Processus et outils qualifiables pour le développement de systèmes critiques certifiés en avionique basés sur la génération automatique de code / Processes and qualifiable tools for the development of safety-critical certified systems in avionics based on automated code generation

Bedin França, Ricardo

10 April 2012

Le développement des logiciels avioniques les plus critiques, comme les commandes de vol électriques, présentent plusieurs contraintes qui peuvent être quasiment contradictoires – par exemple, performance et sûreté – et toutes ces contraintes doivent être respectées simultanément. L'objective de cette thèse est d'étudier et de proposer des évolutions dans le cycle de développement des logiciels de commande de vol chez Airbus afin d'améliorer leur performance, tout en respectant les contraintes industrielles existantes et en conservant des processus de vérification au moins aussi sûrs que ceux utilisés actuellement. Le critère principal d'évaluation de performance est le temps d'exécution au pire cas (WCET), vu qu'il est utilisé lors des analyses temporelles des logiciels de vol réels. Dans un premier temps, le DO-178, qui contient des considérations pour l'approbation des logiciels avioniques, est présenté. Le DO-178B et le DO-178C sont étudiés. Le DO-178B est la référence pour plusieurs logiciels de commande de vol développés chez Airbus et le DO-178C est la référence pour le développement des nouveaux logiciels à partir de 2012. Ensuite, l'étude de cas est présentée. Afin d'améliorer sa compréhension, le contexte historique est fourni à travers l'étude des autres logiciels de commande de vol, car plusieurs activités de son cycle de vie réutilisent des techniques qui ont été utilisées avec succès dans des projets précédents. Quelques activités qui présentent des causes potentielles de pertes de performance logicielle sont exposées et l'axe principal d'étude choisi pour le reste de la thèse est la phase de compilation. Ce choix se justifie dans le contexte des logiciels de commande de vol car la compilation est réalisée avec peu ou pas d'optimisations, son impact sur la performance des logiciels est donc important et des travaux de recherche récents permettent d'envisager un changement dans les paradigmes actuels de compilation sûre. / The development of safety-critical avionics software, such as aircraft flight control programs, presents many different constraints that are nearly contradictory, such as performance and safety requirements, and all must be met simultaneously. The objective of this Thesis is to propose modifications in the development cycle of Airbus flight control programs in order to improve their performance without weakening their verification processes or violating other industrial constraints. The main criterion for performance evaluation is the Worst-Case Execution Time (WCET), as it is used in the timing analysis that is performed in actual avionics software verification processes. In a first moment, the DO-178, which contains guidance for avionics software development approval, is presented. Both the DO-178B and the DO-178C are discussed, since the former was the reference for the development of many Airbus flight control programs and the latter shall be the reference for the development of new programs, starting from 2012. Then, the case study is presented. In order to better understand it, some historical context is provided by the study of other flight control programs - many of its life cycle activities reuse techniques that were successful in previous software projects. Each activity is evaluated in order to underline what are the performance bottlenecks in the flight control software development. Some potential underperforming activities are depicted and the main axis of study developed subsequently is the compilation phase: not only it is a well-known unoptimized activity that has important impacts over software performance, but it is also an activity that might undergo a paradigm change due to innovating compilers that are being developed by researchers. The CompCert compiler is presented and its use in the scope of this Thesis is justified - at the time of this Thesis, it was the compiler that was best prepared to perform meaningful experiments, such as compiling a large subset of the chosen case study. Its architecture is studied, together with its semantic preservation theorem, which is the backbone of its formally-verified part. Additional features that were developed in CompCert during this Thesis in order to meet Airbus's requirements - such as its annotation mechanism and its reference interpreter - are discussed in order to underline their usefulness in the development of flight control software. The evaluation of CompCert consists in a performance comparison with the current compilation strategy and an assessment of the impacts that its utilization might have over the verification strategy commonly employed in flight control software. The results of the performance comparison are promising, since CompCert-generated code has a WCET more than 10% lower than if it were compiled with a good quality non-optimizing compiler. As expected, the use of CompCert has impacts over some important verification activities but its formal development and increased verifiability helps in the development of new compiler verification activities that can keep the whole development process at least as safe as the current one. Some development strategy propositions are then presented, according to the certification credit that might be required by using CompCert.

Logiciel de commande de vol

Génération automatique de code

DO-178C

Compilation optimisée

Vérication formelle

Flight control software

Automatic code generation

DO-178C

Compiler optimization

Formal verication

Integrerad modulär avionik med virtualisering / Integrated modular avionics with virtualization

Enkvist, Clas

January 2013

Det finns huvudsakligen tre olika sätt att konstruera ett partitionerat system på: Federerad arkitektur, Integrerad Modulär Avionik (IMA) med ARINC 653 eller IMA med virtualisering. I den här rapporten undersöks de olika arkitekturernas egenskaper och vilka möjligheter som finns för certifiering av dem. Efter den teoretiska undersökningen har Virtualisering, och framförallt Xen, valts ut för en testimplementation och tillförlitlighetstester. Testimplementationen består av fyra partitioner där varje partition har sin specifika uppgift att lösa. Den fjärde partitionen används för att undersöka hur Xen hanterar en partition som aggressivt nyttjar I/O, processor eller arbetsminne. Testerna visar att Xen har en svag punkt: all I/O hanteras via en egen, speciell, partition. Denna partition saknar dessutom möjligheter att prioritera I/O från specifika partitioner. Den slutgiltiga slutsatsen av de tester som genomförts är att ett system byggt på Xen inte kan lämna samma tillförlitlighet som ett system med en federerad arkitektur eller ett system som bygger på ARINC 653. / One can basically take three different approaches when designing a partitioned avionic system: Federated Architecture, Integrated Modular Avionics (IMA) with ARINC 653 or IMA with Virtualization. This report examines the different architectural characteristics and the possibilities for certifying them. After the theoretical investigation, Virtualization and, in particular, Xen has been selected for a trial implementation and reliability tests. The implementation consists of four partitions where each partition has its own specific task to solve. The fourth partition is used to examine how Xen handles a partition that aggressively utilizes I/O, processor or memory resources. Tests show that Xen has a weak point: all I/O is handled through a separate and unique partition. This partition also lacks the ability of prioritizing I/O from specific partitions. The final conclusion of the tests carried out in this thesis is that a system built on Xen cannot provide the same reliability as a system with a federated architecture or a system based on ARINC 653.

Partitionerat system

Virtualisering

Xen

ARINC 653

DO-178C

Computer Sciences

Datavetenskap (datalogi)

Developing Safety Critical Embedded Software under DO-178C

Wang, Yanyun

20 October 2016

No description available.

Computer Engineering

safety critical

embedded software

DO-178C

open source tool chain

software certification

tool qualification

Enhancing Usability in Aerospace Software Development Processes Through Gamification / Förbättrad användbarhet i mjukvaruutvecklingsprocesser inom flygindustrin genom spelifiering

Alexandersson, Joel, Choura, Lucia

January 2024

This thesis explores the integration of gamification into the Software Development Process (SDP) at Saab, a defense and aerospace company. The thesis aims to address some of the complexities of the SDP standard used in the industry, DO-178C. The research primarily focuses on how gamification principles can enhance the usability of software development processes in aerospace. The method includes a pre-study, an inception phase, and two sprints, where a gamified tool is designed, implemented, and revised based on feedback from developers at Saab. The results of interviews after these sprints, along with insights from the inception phase, are discussed to evaluate the effectiveness and impact of the gamified tool.  The findings indicate that gamification can make the SDP more approachable and engaging for developers, with elements like real-time progress tracking, quizzes, and certificates being well-received. However, the effectiveness of these gamification elements varies among individuals, underscoring the importance of tailoring these elements to user preferences and the specific context of aerospace software development. This research contributes to the understanding of gamification's role in improving SDP usability in the aerospace industry, highlighting the need for careful customization of gamification to individuals and the context. Although the study provides valuable insights, it also acknowledges limitations, including the hypothetical nature of the gamified tool used and the reliance on user feedback, suggesting future research should involve more practical implementations and a focus on long-term impacts on productivity and user satisfaction.

gamification

Software Development Process

SDP

Saab

aerospace

DO-178C

software development

usability

gamified tool

interviews

aerospace software development

usability improvement

user satisfaction

Human Computer Interaction