RECOMPAvionics Communication

ModemPeter de Waard and Peter Gillick Thales UK Research and Technology

© Thales UK 2013

Thales

The Thales Corporate presentation can be found at:

http://www.thalesgroup.com/Group/Documents/2013_Corporate_presentation/

© Thales UK 2013

Aims for RECOMP

Reduced cost Reduced certification costs by employing better tool-chains Reduced re-certification costs: improved methodologies that enable better

re-use of certification information Reduced hardware costs: processors can perform more functions, so fewer

processors and fewer Line Replaceable Units are required

Reduced power, reduced size and reduced weight Processors can perform more functions so fewer processors and fewer Line

Replaceable Units are required reducing power, reducing size and reducing weight

© Thales UK 2013

Research Aims

Identify how to use multicore processors in Avionics safety critical systems

Identify how to run applications with different criticalities on a multicore processor that is to be used in Avionics safety critical systems

Understand issues related to creating independent processes for safety critical systems

Evaluate tools that will be useful to using multicore processors in safety critical Avionics systems

© Thales UK 2013

RECOMP work - overview

Developed demonstrator: Subset of an Avionics communications modem (Signal generator) Added Monitor, Controller and GUI for RECOMP

Demonstrator developed in C++ safe subset Used benefits of object orientation Use of unsafe capabilities of C/C++ are not permitted

The demonstrator targeted a multicore Core i7 PC

© Thales UK 2013

RECOMP work - overview

Investigated the use of the best of the breed COTS tools to support the DO-178B process:

AccuRev – for configuration management, issue tracking and process enforcement

Reqtify – for traceability analysis Code Collaborator – for code review and document review VectorCAST – for testing and code coverage analysis PR-QA – for static code analysis including language subset enforcement.

Assessed RECOMP tools: DO-178B certifiable Real Time Operating System (RTOS) – PikeOS, Aalto University (Helsinki) LIME Concolic Tester (LCT)

Investigated safety issues related to multi-core processors and mixed criticality applications

© Thales UK 2013

Creating a safe subset of C++

The objective of creating a safe subset of C++ is: To use Object Oriented techniques to make the scope and access to

functions and variables smaller and better defined Class, Private, Protected, Name spaces, Local scope …

To use the benefits of C++ to enable the valid use of functions and variables to be automatically checked by the compiler Private, Protected, Parameter list, Constants …

to enable the valid use of functions and variables to check more easily by hand during code reviews More explicit definition, no pointers

To remove problems associated with C No pointers, no globals, Casting, reduced #defines

To not bring in any additional problems related to C++

This work was based on: Federal Aviation Administration (FAA) CAST-4 Position Paper: Object

Oriented Technology (OOT) In Civil Aviation Projects: Certification Concerns FAA CAST-8 Position Paper: Use of the C++ Programming Language, (FAA,

20 January 2002) Motor Industry Software Reliability Association (MISRA) C++

© Thales UK 2013

Thales UK Research and Technology demonstrator

UDP Driver Communications TAC

User Command Interpreter TAC

Control TAC

Transmission Generation TAC

Hardware Driver Communications Qnx TAC

User Command

Overall Control

Transmission control

Driver control Driver data

Monitor TAC

Monitor control

Receive data

User Display Text

A TAC is a Threaded Application Components

© Thales UK 2013

Thales UK Research and Technology GUI

© Thales UK 2013

SysGo PikeOS Evaluation

Core 0 Core 1

SYSGO PikeOS

Avionics CommunicationsModem

Monitor

MUXA

M & C Console

Har

dwar

eS

yste

m S

oftw

are

App

licat

ion

Sof

twar

e

POSIX POSIX

© Thales UK 2013

LIME Concolic Tester

© Thales UK 2013

Successes/Achievements of RECOMP

We have validated a safe subset of C++ for safety critical systems that will make future safety critical software safer, easer to write, easier to review and easier to certify

Analysed safety issues related to multicore processors and running independent mixed criticality applications

Ran the demonstrator on SysGo PikeOS on a multicore processor with different processes running on different cores

D4.2b provides an analysis of the work that needs to be done to solve the temporal issues for certification covering the improvements needed to tools, methodologies and operating systems

© Thales UK 2013

The Impact of RECOMP

Thales Avionics have already participated with the EASA on the MULCORS program in order to use multicore processors in Avionics

RECOMP will feed into a number of Thales programs that are identifying how to use multicore processors in a variety of avionics systems

EASA is the European Aviation Safety Agency