ObjectAda Raven Safety Critical Software Development Environment

1
ObjectAda RavenSafety CriticalSoftware
DevelopmentEnvironment
2
Objective

• Acquaint you with our Ada95 products and services
• Development Systems
• Product Goals Philosophy
• Product Line Organization Availability
• Technical Characteristics
• Support For Safety Critical Certification
• DO-178B Level A
• Aonix Is ..
• Leading Supplier for Ada83
• Only Supplier for Ada95

3
Product Philosophy

• Stratified, evolvable product line
• Value price competitive
• Support different needs at appropriate prices
• Support activities in multiple areas of
  lifecycle/process
• Support gradual buy-in for customers
• Native
• Hard Real-Time
• Certifiable Safety Critical Systems

4
Product Line Organization
Windows 98 / NT
Native
UNIX / Motif / CDE
x Intel
C
E
C
E
x PowerPC
N
O
P
R
T
T
R
R
E
x 68K
I
R
E
O
F
P
I
R
I
E
S
D
E
5
Main Components

• Graphical IDE in platform style
• Compiler, prelinker, builder, cross-referencer
• Lightweight library mechanism
• Integrated editor, browser and debugger, cross
  tools
• Variable or optional components bindings, GUI
  builder, analysis tools

6
ObjectAda Compilers

• Very fast
• Essentially one pass
• 70K lpm on SPARC 10
• Multiple units/files in compilation faster due to
  caching of specs

7
ObjectAda Library

• Source-based
• No compilation order requirements
• Can use multiple source and object paths
• Persistent info is ASCII and editable

8
GeneralReal-Time Approach

• Integrative approach
• PharLap ETS Raven for 32 bit Intel
• Tornado, LynxOS Raven for PowerPC
• (Tornado) Raven for 68K
• Host-based tools integration as well as target
  executive
• Real-time extensions
• Real-time analysis tools - PerfoRMAx
• AdaCast
• Test Harness, Case, Coverage, Complexity

9
ObjectAda RavenCertified/CertifiableCompiler/RT
S
10
( Legal )Safety Systems
Case Law Precedence Interpretations Standards Guid
elines
Laws Regulations Standards Guidelines
PROCESS
Visibility
Traceability
EVIDENCE / RECORD
Confidence / Safety
11
RTS Certification

• DO-178B Level A
• Full Requirements through Test Results Mapping
• 100 Source Level Coverage
• 100 Machine Level Coverage
• Full MCDC Coverage
• An RTS Can be Certified but,
• Termed Certifiable
• An RTS is Nothing Unto Itself

12
Ravenscar Profile

• Industry Wide Safety Critical Standard
• Deterministic Ada95 Subset
• Certifiable Subset
• Tasking Allowed
• Rendezvous Disallowed
• Use Protected Objects for Communication
• No Dynamic Memory Allocation
• etc.

13
Safety CriticalReal-time Approach

• Aonix technology for safety-critical applications
• Raven and C-SMART
• Conforms to Ravenscar Profile
• Flags Ravenscar Profile Violations at Compile
  Time
• Level A Certification Package Available
• AdaCast for Test Harness and Source Level
  Coverage
• AdaCover machine level coverage analysis
• New support for bounded tasking model
• New support for segregated loads
• PowerPC, 32 bit Intel, 68K

14
Raven Packages

• Core Pack
• Core Compile System
• Project Pack
• Ada-Assured and PerfoRMAx
• Test Pack
• AdaCast, Test harness, case, coverage, ...
• Safety Critical Pack
• AdaCover Machine Level Coverage
• Certification Pack
• Design Pack
• StP/UML with ACD

15
AdaCover

• A Qualified Tool For MC Coverage
• Target - Data Collection
• User selectable start/stop points
• Single steps on target
• Provides full machine level coverage data
• Uploaded to Host after execution
• Host - Post Analysis
• Coverage reports
• Updates assembly listing
• Merge to create total execution reports

16
AdaCoverSample Usage

with AdaCover with Cover_Test procedure
Cover_Driver is Var Integer 0
begin AdaCover.Start(Cover_Test'Address)
Cover_Test AdaCover.Stop
AdaCover.Dump end Cover_Driver
17
Sample Safety Critical Applications

• Boeing 777
• Boeing 737
• Westinghouse Electric - Nuclear Shutdown
• Lockheed Martin - C130J and C27
• Westinghouse Brake and Signals
• London Underground - Jubilee Line extension
• Biggest Project In Europe
• Automatic Brakes and Signaling

18
Certification ExperiencesC-130J Cockpit Display

• Reviews
• Requirements
• Design
• Code
• Functional Testing
• Coverage testing
• Large amount of test data to be analyzed.

Note Over 3000 signatures required on
certification material for one RTS Certification
system.
RTS is about 6000 Lines of Code
(MIPS 3500)
19
Boeing 777 Sample Systems
Power Management Sundstrand
GPS Canadian Marconi
Brakes Crane/Hydro-Air
Axle Steering Parker/Abex-NWL
20
Hercules - C130J
Aonix SC Products used for
Flight Management Unit
Ground Collision Avoidance System
Back-up FMU
21
London - Jubilee Line Extension Project

• Underground trains, faster, closer together
• M68030 controllers
• Trains communicate with each other and with
  central control
• Software Integrity Level 4 (SIL)
• RIA 23 required
• Mapping document produced between RIA 23 and
  Aonix (DO-178B) Certification materials
• Largest funded project in Europe

22
Safety Critical Customers

• Aircraft/Avionics
• Global Positioning System (GPS) (Sextant
  Avionique)
• Flight control data concentrator AIRBUS
  A330-A340 (Sextant Avionique)
• Braking and steering control unit AIRBUS
  A330-A340 (Thomson CSF/DOI and Messier Bugatti)
• Air Traffic Control (ATC) Ground-based
  instrument landing system (Navia, formerly
  Normarc)
• Air Traffic Control (ATC) Germany, England,
  France and Belgium (EUROCONTROL)
• Flight Management System (FMS) (EUROCONTROL)
• (ATC) Denmark, Belgium, New Zealand, South
  Africa, Kenya, Pakistan, and Greece
• (Thomson CSF/SDC)
• Air Traffic Control simulators Switzerland,
  Ireland (Thomson CSF/SDC)
• Air Traffic Control System (ATC) (FAA)
• Radar system Civil avionics (Wilcox Electric)
• Engine control system (Chandler Evans)
• Flight Management Lockheed C130J (Lockheed
  Martin)
• Ground Collision Avoidance Lockheed C130J
  (Aerosystems International)
• Displays Lockheed C130J (Lockheed Sanders)
• Global Positioning System Boeing 777 (Canadian
  Marconi)
• Axle Steering System Boeing 777
  (Parker/Abex-NWL)

23
Safety Critical Customers

• Trains and Railways
• Subway network control systems Paris,
  Calcutta, and Cairo (GEC ALSTHOM)
• Railway and signal control system TGV for
  north lines and the Chunnel
• Brake system for the TGV the TVM 430 project
  (CSEE Transports)
• Brake and signals system London Underground,
  Jubilee Line extension (Westinghouse)
• Space
• Satellite positioning system (Alcatel SEL)
• Launching platform Ariane V project
  (Aerospatiale with the CNES and Matra Marconi
  Space)
• Switching and telemeasuring systems Galileo
  Mars probe project (CNES)
• Satellite imaging system SPOT project (CNES)
• Columbus part of International Space Station
  (ERNO Raumfahrttechnik)
• Data management systems and network control
  system International Space Station (NASA)
• Data management system APM (Atmospheric
  Pressure Module) for International Space Station
• (Matra Marconi)

24
One Set of Certification EvidenceDelivery170 lb
25
One CD-ROMcaptures all SDFs
26
Summary

• Flexible, well-planned product architecture
• Lightweight implementation technology
• Vast Experience in Safety Critical Systems
• Supplier of Certifiable RTS and Needed Support
  Tools
• Leading Supplier for Ada83
• Only Supplier for Ada95
• Off-The-Shelf Certification Packages

27