ObjectAda Raven Safety Critical Software Development Environment.
-
Upload
khalil-baskerville -
Category
Documents
-
view
223 -
download
0
Transcript of ObjectAda Raven Safety Critical Software Development Environment.
ObjectAda RavenObjectAda Raven
Safety CriticalSafety CriticalSoftware Software
DevelopmentDevelopmentEnvironmentEnvironment
ObjectAda RavenObjectAda Raven
Safety CriticalSafety CriticalSoftware Software
DevelopmentDevelopmentEnvironmentEnvironment
04/18/23 3
ObjectiveObjective Acquaint you with our Ada95 products Acquaint you with our Ada95 products
and servicesand servicesDevelopment SystemsDevelopment Systems
Product Goals & PhilosophyProduct Goals & PhilosophyProduct Line Organization & AvailabilityProduct Line Organization & AvailabilityTechnical CharacteristicsTechnical Characteristics
Support For Safety Critical CertificationSupport For Safety Critical Certification– DO-178B Level ADO-178B Level A
Aonix Is …..Aonix Is …..Leading Supplier for Ada83Leading Supplier for Ada83Only Supplier for Ada95Only Supplier for Ada95
04/18/23 4
Product PhilosophyProduct Philosophy Stratified, evolvable product lineStratified, evolvable product line
Value & price competitiveValue & price competitiveSupport different needs at appropriate Support different needs at appropriate
pricespricesSupport activities in multiple areas of Support activities in multiple areas of
lifecycle/processlifecycle/processSupport gradual buy-in for customersSupport gradual buy-in for customers
NativeNativeHard Real-TimeHard Real-TimeCertifiable Safety Critical SystemsCertifiable Safety Critical Systems
04/18/23 5
Product Line Product Line OrganizationOrganization
UNIX / Motif / CDE
Windows 98 / NT Native
x Intel
x PowerPCCO
R
E
P
R
O
EN
TER
P
CER
T
IF
RISE
I
E
x 68K
D
04/18/23 6
Main ComponentsMain Components
Graphical IDE in platform styleGraphical IDE in platform style Compiler, prelinker, builder, cross-Compiler, prelinker, builder, cross-
referencerreferencer Lightweight library mechanismLightweight library mechanism Integrated editor, browser and Integrated editor, browser and
debugger, cross tools debugger, cross tools Variable or optional components: Variable or optional components:
bindings, GUI builder, analysis toolsbindings, GUI builder, analysis tools
04/18/23 7
ObjectAda CompilersObjectAda Compilers
Very fastVery fastEssentially one passEssentially one pass70K lpm on SPARC 1070K lpm on SPARC 10Multiple units/files in compilation Multiple units/files in compilation
faster due to caching of specsfaster due to caching of specs
04/18/23 8
ObjectAda LibraryObjectAda Library
Source-basedSource-basedNo compilation order requirementsNo compilation order requirementsCan use multiple source and object Can use multiple source and object
pathspathsPersistent info is ASCII and editablePersistent info is ASCII and editable
04/18/23 9
GeneralGeneralReal-Time ApproachReal-Time Approach
Integrative approach:Integrative approach:PharLap ETS & Raven for 32 bit IntelPharLap ETS & Raven for 32 bit IntelTornado, LynxOS & Raven for PowerPCTornado, LynxOS & Raven for PowerPC(Tornado) & Raven for 68K(Tornado) & Raven for 68KHost-based tools integration as well as Host-based tools integration as well as
target executivetarget executiveReal-time extensionsReal-time extensionsReal-time analysis tools - PerfoRMAxReal-time analysis tools - PerfoRMAx AdaCastAdaCast
Test ; Harness, Case, Coverage, Complexity…Test ; Harness, Case, Coverage, Complexity…
ObjectAda RavenObjectAda Raven
Certified/CertifiableCertified/CertifiableCompiler/RTSCompiler/RTS
ObjectAda RavenObjectAda Raven
Certified/CertifiableCertified/CertifiableCompiler/RTSCompiler/RTS
11
( Legal )( Legal )Safety SystemsSafety Systems
LawsRegulationsStandardsGuidelines
Case LawPrecedenceInterpretationsStandardsGuidelines
Visibility Traceability
PROCESS
EVIDENCE / RECORD
Confidence / Safety
12
RTS CertificationRTS CertificationRTS CertificationRTS CertificationDO-178B Level ADO-178B Level A
Full Requirements through Test Results Full Requirements through Test Results MappingMapping
100% Source Level Coverage100% Source Level Coverage100% Machine Level Coverage100% Machine Level CoverageFull MCDC CoverageFull MCDC Coverage
An RTS Can be Certified but,An RTS Can be Certified but,Termed CertifiableTermed CertifiableAn RTS is Nothing Unto ItselfAn RTS is Nothing Unto Itself
DO-178B Level ADO-178B Level A
Full Requirements through Test Results Full Requirements through Test Results MappingMapping
100% Source Level Coverage100% Source Level Coverage100% Machine Level Coverage100% Machine Level CoverageFull MCDC CoverageFull MCDC Coverage
An RTS Can be Certified but,An RTS Can be Certified but,Termed CertifiableTermed CertifiableAn RTS is Nothing Unto ItselfAn RTS is Nothing Unto Itself
13
Ravenscar ProfileRavenscar ProfileRavenscar ProfileRavenscar Profile Industry Wide Safety Critical StandardIndustry Wide Safety Critical Standard
Deterministic Ada95 Subset…Deterministic Ada95 Subset… Certifiable SubsetCertifiable Subset Tasking AllowedTasking Allowed
Rendezvous DisallowedRendezvous DisallowedUse Protected Objects for CommunicationUse Protected Objects for Communication
No Dynamic Memory AllocationNo Dynamic Memory Allocation etc.etc.
Industry Wide Safety Critical StandardIndustry Wide Safety Critical Standard
Deterministic Ada95 Subset…Deterministic Ada95 Subset… Certifiable SubsetCertifiable Subset Tasking AllowedTasking Allowed
Rendezvous DisallowedRendezvous DisallowedUse Protected Objects for CommunicationUse Protected Objects for Communication
No Dynamic Memory AllocationNo Dynamic Memory Allocation etc.etc.
04/18/23 14
Safety CriticalSafety CriticalReal-time ApproachReal-time Approach
Aonix technology for safety-critical Aonix technology for safety-critical applicationsapplications
Raven and C-SMARTRaven and C-SMARTConforms to Ravenscar ProfileConforms to Ravenscar ProfileFlags Ravenscar Profile Violations at Compile TimeFlags Ravenscar Profile Violations at Compile TimeLevel A Certification Package AvailableLevel A Certification Package AvailableAdaCast for Test Harness and Source Level CoverageAdaCast for Test Harness and Source Level CoverageAdaCover machine level coverage analysisAdaCover machine level coverage analysisNew support for bounded tasking modelNew support for bounded tasking modelNew support for segregated loadsNew support for segregated loadsPowerPC, 32 bit Intel, 68K PowerPC, 32 bit Intel, 68K
15
Raven PackagesRaven PackagesRaven PackagesRaven Packages Core PackCore Pack
Core Compile SystemCore Compile System
Project PackProject Pack Ada-Assured and PerfoRMAxAda-Assured and PerfoRMAx
Test PackTest Pack AdaCast, Test: harness, case, coverage, ...AdaCast, Test: harness, case, coverage, ...
Safety Critical PackSafety Critical Pack AdaCover: Machine Level Coverage AdaCover: Machine Level Coverage
Certification PackCertification Pack Design PackDesign Pack
StP/UML with ACDStP/UML with ACD
Core PackCore PackCore Compile SystemCore Compile System
Project PackProject Pack Ada-Assured and PerfoRMAxAda-Assured and PerfoRMAx
Test PackTest Pack AdaCast, Test: harness, case, coverage, ...AdaCast, Test: harness, case, coverage, ...
Safety Critical PackSafety Critical Pack AdaCover: Machine Level Coverage AdaCover: Machine Level Coverage
Certification PackCertification Pack Design PackDesign Pack
StP/UML with ACDStP/UML with ACD
16
AdaCoverAdaCoverAdaCoverAdaCover
A Qualified Tool For MC CoverageA Qualified Tool For MC CoverageTarget - Data CollectionTarget - Data Collection
User selectable start/stop pointsUser selectable start/stop pointsSingle steps on targetSingle steps on targetProvides full machine level coverage dataProvides full machine level coverage dataUploaded to Host after executionUploaded to Host after execution
Host - Post AnalysisHost - Post AnalysisCoverage reportsCoverage reportsUpdates assembly listingUpdates assembly listingMerge to create total execution reportsMerge to create total execution reports
A Qualified Tool For MC CoverageA Qualified Tool For MC CoverageTarget - Data CollectionTarget - Data Collection
User selectable start/stop pointsUser selectable start/stop pointsSingle steps on targetSingle steps on targetProvides full machine level coverage dataProvides full machine level coverage dataUploaded to Host after executionUploaded to Host after execution
Host - Post AnalysisHost - Post AnalysisCoverage reportsCoverage reportsUpdates assembly listingUpdates assembly listingMerge to create total execution reportsMerge to create total execution reports
17
AdaCoverAdaCoverSample UsageSample Usage
AdaCoverAdaCoverSample UsageSample Usage
with AdaCover; with Cover_Test; procedure Cover_Driver is
Var : Integer := 0; begin AdaCover.Start(Cover_Test'Address); Cover_Test; AdaCover.Stop; AdaCover.Dump; end Cover_Driver;
18
Sample Safety Critical Sample Safety Critical ApplicationsApplications
Boeing 777Boeing 777 Boeing 737Boeing 737 Westinghouse Electric - Nuclear Westinghouse Electric - Nuclear
ShutdownShutdown Lockheed Martin - C130J and C27Lockheed Martin - C130J and C27 Westinghouse Brake and Signals Westinghouse Brake and Signals
London Underground - Jubilee Line London Underground - Jubilee Line extensionextensionBiggest Project In EuropeBiggest Project In Europe
Automatic Brakes and SignalingAutomatic Brakes and Signaling
20
BrakesCrane/Hydro-AirAxle Steering
Parker/Abex-NWL
GPSCanadian Marconi
Power ManagementSundstrand
Boeing 777 Sample SystemsBoeing 777 Sample Systems
21
Hercules - C130JHercules - C130JHercules - C130JHercules - C130J
Flight Management Unit
Ground Collision AvoidanceSystem
Back-up FMU
Aonix SCProductsused for:
22
London - Jubilee Line London - Jubilee Line Extension ProjectExtension Project
London - Jubilee Line London - Jubilee Line Extension ProjectExtension ProjectUnderground trains, faster, closer togetherUnderground trains, faster, closer togetherM68030 controllersM68030 controllersTrains communicate with each other and Trains communicate with each other and
with central controlwith central controlSoftware Integrity Level 4 (SIL)Software Integrity Level 4 (SIL)RIA 23 requiredRIA 23 requiredMapping document produced between RIA Mapping document produced between RIA
23 and Aonix (DO-178B) Certification 23 and Aonix (DO-178B) Certification materials materials
Largest funded project in EuropeLargest funded project in Europe
Underground trains, faster, closer togetherUnderground trains, faster, closer togetherM68030 controllersM68030 controllersTrains communicate with each other and Trains communicate with each other and
with central controlwith central controlSoftware Integrity Level 4 (SIL)Software Integrity Level 4 (SIL)RIA 23 requiredRIA 23 requiredMapping document produced between RIA Mapping document produced between RIA
23 and Aonix (DO-178B) Certification 23 and Aonix (DO-178B) Certification materials materials
Largest funded project in EuropeLargest funded project in Europe
23
Safety Critical Safety Critical CustomersCustomers
Safety Critical Safety Critical CustomersCustomersAircraft/Avionics –Aircraft/Avionics –
Global Positioning System (GPS) (Sextant Avionique) Flight control data concentrator: AIRBUS A330-A340 (Sextant Avionique) Braking and steering control unit: AIRBUS A330-A340 (Thomson CSF/DOI and Messier Bugatti) Air Traffic Control (ATC): Ground-based instrument landing system (Navia, formerly Normarc) Air Traffic Control (ATC): Germany, England, France and Belgium (EUROCONTROL) Flight Management System (FMS): (EUROCONTROL) (ATC): Denmark, Belgium, New Zealand, South Africa, Kenya, Pakistan, and Greece
(Thomson CSF/SDC) Air Traffic Control simulators: Switzerland, Ireland (Thomson CSF/SDC) Air Traffic Control System (ATC): (FAA) Radar system: Civil avionics (Wilcox Electric) Engine control system: (Chandler Evans) Flight Management: Lockheed C130J (Lockheed Martin) Ground Collision Avoidance: Lockheed C130J (Aerosystems International) Displays: Lockheed C130J (Lockheed Sanders) Global Positioning System: Boeing 777 (Canadian Marconi) Axle Steering System: Boeing 777 (Parker/Abex-NWL) Power Management System: Boeing 777 (Sundstrand) Brakes: Boeing 777 (Crane/Hydro-Air) Nuclear and Electricity – Power plant control: (Sema Group) Power generating system simulation: (Thomson CSF/DSI) Nuclear reactor project: (Nuclear Electric) Power plant power transmission system: (ABB Relays AG) Nuclear reactor control simulation: (CEA Cadarache) Nuclear Shutdown System: Nuclear power station in Czech Republic (Westinghouse Electric)
Aircraft/Avionics –Aircraft/Avionics – Global Positioning System (GPS) (Sextant Avionique) Flight control data concentrator: AIRBUS A330-A340 (Sextant Avionique) Braking and steering control unit: AIRBUS A330-A340 (Thomson CSF/DOI and Messier Bugatti) Air Traffic Control (ATC): Ground-based instrument landing system (Navia, formerly Normarc) Air Traffic Control (ATC): Germany, England, France and Belgium (EUROCONTROL) Flight Management System (FMS): (EUROCONTROL) (ATC): Denmark, Belgium, New Zealand, South Africa, Kenya, Pakistan, and Greece
(Thomson CSF/SDC) Air Traffic Control simulators: Switzerland, Ireland (Thomson CSF/SDC) Air Traffic Control System (ATC): (FAA) Radar system: Civil avionics (Wilcox Electric) Engine control system: (Chandler Evans) Flight Management: Lockheed C130J (Lockheed Martin) Ground Collision Avoidance: Lockheed C130J (Aerosystems International) Displays: Lockheed C130J (Lockheed Sanders) Global Positioning System: Boeing 777 (Canadian Marconi) Axle Steering System: Boeing 777 (Parker/Abex-NWL) Power Management System: Boeing 777 (Sundstrand) Brakes: Boeing 777 (Crane/Hydro-Air) Nuclear and Electricity – Power plant control: (Sema Group) Power generating system simulation: (Thomson CSF/DSI) Nuclear reactor project: (Nuclear Electric) Power plant power transmission system: (ABB Relays AG) Nuclear reactor control simulation: (CEA Cadarache) Nuclear Shutdown System: Nuclear power station in Czech Republic (Westinghouse Electric)
24
Safety Critical Safety Critical CustomersCustomers
Safety Critical Safety Critical CustomersCustomers
Trains and Railways –Trains and Railways – Subway network control systems: Paris, Calcutta, and Cairo (GEC ALSTHOM) Railway and signal control system: TGV for north lines and the Chunnel Brake system for the TGV: the TVM 430 project (CSEE Transports) Brake and signals system: London Underground, Jubilee Line extension (Westinghouse)
Space –Space – Satellite positioning system: (Alcatel SEL) Launching platform: Ariane V project (Aerospatiale with the CNES and Matra Marconi Space) Switching and telemeasuring systems: Galileo Mars probe project (CNES) Satellite imaging system: SPOT project (CNES) Columbus part of International Space Station: (ERNO Raumfahrttechnik) Data management systems and network control system: International Space Station (NASA) Data management system: APM (Atmospheric Pressure Module) for International Space Station
(Matra Marconi)
Trains and Railways –Trains and Railways – Subway network control systems: Paris, Calcutta, and Cairo (GEC ALSTHOM) Railway and signal control system: TGV for north lines and the Chunnel Brake system for the TGV: the TVM 430 project (CSEE Transports) Brake and signals system: London Underground, Jubilee Line extension (Westinghouse)
Space –Space – Satellite positioning system: (Alcatel SEL) Launching platform: Ariane V project (Aerospatiale with the CNES and Matra Marconi Space) Switching and telemeasuring systems: Galileo Mars probe project (CNES) Satellite imaging system: SPOT project (CNES) Columbus part of International Space Station: (ERNO Raumfahrttechnik) Data management systems and network control system: International Space Station (NASA) Data management system: APM (Atmospheric Pressure Module) for International Space Station
(Matra Marconi)
25
One Set of Certification One Set of Certification EvidenceEvidence
Delivery170 lbDelivery170 lb
One Set of Certification One Set of Certification EvidenceEvidence
Delivery170 lbDelivery170 lb
26
One CD-ROMOne CD-ROMcaptures all SDF’scaptures all SDF’s
One CD-ROMOne CD-ROMcaptures all SDF’scaptures all SDF’s
04/18/23 27
SummarySummary
Flexible, well-planned product architectureFlexible, well-planned product architectureLightweight implementation technologyLightweight implementation technology
Vast Experience in Safety Critical SystemsVast Experience in Safety Critical SystemsSupplier of Certifiable RTS and Needed Supplier of Certifiable RTS and Needed
Support ToolsSupport ToolsLeading Supplier for Ada83Leading Supplier for Ada83Only Supplier for Ada95Only Supplier for Ada95
Off-The-Shelf Certification PackagesOff-The-Shelf Certification Packages
28