This page contains a Flash digital edition of a book.
ELECTRONICS I EMBEDDED SOFTWARE DEVELOPMENT
verification. Its principle is to represent
the requirements in the form of a
model, which is a readable, structured
description of the software functions
and/or architecture. Models are often
edited in a graphical form, making them
easy to understand by a large number of
people.
As an example, Esterel Technologies
offers SCADE, an integrated
workbench based on a formal graphical
language, featuring automated design
documentation generation, automated
formal verification and simulation.
The SCADE product family addresses
critical embedded control applications
and critical embedded graphics
display applications in SCADE Suite
and SCADE Display respectively. A
Figure 2: DO-178B life cycle processes structure
key differentiator of SCADE versus
other informal and semi-formal the total software development and rule for such methods
modelling tools is its automated code verification cost can be divided by a ● The Formal Methods supplement
generator, which is qualified as a level A factor of two, compared to traditional which defines guidelines for the use of
development tool. approaches. Additionally, formal model- model-based development approaches.
Qualification of a tool can leverage based development with qualified code Whilst DO-178B did not prohibit such
the benefits of FMBD. Primarily, this generation dramatically decreases the approaches, it granted no certification
saves verification of its output. When time and effort needed to take into credit and did not provide an explicit rule
a failure in this type of tool cannot account requirement changes, which are ● Object Oriented Development.
introduce an error in the final software frequent for complex systems. Whilst DO-178B did not prohibit such
(for instance a checker), but just misses approaches, it did not provide an explicit
an error, then it is categorised as a The trends of DO-178C rule for such methods
‘verification tool’. Accordingly, when a DO-178C is being defined by a group of ● Air Traffic Management
failure in the tool can introduce an error experts from certification authorities, In summary, DO-178C now
in the final software (for instance a code aircraft and equipment manufacturers, acknowledges rigorous and efficient
generator) then it is categorised as a tool providers, consulting companies, and techniques (tool qualification, FMBD,
‘development tool’. academics. It is planned to be released by formal methods and object orientation)
Qualification of a code generator that the end of 2010 and will be composed of as first class methods, allowing applicants
has appropriate requirements (such as the following documents: to take full benefit of the power of these
traceability, coding standards, etc) not ● The core document, which is near methods and their related techniques,
only saves review of the generated code; to DO-178B and applies to traditional such as automated code generation from
it allows saving of most of the low level development formal models.
testing and structural code coverage ● The Tool Qualification supplement, This article has summarised the
effort. which defines guidelines for the challenges that a company faces when
Formal model-based development qualification of tools that are much developing DO-178B software in
with a qualified code generator has more complete and accurate than those today’s economic context and shows
been used effectively for 20 years for provided by DO-178B how a first level of improvement can
a number of complex safety critical ● The Model-Based Development be achieved with formal model-based
software applications. These include and Verification supplement which development. Above all, it demonstrates
the Flight Control System of the Airbus defines guidelines for the use of model- how a significant additional competitive
A380, most Eurocopter autopilots and based development and verification. advantage can be gained from the use of
the FADEC of many Pratt & Whitney Whilst DO-178B did not prohibit such qualified tools. ❙
engines. Experience has shown that approaches, it did not provide an explicit www.esterel-technologies.com
AEROSPACEMANUFACTURING | MARCH 2010 39
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48
Produced with Yudu - www.yudu.com