Chess Review November 21, 2005 Berkeley, CA Edited and presented by Critical Avionics Software Claire J. Tomlin UC Berkeley.

Slides:



Advertisements
Similar presentations
Flexible Airborne Architecture
Advertisements

Distributed Data Processing
The System-Level Simplex Architecture Stanley Bak Olugbemiga Adekunle Deepti Kumar Chivukula Mu Sun Marco Caccamo Lui Sha.
Aviation Safety ProgramSingle Aircraft Accident Prevention April NCC-1-377, Honeywell Tucson Design, Implementation, and Verification of Fault-Tolerant.
AA278A: Supplement to Lecture Notes 10. Controller Synthesis for Hybrid Systems Claire J. Tomlin Department of Aeronautics and Astronautics Department.
Embedded control for aircraft systems Claire J. Tomlin with Ian Mitchell, Alex Bayen, Meeko Oishi, Rodney Teo, and Jung Soon Jang August 2005 Aero/Astro,
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
ATN 2002 London September 2002 Presented by Aloke Roy Authors: Christophe Hamel Tom Judd Ketan Nguyen Bryan Rowe Kevin Wohlers ATN AIRBORNE IMPLEMENTATION.
18 October 2001 OOPSLA 2001 Workshop on Patterns for OO Distributed RT & Embedded Systems Wendy Roll - 1 Pattern Usage in an Avionics Product Line Wendy.
Filling the Gap Between System Design & Performance Verification Rafik HENIA, Laurent RIOUX, Nicolas SORDON Thales Research & Technology.
Robust Hybrid and Embedded Systems Design Jerry Ding, Jeremy Gillula, Haomiao Huang, Michael Vitus, and Claire Tomlin MURI Review Meeting Frameworks and.
Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.
Chess Review November 21, 2005 Berkeley, CA Edited and presented by A New Course in Hybrid and Embedded Systems Claire J. Tomlin UC Berkeley.
Pratt & Whitney National Workshop on Aviation Software Systems for the Second Century of Flight: Design for Certifiably Dependable Systems October 5-6,
Softwalls: Preventing Aircraft from Entering Unauthorized Airspace Adam Cataldo Prof. Edward Lee Ian Mitchell Prof. Shankar Sastry CHESS Review May 8,
Design of a Certifiably Dependable Next- Generation Air Transportation System Stephen A. JacklinMichelle M. Eshow Michael R. LowryDave McNally Ewen Denny.
February 11, 2010 Center for Hybrid and Embedded Software Systems Cyber-Physical Systems (CPS): Orchestrating networked.
Decentralized Optimization, with application to Multiple Aircraft Coordination Decision Making Under Uncertainty MURI Review, July 2002 Gökhan Inalhan,
National Workshop on Aviation Software Systems for The Second Century of Flight: Design for Certifiably Dependable Systems (HCSS-AS) Claire Tomlin (UCB/Stanford)
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Systems Analysis and Design in a Changing World, 6th Edition
NSF Foundations of Hybrid and Embedded Software Systems UC Berkeley: Chess Vanderbilt University: ISIS University of Memphis: MSI Gautam Biswas and Ken.
Course Instructor: Aisha Azeem
Introduction to Software Testing
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Highlighting the Challenges of Model- Based Engineering for Spaceflight Software Systems Dr. Rob Pettit Flight Software and Embedded Systems Office The.
INTEGRATED PROGRAMME IN AERONAUTICAL ENGINEERING Coordinated Control, Integrated Control and Condition Monitoring in Uninhabited Air-Vehicles Ian Postlethwaite,
Industry Session – Mixed Criticality and Multi-Core David Corman Program Director, Cyber Physical Systems National Science Foundation 1.
Software Considerations in Airborne Systems
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
CSE 403 Lecture 14 Safety and Security Requirements.
Future Airborne Capability Environment (FACE)
1. Introduction 1.1 Background 1.2 Real-time applications 1.3 Misconceptions 1.4 Issues in real-time computing 1.5 Structure of a real-time system.
Protecting the Public, Astronauts and Pilots, the NASA Workforce, and High-Value Equipment and Property Mission Success Starts With Safety Believe it or.
1 Challenges in the Verification of Pre-Existing Aerospace Systems Jean-Baptiste Jeannin Challenges in the Verification of Pre-Existing Aerospace Systems.
Department of Mechanical Engineering The University of Strathclyde, Glasgow Hybrid Systems: Modelling, Analysis and Control Yan Pang Department of Mechanical.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
High Performance Embedded Computing © 2007 Elsevier Lecture 3: Design Methodologies Embedded Computing Systems Mikko Lipasti, adapted from M. Schulte Based.
High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.
BE-SECBS FISA 2003 November 13th 2003 page 1 DSR/SAMS/BASP IRSN BE SECBS – IRSN assessment Context application of IRSN methodology to the reference case.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
Polymorphous Computing Architectures Run-time Environment And Design Application for Polymorphous Technology Verification & Validation (READAPT V&V) Lockheed.
SVDM ConOps 18 May 2010 Federal Aviation Administration 0 0 Space Vehicle Debris Threat Management ConOps Presentation to COMSTAC Space Transportation.
REAL-TIME SOFTWARE SYSTEMS DEVELOPMENT Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
March 2004 At A Glance autoProducts is an automated flight dynamics product generation system. It provides a mission flight operations team with the capability.
Federal Aviation Administration 0 Complex Integrated Avionics and System Safety June 9, Complex Integrated Avionic Systems and System Safety Presentation.
Toulouse, September 2003 Page 1 JOURNEE ALTARICA Airbus ESACS  ISAAC.
High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Decision Making Under Uncertainty PI Meeting - June 20, 2001 Distributed Control of Multiple Vehicle Systems Claire Tomlin and Gokhan Inalhan with Inseok.
Hybrid Systems Controller Synthesis Examples EE291E Tomlin/Sastry.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
General Avionics Software Specification Paper by: C. Douglass Locke, David R. Vogel, Lee Lucas, John B. Goodenough Presented by: Jeremy Erickson August.
Introduction to Avionics Mac Mollison. What I Want to Talk About l What do we mean by “avionics”? l What is the focus of this course?
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.
Combining safety and conventional interfaces for interlock PLCs
Design and Implementation
CSCI/CMPE 3334 Systems Programming
Introduction to Software Testing
RR-TAG Liaison Report September 2008 IEEE
Standards.
RR-TAG Liaison Report September 2008 IEEE
Chapter 7 –Implementation Issues
From Use Cases to Implementation
Presentation transcript:

Chess Review November 21, 2005 Berkeley, CA Edited and presented by Critical Avionics Software Claire J. Tomlin UC Berkeley

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin2 Outline A viewpoint from production military systems [David Sharp, Boeing Phantom Works] System development and certification –DO 178 B and C High level design examples: –Collision avoidance systems –Operating envelope protection Tools for modeling, design, and code generation NITRD HCSS National Workshop on Software for Critical Aviation Systems

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin3 Technology Trends in Avionics Systems Are Driving Exponential Growth in Software Complexity –Autonomous systems, adaptive systems… Traditional Approaches and Processes Are Already Stressed –Program-specific architectures, languages, tools –Unaligned with commercial practices Current Technology, Practices and Culture of the Industry Cannot Meet Emerging System Needs David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002 A Viewpoint from Production Military Aircraft

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin4 Example: Fighter Avionics Domains Radar Weapons Nav Sensors Weapon Mgmt Data Links Stick, Throttle… Actuators Mission Computing Vehicle Mgmt David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin5 Mission Computing: Example Functionality Release Weapons Fuse Targets From Data Links Update Navigation State Predict Selected Weapon Trajectories Update Steering Cues Update Displays Fuse Targets From Sensors Modify Display Suite Via Pilot Pushbutton Perform Built- In-Test Activate Backup Mode Select Weapons Aperiodic Periodic Mission Computing David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin6 Vehicle Management: Example Functionality Manage Control Modes Update Navigation State Compute Inner Loop Controls Compute Outer Loop Controls Perform Periodic Built- In-Test Manage Redundancy Aperiodic Periodic Vehicle Mgmt Perform Initiated Built- In-Test Perform Input Signal Mgmt Perform Actuator Signal Mgmt David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin7 Typical Mission Computing Legacy Characteristics Hz Update Rates Up To Processors ~1M Lines of Code –O(10 3 ) Components Proprietary Hardware –Slow CPU, small memory –Fast I/O Test-Based Verification Mil-Std Assembly Language Highly Optimized For Throughput and Memory Functional Architectures –Flowchart designs Frequently No Maintained Requirements or Design –Ad-hoc models used by algorithm developers Hardcoded Hardware Specific Single System Designs Isolated Use Of –Multi-processing –Schedulability analysis Frequently overly pessimistic to be used David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin8 Typical Vehicle Management Legacy Characteristics 80/160 Hz Update Rates Single CPU System/ Quad Redundant Dual/Quad Redundant Sensors and Actuators <100K Lines of Code Extensive Built-In-Test –>50% of code Extensive Testing –Very conservative development culture –>50% of effort Control System Models Carefully Developed And Used –Home grown –Matlab/MatrixX with auto code generation Additional Characteristics David Sharp, Boeing Phantom Works, HSCC Plenary Talk, Stanford, March 2002

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin9 System Certification System and Software Testing Design/Implementation Requirements Development Model V&V Control Power V&V Control Law V&V Functional V&V Software V&V Unit/Component Test Hardware/Software Integration (HSI) Hardware V&V Qualification Test (Safety of Flight) Aircraft Integration System V&V Standalone (Static) Integrated (Dynamic) Failure Modes and Effects Test (FMET) [Source: Jim Buffington, LM Aero] System Development and Certification

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin10 FAA regulatory standard: RTCA DO-178B Project management, risk mitigation, design and testing activities for embedded software developed for the commercial avionics industry are based on the FAA standard: RTCA (Radio Technical Commission for Aeronautics) DO-178B: “Software Considerations in Airborne Systems and Equipment Certification” “Process-based” certification Interesting points: –Certification applies to the end product (ie. airframe), encompassing all systems –It applies to a given application of a given product (other applications of the same product require further certification) –It requires that all code MUST be there as a direct result of a requirement –It requires full testing of the system and all component parts (including the software) on the target platform and in the target environment in which it is to be deployed

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin11 DO-178 History Timeline History –Nov DO-178-SC145 –Mar DO-178A –SC152 (4 years) Software Levels 1,2,3 – Crit, Essential, NonEss Software Develop Steps D1-D5 Software Verification Steps V1-V7 –Dec DO-178B –SC167 (7 years) Objectives Based Tables –What, not how Criticality Categories (A,B,C,D) / Objectives Matrix –12 years Since DO-178B  (15 years) SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICAION RTCA DOCUMENT NO. RTCA/DO-178B December 1, 1992 Prepared by: SC-167 “Requirements and Technical Concepts for Aviation” [source: Jim Krodel, Pratt & Whitney]

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin12 Issues Under Consideration for SC205 Sub-groups Technology/Domains Under Consideration –Formal Methods –Model Based Design & Verification Model Verification and Level of Pedigree Certification of Proof by Models –Software Tools And our reliance on them from a certification perspective –Object Oriented Technology –Comms-Nav-Sur/Air-Traffic-Management [source: Jim Krodel, Pratt & Whitney]

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin13 5 u v d v Differential game formulation: Compute the set of states for which, for all possible maneuvers (d) of the red aircraft, there is a control action (u) of the blue aircraft which keeps the two aircraft separated.  x y  [Tomlin lab, 2002] Example 1: Collision Avoidance Systems

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin14 User Interaction with Aerospace Systems: Interaction between –System’s dynamics –Mode logic –User’s actions Interface is a reduced representation of a more complex system Too much information overwhelms the user Too little can cause confusion –Automation surprises –Nondeterminisim For complex, highly automated, safety-critical systems, in which provably safe operation is paramount, What information does the user need to safely interact with the automated system? Example 2: Operating Envelope Protection

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin15 Controllable flight envelopes for landing and Take Off / Go Around (TOGA) maneuvers may not be the same Pilot’s cockpit display may not contain sufficient information to distinguish whether TOGA can be initiated flare flaps extended minimum thrust rollout flaps extended reverse thrust slow TOGA flaps extended maximum thrust TOGA flaps retracted maximum thrust flare flaps extended minimum thrust rollout flaps extended reverse thrust TOGA flaps retracted maximum thrust revised interface existing interface controllable flare envelope controllable TOGA envelope intersection [Tomlin lab, 2003] Example 2: Operating Envelope Protection

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin16 Designing safety critical control systems requires a seamless cooperation of tools: –Modeling and design at the control level –Development tools at the software level –Implementation tools at the platform level Corresponding research needed: –Development of algorithms and tools to verify and validate the high level design – currently tools such as reachability analysis tools for hybrid systems are limited to work in up to 4-5 continuous state dimensions –Development of code generation tools (ideally, verified to produce correct code) –Tools to check the correctness of the resulting code –Algorithms and tools to automatically generate test suites Tools for modeling, design, and code generation

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin17 Static Program Analysis Tools Static program analysis is used at compile time to automatically determine run-time information and properties which are extractable from the source code. These include: Ensuring that the allowable range of array indexes is not violated Ensuring simple correctness properties: functional (such as dependencies between aspects of variables or invariants on the shape of data structures) or nonfunctional (such as confidentiality or integrity for security-critical applications) Identifying potential errors in memory access Type checking Interval analysis Checking for illegal operations, like division by zero Currently, properties such as absence of run time errors and worst case execution time have been tackled: more research is needed to address problems arising from a distributed, embedded setting, such as checking for safety conditions, and for the absence of deadlocks

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin18 NITRD HCSS National Workshop on Software for Critical Aviation Systems Workshop co-chairs: Tomlin and Hansman NITRD HCSS Co-Chair: Helen Gill Planning meeting: University of Washington, Nov 9-10 (~35 participants from Industry, DoD, Govt, and Academia) Workshop, June 2006, Washington DC Application domains: –Air traffic management, C&C –flight control, UAVs –CNS, aircraft and infrastructure integration –Satellite and space system control NITRD = Federal Networking and Information Technology Research and Development HCSS = High Confidence Software and Systems

Chess Review, Nov. 21, 2005"Critical Avionics Software", C. Tomlin19 Issues: Reduce software development time and costs for next generation avionics platforms –Distributed systems –Adaptive systems –Mixed criticality systems –Human in the loop –Security in the loop Design for certification Design for re-use Minimize re-test Open experimental platforms: high pedigree models for application of technologies NITRD HCSS National Workshop on Software for Critical Aviation Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.