1 / 18

Welcome

Welcome. The Federal Government recognizes that the rapidly increasing software and system complexity of aviation systems makes the development of high integrity, high confidence aviation software and systems crucial for the future of civilian and military aviation systems

ursala
Download Presentation

Welcome

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome • The Federal Government recognizes that the rapidly increasing software and system complexity of aviation systems makes the development of high integrity, high confidence aviation software and systems crucial for the future of civilian and military aviation systems • 67 registered participants • 28 from academia • 21 from industry • 18 from government • 30 position papers • Sponsors: • NSF (Helen Gill) • NCO (Frankie King, Sally Howe) • Federal Networking and Information Technology Research and Development (NITRD) Program High Confidence Software and Systems (HCSS) Coordinating Group (CG) • Supporting government agencies: FAA, NASA, AFRL, OSD

  2. The Problem Statement • Software related issues are the “Achilles Heel” of modern aerospace system development • low level programming, ad hoc approaches, stand-alone and static implementations, and little code re-use • prolonged design schedules, excessive cost, dis-innovation, difficulty in maintenance, upgrades, and retrofits • issue is exacerbated for critical systems where high integrity requirements yield certification challenges and barriers • verification and validation is labor intensive and expensive • Exacerbated for critical systems with high integrity requirements • Current processes are inefficient and inadequate for future needs • Increased functionality leads to added complexity • Networked distributed systems • reconfigurable, adaptive, mixed initiative • Academic community generally decoupled from practitioners • New approaches, understanding and breakthroughs required • Success would be a significant economic and opportunity stimulant • Issue recognized by many organizations but real progress has been slow

  3. HCSS-AS Workshop Planning Meeting • November 9-10, 2005 at the University of Washington, Seattle • 35 invited participants from academia, industry, and government • Goals of the Workshop Planning Meeting: • Identify the key issue areas which will form the basis for the workshop • Define the key players who should be included • Define the current state of the art in software for critical aviation systems • Lay out potential research programs • Talks and all other information available at: http://chess.eecs.berkeley.edu/hcssas/

  4. Key Issues Identified • Certification Issues • What should the certification criteria be? • How do you certify non-deterministic or adaptive systems? • Overlap between software and other parts of the system • Security issues • Costs or Barriers to Innovation • Design for certification • Lifecycle issues, costs of upgrades, etc. • Design for reuse • Methods • Automated tools for V&V • Experimental platforms • Metrics • Systems Issues • Human/software integration issues • Hardware/software integration issues • Integration with procedures/environment • Emergent Issues • Adaptive, non-deterministic systems • Education

  5. Application Domains • Air Traffic Management (ATM) • Unmanned Aerial Vehicles (UAVs) • Flight control • Command and Control (C&C) • Communication, Navigation, and Surveillance (CNS) systems • Aircraft and infrastructure integration

  6. HCSS-AS Workshop Overall Goal: Improve the design, certification, and operation of next generation avionics platforms, while maintaining strict levels of safety Workshop goal: • Bring together the practice community with the research community to define the intellectual agenda in software for critical aviation systems • Define current state of the art • Identify key issues and needs • Identify promising research approaches • Define educational needs and approaches

  7. HCSS-AS Workshop: Education Motivation: • “We need to understand a priori how would the costs would get reduced if we invested in a better process for software design and certification.” • “What technologies, what metrics, need to be achieved to instill confidence in an automated function?” Education: • What are the common abstractions that everyone in the domain should understand? (Logic, dynamics, control…) • It is hard to develop real-world scalable solutions without good examples, and it is hard to get good examples: how to recruit exemplars (sanitized) of “close to” real examples from industry? • Need a “science of flight critical systems assurance”

  8. 4 Keynote talks John Hansman Michael Leahy John Rushby Don Winter 5 Invited Talk Sessions Applications Certification and assessment Systems issues Education Methods General discussion time 4 Working Groups Applications Certification and assessment Systems and crosscutting issues Methods 2 Breakout sessions: Thursday afternoon Friday morning and afternoon Working group outbriefs: Friday 2-3pm Overall Program

  9. Questions to Participants • For working group break out sessions, participants are asked to consider each of the following four questions: • What are the top three lessons learned/technology in this area of X? • What are the top three needs that have not been met? • What are the top three research topics/challenges (with timelines) being/should be pursued in your domain of expertise related to X? • What are the top three challenges (with timelines) in the area of X (including outside your domain of expertise)? • There will be a leader and scribe assigned to each working group • Working group deliverables: • By Friday 2pm, the working groups will provide annotated powerpoint of the working group discussion.

  10. Working group outbriefs and written report • Problem statement • Summary of state of the art • R&D challenges • Prioritized list of IT research needs • Roadmap for the next 5 and 10 years

  11. Deliverables of the Workshop • Immediately after the workshop, the HCSS-AS website will have • Copies of the presentation slides • Audio clips of (some of) the talks • First draft of WG summaries: November 2006 • Final draft of WG summaries: January 2007 • First draft executive summary: February 2007 • Final report: April 2007

  12. Today’s schedule • Keynote address: John Hansman • Morning: • Applications session • Discussion • Keynote address: Michael Leahy • Afternoon: • Certification and assessment • Systems issues • Education • Working groups • 6pm: Reception

  13. Backups

  14. System Development and Certification • Model V&V • Control Power V&V • Control Law V&V • Functional V&V • Software V&V • Unit/Component Test • Hardware/Software Integration (HSI) • Hardware V&V • Qualification Test (Safety of Flight) • Aircraft Integration • System V&V • Standalone (Static) • Integrated (Dynamic) • Failure Modes and Effects Test (FMET) Requirements Development Design/Implementation System and Software Testing System Certification [Source: Jim Buffington, LM Aero]

  15. SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICAION DOCUMENT NO. RTCA/DO-178B December 1, 1992 Prepared by: SC-167 RTCA “Requirements and Technical Concepts for Aviation” FAA regulatory standard: RTCA DO-178B FAA standard (1992): RTCA DO-178B (Eurocae standard ED-12B) “Software Considerations in Airborne Systems and Equipment Certification” • “Process-based” certification • Interesting points: • Certification applies to the end product (ie. airframe), incl. all systems • Applies to a given application of a given product (other applications of the same product require further certification) • It requires that all code MUST be there as a direct result of a requirement • It requires full testing of the system and all component parts (including the software) on the target platform and in the target environment • Objectives-Based tables: “What, not how” • Criticality Categories (A,B,C,D) / Objectives Matrix [sources: Jim Krodel, Pratt & Whitney, http://aar400.tc.faa.gov/Programs/FlightSafety/sdss/]

  16. Issues Under Consideration for SC205 Sub-groups • Technology/Domains Under Consideration • Formal Methods • Model Based Design & Verification • Model Verification and Level of Pedigree • Certification of Proof by Models • Software Tools • And our reliance on them from a certification perspective • Object Oriented Technology • Comms-Nav-Sur/Air-Traffic-Management [source: Jim Krodel, Pratt & Whitney]

  17. Simulink SCADE/Lustre TTA Tools for modeling, design, and code generation Designing safety critical control systems requires a seamless cooperation of tools: • Modeling and design at the control level • Development tools at the software level • Implementation tools at the platform level An example (from Paul Caspi’s group, Verimag, Grenoble) is a tool which combines: • Simulink: natural control design tool, yet lacks essential programming language features (typing, modularity, simple and clear semantics) • SCADE/Lustre: SCADE (Safety Critical Application Development Environment) based on the synchronous programming language Lustre • Includes a DO 178B compliant automatic code generator • Used in Airbus A340, A380 • TTA (Time Triggered Architecture): distributed implementations built on a synchronous bus distributing to every computing unit a global fault tolerant clock • Used in Boeing B777 fly-by-wire system

More Related