Скачать презентацию National Workshop on Aviation Software Systems for The Скачать презентацию National Workshop on Aviation Software Systems for The

f757ab429960c22d7802c6fdaec9c276.ppt

  • Количество слайдов: 18

National Workshop on Aviation Software Systems for The Second Century of Flight: Design for National Workshop on Aviation Software Systems for The Second Century of Flight: Design for Certifiably Dependable Systems (HCSS-AS) Claire Tomlin (UCB/Stanford) John Hansman (MIT) Jonathan Sprinkle (UCB) (Co-chairs) October 5 -6, 2006 Alexandria VA http: //chess. eecs. berkeley. edu/hcssas/

Welcome • The Federal Government recognizes that the rapidly increasing software and system complexity Welcome • The Federal Government recognizes that the rapidly increasing software and system complexity of aviation systems makes the development of high integrity, high confidence aviation software and systems crucial for the future of civilian and military aviation systems • 67 registered participants – 28 from academia – 21 from industry – 18 from government • 30 position papers • Sponsors: – NSF (Helen Gill) – NCO (Frankie King, Sally Howe) – Federal Networking and Information Technology Research and Development (NITRD) Program High Confidence Software and Systems (HCSS) Coordinating Group (CG) • Supporting government agencies: FAA, NASA, AFRL, OSD

The Problem Statement • Software related issues are the “Achilles Heel” of modern aerospace The Problem Statement • Software related issues are the “Achilles Heel” of modern aerospace system development – low level programming, ad hoc approaches, stand-alone and static implementations, and little code re-use – prolonged design schedules, excessive cost, dis-innovation, difficulty in maintenance, upgrades, and retrofits – issue is exacerbated for critical systems where high integrity requirements yield certification challenges and barriers – verification and validation is labor intensive and expensive • Exacerbated for critical systems with high integrity requirements • Current processes are inefficient and inadequate for future needs – Increased functionality leads to added complexity – Networked distributed systems – reconfigurable, adaptive, mixed initiative • Academic community generally decoupled from practitioners • • • New approaches, understanding and breakthroughs required Success would be a significant economic and opportunity stimulant Issue recognized by many organizations but real progress has been slow

HCSS-AS Workshop Planning Meeting • November 9 -10, 2005 at the University of Washington, HCSS-AS Workshop Planning Meeting • November 9 -10, 2005 at the University of Washington, Seattle • 35 invited participants from academia, industry, and government • Goals of the Workshop Planning Meeting: – Identify the key issue areas which will form the basis for the workshop – Define the key players who should be included – Define the current state of the art in software for critical aviation systems – Lay out potential research programs • Talks and all other information available at: http: //chess. eecs. berkeley. edu/hcssas/

Key Issues Identified • Certification Issues – – What should the certification criteria be? Key Issues Identified • Certification Issues – – What should the certification criteria be? How do you certify non-deterministic or adaptive systems? Overlap between software and other parts of the system Security issues • Costs or Barriers to Innovation – Design for certification – Lifecycle issues, costs of upgrades, etc. – Design for reuse • Methods – Automated tools for V&V – Experimental platforms – Metrics • Systems Issues – Human/software integration issues – Hardware/software integration issues – Integration with procedures/environment • Emergent Issues – Adaptive, non-deterministic systems • Education

Application Domains – – – Air Traffic Management (ATM) Unmanned Aerial Vehicles (UAVs) Flight Application Domains – – – Air Traffic Management (ATM) Unmanned Aerial Vehicles (UAVs) Flight control Command Control (C&C) Communication, Navigation, and Surveillance (CNS) systems – Aircraft and infrastructure integration

HCSS-AS Workshop Overall Goal: Improve the design, certification, and operation of next generation avionics HCSS-AS Workshop Overall Goal: Improve the design, certification, and operation of next generation avionics platforms, while maintaining strict levels of safety Workshop goal: – Bring together the practice community with the research community to define the intellectual agenda in software for critical aviation systems • Define current state of the art • Identify key issues and needs • Identify promising research approaches • Define educational needs and approaches

HCSS-AS Workshop: Education Motivation: • “We need to understand a priori how would the HCSS-AS Workshop: Education Motivation: • “We need to understand a priori how would the costs would get reduced if we invested in a better process for software design and certification. ” • “What technologies, what metrics, need to be achieved to instill confidence in an automated function? ” Education: • What are the common abstractions that everyone in the domain should understand? (Logic, dynamics, control…) • It is hard to develop real-world scalable solutions without good examples, and it is hard to get good examples: how to recruit exemplars (sanitized) of “close to” real examples from industry? • Need a “science of flight critical systems assurance”

Overall Program • 4 Keynote talks – – John Hansman Michael Leahy John Rushby Overall Program • 4 Keynote talks – – John Hansman Michael Leahy John Rushby Don Winter • 5 Invited Talk Sessions – Applications – Certification and assessment – Systems issues – Education – Methods • General discussion time • 4 Working Groups – Applications – Certification and assessment – Systems and crosscutting issues – Methods • 2 Breakout sessions: – Thursday afternoon – Friday morning and afternoon • Working group outbriefs: – Friday 2 -3 pm

Questions to Participants • For working group break out sessions, participants are asked to Questions to Participants • For working group break out sessions, participants are asked to consider each of the following four questions: – What are the top three lessons learned/technology in this area of X? – What are the top three needs that have not been met? – What are the top three research topics/challenges (with timelines) being/should be pursued in your domain of expertise related to X? – What are the top three challenges (with timelines) in the area of X (including outside your domain of expertise)? • There will be a leader and scribe assigned to each working group • Working group deliverables: – By Friday 2 pm, the working groups will provide annotated powerpoint of the working group discussion.

Working group outbriefs and written report • • • Problem statement Summary of state Working group outbriefs and written report • • • Problem statement Summary of state of the art R&D challenges Prioritized list of IT research needs Roadmap for the next 5 and 10 years

Deliverables of the Workshop • Immediately after the workshop, the HCSS-AS website will have Deliverables of the Workshop • Immediately after the workshop, the HCSS-AS website will have – Copies of the presentation slides – Audio clips of (some of) the talks • • First draft of WG summaries: November 2006 Final draft of WG summaries: January 2007 First draft executive summary: February 2007 Final report: April 2007

Today’s schedule • Keynote address: John Hansman • Morning: – Applications session – Discussion Today’s schedule • Keynote address: John Hansman • Morning: – Applications session – Discussion • Keynote address: Michael Leahy • Afternoon: – Certification and assessment – Systems issues – Education • Working groups • 6 pm: Reception

Backups Backups

System Development and Certification Model V&V • Control Power V&V • Control Law V&V System Development and Certification Model V&V • Control Power V&V • Control Law V&V • Functional V&V Requirements Development Design/Implementation Software V&V • Unit/Component Test • Hardware/Software Integration (HSI) Hardware V&V System and Software Testing • Qualification Test (Safety of Flight) • Aircraft Integration System V&V System Certification • Standalone (Static) • Integrated (Dynamic) • Failure Modes and Effects Test (FMET) [Source: Jim Buffington, LM Aero]

FAA regulatory standard: RTCA DO-178 B FAA standard (1992): RTCA DO-178 B (Eurocae standard FAA regulatory standard: RTCA DO-178 B FAA standard (1992): RTCA DO-178 B (Eurocae standard ED-12 B) “Software Considerations in Airborne Systems and Equipment Certification” SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICAION DOCUMENT NO. RTCA/DO-178 B December 1, 1992 Prepared by: SC-167 RTCA • “Process-based” certification • Interesting points: “Requirements and Technical Concepts for Aviation” – Certification applies to the end product (ie. airframe), incl. all systems – Applies to a given application of a given product (other applications of the same product require further certification) – It requires that all code MUST be there as a direct result of a requirement – It requires full testing of the system and all component parts (including the software) on the target platform and in the target environment – Objectives-Based tables: “What, not how” • Criticality Categories (A, B, C, D) / Objectives Matrix [sources: Jim Krodel, Pratt & Whitney, http: //aar 400. tc. faa. gov/Programs/Flight. Safety/sdss/]

Issues Under Consideration for SC 205 Sub-groups • Technology/Domains Under Consideration – Formal Methods Issues Under Consideration for SC 205 Sub-groups • Technology/Domains Under Consideration – Formal Methods – Model Based Design & Verification • Model Verification and Level of Pedigree • Certification of Proof by Models – Software Tools • And our reliance on them from a certification perspective – Object Oriented Technology – Comms-Nav-Sur/Air-Traffic-Management [source: Jim Krodel, Pratt & Whitney]

Tools for modeling, design, and code generation Designing safety critical control systems requires a Tools for modeling, design, and code generation Designing safety critical control systems requires a seamless cooperation of tools: – Modeling and design at the control level – Development tools at the software level – Implementation tools at the platform level Simulink SCADE/Lustre TTA An example (from Paul Caspi’s group, Verimag, Grenoble) is a tool which combines: • Simulink: natural control design tool, yet lacks essential programming language features (typing, modularity, simple and clear semantics) • SCADE/Lustre: SCADE (Safety Critical Application Development Environment) based on the synchronous programming language Lustre – Includes a DO 178 B compliant automatic code generator – Used in Airbus A 340, A 380 • TTA (Time Triggered Architecture): distributed implementations built on a synchronous bus distributing to every computing unit a global fault tolerant clock – Used in Boeing B 777 fly-by-wire system