applications is lot homogeneity, continues Andrews. Even lots of semiconductors having the same date code may use chips from different wafer lots as the date code is sometimes applied after final test. In order to verify a lot of COTS components are fit for purpose, extensive dynamic and climatic testing is often required. This can end up costing more than the cost of high reliability parts thereby defeating the object. General Dynamics UK uses Escher Technologies’ Perfect


Developer (PD) to specify and design a safety-critical airborne stores management system. Guy Mason, senior software engineer at General Dynamics UK says: “Our need is to meet the requirements of defence standard 00-55 to Safety Integrity Level 4. Escher Technologies software met our requirements best. We were especially impressed by the automation of verification proofs, which will substantially reduce our costs, and by the level of support provided by Escher Technologies.” David Crocker, CEO of Escher Technologies, enlarges:


Fig. 4. The Airbus A350 XWB in flight, with RR engines. Thales has chosen the AdaCore GNAT Pro technology, including several safety-qualified tools, to develop critical systems for the new Airbus A350 XWB.


Photo courtesy: AIRBUS S.A.S. 2008 64 www.engineerlive.com


“PD has also been used at General Dynamics UK in conjunction with SPARK Ada, a formally-defined computer programming language based on Ada, and to make this easier we now provide partial generation of SPARK code from PD. “One of the problems with using COTS components for safety-critical software is that COTS software typically uses dynamic memory allocation, which has a number of problems in embedded systems and is usually forbidden in critical software. So the use of COTS at the higher safety integrity levels is typically confined to real-time operating systems and similar components that have been designed with safety in mind and certified.” ●


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68