lip6 meeting
play

Lip6 meeting Sharing perspectives 20 th February 2019 Avionics - PowerPoint PPT Presentation

Lip6 meeting Sharing perspectives 20 th February 2019 Avionics Products & Simulation - Missions Airbus Avionics Equipment supplier Simulations Models & Platforms provider Develop excellence on the full scope of hardware Develop


  1. Lip6 meeting Sharing perspectives 20 th February 2019

  2. Avionics Products & Simulation - Missions Airbus Avionics Equipment supplier Simulations Models & Platforms provider Develop excellence on the full scope of hardware Develop innovative solutions to optimize the and embedded software activities efficiency of aircraft design, testing and training Deliver Airbus core equipment to all aircraft Deliver mature simulation products for all aircraft programs types, from research to commercial operations. Chamber of Reference Business centre Build a reference & set the standards for equipment Sell and support avionics and simulation products suppliers. to customers. Leverage high level skills in embedded software, on-board electronics and real-time simulation Technical support and knowledge sharing with design teams, procurement, customer services 2

  3. Avionics Products & Simulation - Dimensions 120 software standards per year 12000 8000 electronic equipments boards per per year year 75% engineers 250Full Flight 590 Simulators Employees 170 Flight (530 France – Training 60 India) Devices 4500 repairs 380 airlines & and up to training 4000 retrofits centres per year 3 20th Feb19 Sharing perspectives - Lip6 - Airbus

  4. Product Line approach Software Product Line Engineering • Component Based development • Modular architecture / Re-usable Building Blocks • Virtual Integration Platform “Generic Safety Critical Platforms” Product Line • Multicore architecture • Versatility/Configurability vs hw context • In-house kernel “ Applicative “ Product Line • Design Patterns • System/Software Architecture 4

  5. Formal methods applied to critical software design (DAL A) to reduce verification effort System Requirements Reading A = Automated Reading System High-level X = Removed Requirements Requirements Development Reading = Reduced 30% Reading Reading Reading Verification Reading Software Formal LLR Architecture 70% Re adi High-level A Reading Reading Re ng Unit adi Requirements C Testing ng A Source Reading Reading code X Reading Reading Executable Reading Object code Low-level Software Requirements Architecture System Reading Requirements Reading Reading Reading Readi Integration Testing Reading High-level Unit Testing ng Requirements Reading Source Reading code Reading Reading Software Formal LLR Reading Architecture Rea din X X A g Reading Rea Integration Reading X Unit din Testing Executable Testing C g Unit Source A Object code Reading Proof code X Reading Executable 5 Object code

  6. Formal methods - some examples Binary static analyzer for Stack use & WCET computing  Abstract Interpretation based static analysis of the Executable Object Code  Static analyzer: A3 (AbsInt GmbH); Static analyses for Unit Verification of components services Unit Proof  Weakest Precondition (WP) based program proof at C function level  Proof tool: PHENIX_P (Frama-C/WP based from CEA) “Local” static analyses (i.e. on subsets of the call graph) • Data & Control flow analyses  Abstract Interpretation based static analysis of C code  Static analyzer: Fan-C (Airbus) • Numerical accuracy assessment of floating-point computation  Abstract Interpretation based static analysis of C source code  Static analyzer: FLUCTUAT (CEA) Run-Time Error analysis of C programs • The ASTRÉE static analyzer  Developed by CNRS/ENS and AbsInt GmbH  Commercialized by AbsInt Proved compilation of C source code • CompCert (INRIA + AbsInt GmbH)  Formally verified source / object code semantic equivalence 6

  7. Automatic Code Generation (relying on Formal Modelling techniques) Reactive Systems Real-time Control/Command systems (e.g.: Flight Controls)  Synchronous Language: Subset of Scade (Lustre) – Mainly pure data flow Desired ‘non functional ’ properties: - Determinism / Predictibility Direct traceability Scade ‘  Binary file’ - - Fast / Safe / Automated generation process Suited for: - Formal verification (e.g.: fully automated computation of safe upper bound of WCET) - Parallelisation of treatments  80%_90% of LoC are automatically generated Communication systems (e.g. ATC)  Asynchronous language: LDS for communication protocols 7

  8. Some technological/engineering trends Short term Medium/Long term - Product Line engineering - Artificial intelligence - Reduce System/Software gap - Parallel software engineering - Pursue Process improvement - Data management (certification and engineering - Distributed avionics activities - Many-cores architectures & New - Be competitive, reduce cost and processing cores lead time - Data Security - Multi-Core for Applications - Formal methods: Pursue investment 8

Recommend


More recommend