Professional Documents
Culture Documents
ARINC-653 and
Virtualization
Concepts for SafetyCritical Systems
Alex Wilson, Wind River, Director, EMEA Aerospace and Defence
Tarih
Saat
Yer
PROGRAM :
09:00 - 09:10
09:10 - 09:30
09:30 - 11:00
11:00 - 11:15
11:15 - 13:00
13:00 - 14:00
14:00 - 15:00
15:00 - 15:15
15:15 - 17:30
17:30 - 17:45
: 30 KASIM 2012
: 09:00-17:45
: SSM Sosyal Tesisleri
Al ve Konumalar
Challenges Facing Aerospace and Defense Suppliers
Alex Wilson, Wind River Director, Aerospace and Defence
ARINC-653 and Virtualization Concepts for Safety-Critical Systems
Alex Wilson, Wind River Director, Aerospace and Defence
ay-Kahve Molas
Getting Ready for DO-178C
Bernard Dion, Ph.D., Esterel Technologies Chief Technical Officer
Yemek Aras
Introduction to ARINC 661 Standard
Cockpit Display System Interfaces to User System
Vincent Rossignol, Esterel Technologies Product Marketing
Manager
ay-Kahve Molas
An Implementation of ARINC 661 Standard
Vincent Rossignol, Esterel Technologies Product Marketing
Manager
Kapan Konumas Soru ve Cevaplar
Kayt : event@tektronik.com.tr
En iyisinin teminat
ARINC-653 and
Virtualization Concepts for
Safety-Critical System
Why virtualize?
Consolidation
(Mergingorreducingseveralsystems)
Performance
(Increasespeedandfunctionalityinexistingsystem)
Separation
(Splitexistingfunctionalityforsafetyand/orsecurity)
11
Virtual Machine 2
Application 1
Application 2
12
Cores
Memory
Devices
1980s
2010+
Multicore Platform
App
App
App
App
Virtualization Layer
Core
One box
One function
One OS
One safety/security level
Federated systems
13
One board
Multiple functions
One OS
Multiple safety/security levels
Core
Core
Core
One die
Multiple functions
Multiple OS
Multiple safety/security levels
Multi-core integration
14
IMA
Advantages
High performance
Independence of design and
certification
Well-understood methodology
Established supply chain
Challenges
Greater size, weight, and power
(SWaP) requirements
Advantages
Lower SWaP requirements
Challenges
Greater complexity of system
integration
Greater complexity of design and
certification
Less experienced supply chain
Radar
Flight
Management
Graphics
Flight
Management
Radar
Graphics
15
ARINC 653 OSs and applications are typically certified to DO-178C / ED-12C
RTCA/DO-297: Integrated Modular Avionics Development, Guidance and Certification,
Shared set of flexible, reusable, and interoperable hardware and software resources
Radar
Graphics
16
Traceability Matrix
Software Development Folder
Design reviews
VxWorks 653 source files and binary code
Code reviews (40,000 LOC)
Test reviews (7,500 tests)
Functional tests (270,000 LOC)
Coverage results (object level)
Software Accomplishment Summary (SAS)
Tools Qualification Documents (TQD)
Test Harness for VxWorks 653
VerOcode, VerOLink, VeroSource-A, VeroTrace
WindSH
VxWorks 653
The Avionics Platform of the Future
First Flight: December 2010
FAA Certification: September 2011
GE Common Core certified to DO-178B Level A
Eliminated over 100 different LRUs
17 Boeing suppliers, dozens of teams
DO-297 used for multi-vendor integration / re-use
18
Partition 1
Partition 2
Partition OS
Partition OS
Time
20
21
22
23
24
Organization that grants approval on behalf of the state(s) responsible for the aircraft/engine
certification
Certification Applicant
System Integrator
Platform Supplier
Provide processing hardware and software resources (including the core software)
Platform V&V
Application Supplier
25
Supplier 2
Supplier 3
Supplier 4
Graphics
Generator
Application
Display
Application
IMA System
Integrator
User
Mode
Flight
Management
Application
Radar
Application
Level A
Level B
Level C
Level D
ARINC 653
Partition OS
POSIX
Partition OS
VxWorks
Partition OS
Ada/Java
Partition OS
VxWorks 653
Application Executive
Application
Platform
Supplier
Architecture Support
Package (ASP)
Board Support
Package (BSP)
Hardware
26
Suppliers
Kernel
Mode
Application
Suppliers
System
Integrator
Nav
XML Tables
XML Config
File
XML Tables
XML Config
File
XML Config
File
XML Tables
FMS
XML Tables
XML Tables
Display
XML Config
File
XML Config
File
XML Compiler/Checker
DO-178 Qualified Development Tool
XML Business
Rules
Platform
Data
Schedule
Tables
HM Table
HM Table
HM Table
FMS
Nav
Display
* http://www.faa.gov/regulations_policies/
** http://rgl.faa.gov/Regulatory_and_Guidance_Library/rgTSO.nsf/Frameset?OpenPage
28
Certified applications
approved in different
configurations using
VxWorks 653
29
What is Multi-Core?
Architecture where a single physical
processor contains the core logic of two
or more processors
Packaged into a single integrated circuit
(IC) called a die
Can also refer to multiple dies packaged
together
30
31
Multicore configurations
Core Virtualization
Traditional
OS
OS
Single Core
Hypervisor
Core
SMP
Multi-core
OS
Core
Unsupervised AMP
OS
OS
OS
Hypervisor
Core 1
32
OS
Core 2
Core 1
Core 2
Core 1
Core 2
AMP:
Pros: can be used with a Hypervisor to partition shared resources,
support multiple applications at different levels of criticality
Cons: still need to prevent coupling through shared resources
33
Flight
Management
Application
Radar
Application
Graphics
Generator
Application
Display
Application
Level A
Level B
Level C
Level D
ARINC 653
Partition OS
POSIX
Partition OS
VxWorks
Partition OS
Ada/Java
Partition OS
VxWorks 653
Application Executive
Architecture Support
Package (ASP)
CPU
34
Ethernet
Board Support
Package (BSP)
GPU
Kernel
Mode
Multi-core:
Electronic Flight Bag Use Case
DO-178 Level A
DO-178 Level C
DO-178 Level E
DO-178 Level E
App 1
Server App
App 2
Server App
App 3
Server App
App 4
Server App
VxWorks
Linux
OS TBD
Android
Hypervisor
Core 1
Core 2
Core 3
Ethernet
35
GPU
Flash
Back Plane
Typical Software
Modules
Common
Software
Power Supply
Common
Hardware
Application
Specific Hardware
On-board
Maintenance
System Protocol
Data Bus
I/O Processing
I/O
Application
Application
Specific Software
Safety Considerations
Some Challenges to Multiple Criticalities
No policies and guidance
Different multi-core implementations
Shared caches
Loss of determinism, cross channel coupling
Exception redirection
Exceptions may be directed to one core
Time management
Clock interrupt may be directed to one core
37
VxWorks
Cert
Incl APEX
Operating Environments
VxWorks
Wind River
Linux
Other
OS
Separation Profiles
Real-Time
Hypervisor
Profile
Wind River
Test
Management
Safety
v
Separation
Profile
Security
Separation
Profile
MLS/CDS
38
Wind River
Simics
Wind River
Workbench
Summary
Trends
Consolidation
Interoperability
Regulatory
39