a call for action
DESCRIPTION
A call for action. www.open-do.org. Cyrille Comar [email protected] Matteo Bordin [email protected]. Summary. Introduction FLOSS & Open Source Communities Introducing Open-DO Why an Open Initiative for DO-178? Keys to Success Annex: Description of the mentioned projects. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
Summary
Introduction
FLOSS & Open Source Communities
Introducing Open-DO
Why an Open Initiative for DO-178?
Keys to Success
Annex: Description of the mentioned projects
Which Arinc 653 OS will be around in 15 years?
Commercial Solutions- WRS, Sysgo, LynuxWorks, GHS, DDCI
Private Solutions maintained internally by Avionics companies- At least 3 in Europe & 1 in the US
Experimental- RTEMS + 653 interface
Introduction
Any lessons from what happened in the Unix world?
FLOSS License
Free to use… for ever
Free to look at sources
Free to change
Free to redistribute
Open Source Communities
Significant technologies are successfully managed by such communities:
- The Linux Kernel - Eclipse - GCC - RTEMS - Mono - Python …
For more than 20 years now
Open Source Communities
The GCC example… and many more
• Contributors: from individuals to corporations• Sharing technology not products
Roles in Open Source Communities
Active participantsShort term cost increase
- Learning curve- Working in an open environment- Contributing back
Long term cost decrease by- Sharing Resources- Solving a common problem- Avoiding solving already solved problems
Initiators & regulators
Passive Users• Benefit from the work of others• Can’t customize to their own needs• Help spread the technology
• What about the DO-178 community?
• Is there a need for openness & cooperation?
• Potential for community growth?
• AVSI (Aerospace Vehicle Systems Institute)
• Certify Together
• This comittee• military
• space, automotive, …
Some Relevant Open Projects & Technologies
OSEE
Couverture
SPARK
Some Relevant Open Projects & Technologies
OSEE
Couverture
SPARK
LibreOpen Source
High AssuranceCertification
AgileLean
The meeting of 3 worlds
Open - DO Concepts
LibreOpen Source
High AssuranceCertification
AgileLean
VisibilityResilianceSharingReuse
Iterative requirementsContinuous IntegrationTest Driven Development…
Qualified toolsLife cycle traceabilityReq based testing
Open - DO Concepts
Relevant Agile/Lean Concepts
Test Driven Development Requirement Based testing
Executable Specifications
Continuous Integration
IP 217Iterative requirements
Open - DO Challenges
Opening & sharing more than “source code” - requirements, designs, testcases …
Life-Cycle Traceability Agile Workflows for the DO-178
Some DO-178B workflows
System aspects related to Software Development
Section 2
Overview of aircraft and engine certification
Section 10
Software Life Cycle Process
Software Life Cycle - section 3Software Planning Process – Section 4
Software Development Processes – Section 5
Software Verification - section 3Software Config Management – section 7Software Quality Assurance - Section 8
Certification Liaison - section 9
Integral Processes
Software Life Cycle Data – Section 11
Additional Considerations – Section 12
Top level workflow
Transition criteria between activities
Workflow supportWorkflow verification
Some DO-178B workflows (2)
System aspects related to Software Development
Section 2
Overview of aircraft and engine certification
Section 10
Software Life Cycle Process
Software Life Cycle - section 3Software Planning Process – Section 4
Software Development Processes – Section 5
Software Verification - section 3Software Config Management – section 7Software Quality Assurance - Section 8
Certification Liaison - section 9
Integral Processes
Software Life Cycle Data – Section 11
Additional Considerations – Section 12
Requirement coverage
Requirements
Design
Coding
Reviews
Testing
Completeness Analysis
Code coverage
Traceability
Component certification workflow
Some DO-178B workflows (3)
System aspects related to Software Development
Section 2
Overview of aircraft and engine certification
Section 10
Software Life Cycle Process
Software Life Cycle - section 3Software Planning Process – Section 4
Software Development Processes – Section 5
Software Verification - section 3Software Config Management – section 7Software Quality Assurance - Section 8
Certification Liaison - section 9
Integral Processes
Software Life Cycle Data – Section 11
Additional Considerations – Section 12
Qualification of Verification Tools Workflow
Requirement Coverage
Tool Operational Requirements
Reviews
Testing
Completeness Analysis
Traceability
OSEE
Open DO Components
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
Specialized for given certification standards
Open DO Components
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
OSEE Couverture… Gene-auto Topcased
Open DO Components
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
Toy certifiable projects Specialized Examples (e.g. for do-178c annexes)
Open DO Components
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
OS runtimes IP stack middleware…
Open DO Components
Open-Do
Workflows DocumentTemplates
QualifiableTools
EducationMaterials
CertifiableComponents
PSAC SDP, SVP, SCMP… Standards SAS…
Open DO Components
Why an open initiative for the DO-178 world?
Why Open-DO?
Educational materials for clarifying intent
Experimental test-bed for annexes
A support to the DO-178C effort
Provides a shared infrastructure- For long term investment- For long term cost reduction
Allows some level of cooperation with competitors
Lower training costs (especially for subcontractors)
Avionics industrial community
Why Open-DO?
Lower training costs for DERs
Vehicle for clarifying specific issues
Help sharing or practices between authorities
Certification authorities
Why Open-DO?
Offers an ideal showcase for their open technologies
Tool sharing makes it easier to provide a complete supported solution
Creates and ecosystem where everyone can meet potential customers and partners
Tool providers
Why Open-DO?
Balance- Europe vs US- Boeing vs Airbus- Authorities vs Industry
Find key participants for critical mass- Certification authorities- Major Aeronautics players- Established tool providers- Academics
Attract public funds for bootstrap
Find appropriate governance rules
Keys to success
define « Open Source 2010 »
certification workflows
Annex – Information on Mentioned Projects
OSEE
Couverture
SPARK
System Engineering Environment
Focus on system engineering
Open to external tool integrationOpen development philosophy
Integrated management environment
OSEE
Application life cycle management system
First-class Eclipse project contributed by- www.eclipse.org/osee- Apache Team (Phoenix, AZ)- 5 years in development, 5 people full-time- Not specific to DO-178
Development Artifacts Tracking
Requirements
Test cases
Test procedures Models Code
Tests
Tests Actual Output Tests Expected Output
OSEE Development Artifacts(import artifacts from external tools)
Traceability Model
OSEE
Slide: 33
Requirements Test cases
Test procedures
Design
Code Tests
Test Actual Output Test Expected Output
End-to-End Traceability Model
OSEE & Traceability
Slide: 34
Define Development Teams
Assign Members to Teams
Joe John
Ryan Don
Qualification
VerificationAnalysis
Joe
Don
Workflow Instantiation(example: verification of a
REQ_1_2b)
assign
assign
OSEE & Workflow Modeling/Tracking
Slide: 35
TOPCASED
Design / Analysis Model
Metamodel
Code
Toolkit in OPen source for Critical Application & SystEm Developmentwww.topcased.org
(formal) analysis
TOPCASED (II)
UML SysML AADL …
Graphical Modeling
Model Transformation Framework
- An Integrated Eclipse Distribution- The Future Official Eclipse Solution for UML modeling
- http://wiki.eclipse.org/MDT-Papyrus-Proposal
ECore
Slide: 37
GeneAuto
- A Qualifiable Generic Framework for Code Generation- Dynamic Systems Modeling: Simulink/StateFlow, Scicos- Targeting C (and Ada soon)- Available as a FLOSS
- along with qualification material (planned)- Partners: Airbus, Continental, Thales-Alenia, Barco, IAI, …
Input Model
Intermediate representati
on
Code
…
… Qualified
Slide: 38
SPARK
- Annotation of Ada programs for Formal Analysis- Partial correctness- Information/Data Flow
- The whole technology is NOW available as a FLOSS- http://www.praxis-his.com/sparkada/
AdaSPARK
Couverture
- Language-Independent Structural Coverage Framework
- Source coverage WITHOUT instrumentation (st, dc, mc/dc)
- Object Coverage (instructions, branches)
- Instrumented Simulation Framework
- The whole technology will be available as a FLOSS…
- including the qualification material
- https://libre.adacore.com/coverage/
Slide: 40
Couverture (II)
if Pression (M) >= P_Limit then Alarme (M, « PRE »)elsif Temperature (M) >= T_Limit then Alarme (M, « TEMP »)end if;
0x124600X12464+
...
Source CodeCross Compiler
Instrumented, Virtualized Execution
Environment Execution Traces
Object Coverage Report
(instruction, branch)
Source Coverage Report
(statement, DC, MC/DC)
Upcoming EventsThe Lean, Agile Approach to High-Integrity Software
Paris - March 26th, 2009Jim Sutton, Lockheed MartinAlexandre Boutin, YahooEmmanuel Chenu, ThalesDavid Jackson, Praxis High-Integrity SystemsCyrille Comar, AdaCore
Open-Do Masterclass @ Avionics EUAmsterdam - March 11th-12th, 2009Franco Gasperoni, AdaCore
Open-Do Masterclass @ Avionics USSan Diego – June, 1st – 2nd, 2009
Ryan Brooks, BoeingRobert B.K. Dewar, AdaCore
Next Informal Open-DO Meeting @ EclipseCon 2009Santa Clara, March 21st -25th, 2009Airbus, Boeing, AdaCore