Abaara topic: Avionics software

 
Abaara - Free Knowledge Database & Resources
ABAARA
Home
About Abaara
Tools
Contact us
Abaara topic: Avionics software
Categories
Business Travel

Small Business

Computing

Personal life

Science

Nature

Finance

Technology

Business

Health

Directory

e-Learning Platform

 eLeaP is a secure, easy to use, web-based training platform delivering rich, powerful, intuitive e-learning in multimedia environment using Web 2.0 technologies like AJAX & Rich Internet Applications.

e-Learning Systems, LMS, LCMS and easy elearning management systems

Visit eLeaPsoftware.com


Web Packages

Level37 Web Design Package $59.95

Let our Professional Designers Host
Build and Maintain your website

Visit www.level37.com


Newsletter



eLeaP eLearning Management Systems LMS LCMS Systems. Online training made easy. Free trial now.
 
Avionics software

Avionics software is embedded software with legally-mandated safety and reliability concerns, that is used in avionics.

Interestingly, some claim that the process described below is only slightly slower and more costly (perhaps 15 percent) than the normal ad-hoc processes used for commercial software. Since most software fails because of mistakes, eliminating the mistakes at the earliest possible step is also a relatively inexpensive, reliable way to produce software. Others claim the process is many times slower and more expensive. Because mistakes in the specifications may not be detected until deployment, they can be very expensive to fix.

The basic idea is that each step of the design process has outputs. If these outputs are tested for correctness and fixed, then normal human mistakes can't easily grow into dangerous or expensive problems. Most manufacturers follow the waterfall model to coordinate the design product, but almost all explicitly permit earlier work to be revised. The result is more often closer to a spiral model.

For an overview of embedded software see embedded system. The rest of this article assumes familiarity with that information, and discusses differences from commercial embedded systems.

Regulatory issues

In the U.S., avionic and other aircraft components have safety and reliability standards mandated by the Federal Aviation Regulations, Part 25. These standards are enforced by "designated engineering representatives" of the FAA who are usually paid by a manufacturer and certified by the FAA.

In the European Union the International Electrotechnical Commission describes "recommended" (mandatory!) requirements for safety-critical systems, which are usually adopted without change by relevant governments. A safe, reliable piece of avionics has a "CE Mark." The regulatory arrangement is remarkably similar to fire safety in the U.S. and Canada. The government certifies testing laboratories, and the laboratories certify both manufactured items and organizations.

The regulatory requirements are not complex or burdensome. First, a document must be produced called the "Software Aspects of Certification." This describes why using software is a good idea, and ideally, how using software is safer than not using software, how much risk the software adds to an aircraft (its level), and how the software will be proven to work. The manufacturer must label each revision of the software unambiguously, and preserve a description or how it can be reproduced, and the data to do so. Finally, a comprehensive maintenance manual must be produced. The maintenance manual is comprehensive-enough almost to permit an air-line to rebuild the unit from bare metal.

Project management features

Avionic software is viewed as a rather nasty and unpredictable part of the avionics. Generally, an organization is required to commit to a particular method of producing and testing the software, then follow that method to the letter.

In the U.S., the approved software development method is DO-178B, and it has five levels of compliance, based on how much damage the software can cause. Level A software can crash airplanes. Level B can kill or maim people. Level C can damage property or schedules. Level D inconveniences crew. Level E has no effect on safety or costs.

The differences between the levels are how much documentation must be preserved about the quality assurance steps. Generally, a level-A development has a marketing specification, a hazard analysis, and an engineering specification, done and reviewed before the design. Next there is a design document, and a test plan which are done and reviewed before the coding. Next, as code is produced, it is reviewed, then unit-tested, then integrated, then unit-tested again, and then integration-tested. At the end, the avionic unit is black-box-tested (i.e. external behavior is tested), and finally acceptance tested, usually with the black box tests.

Marketing Specification

The marketing specification describes what the marketing department hopes to sell. It is usually reviewed by senior engineers to make sure it can actually be done.

Human Interfaces

Projects with substantial human interfaces are usually prototyped or simulated. The video tape should be retained, but the prototype retired immediately after testing, because otherwise senior management and customers can believe the system is complete.

Hazard Analysis

The hazard analysis takes each block of a block diagram and considers the things that could go wrong with that block. Then the severity and probability of the hazards are estimated.

Projects involving military cryptographic security usually include a security analysis, using methods very like the hazard analysis.

Engineering Specification

The engineering specification is a document that describes what the software should do in foreseeable circumstances. The hazards feed into it to create more requirements. Usually it's reviewed for completeness, conformance to the marketing requirements, mitigation of hazards, practicality and testability. If the requirements can't be tested, then the software can't be proven to be done.

One of the major differences between avionics and commercial electronics is that everything on an aircraft can usually be semi-automatically tested in the time it takes to turn around the aircraft at an airport. This "built-in test" is a substantial effort that can literally make or break avionics in the commercial marketplace, by affecting its cost of ownership.

Software Design Document

As soon as the engineering specification is complete, the software design can start. The design tells what software modules exist, and what they do, and how they relate. Engineers review it for completeness, accuracy, safety, conformance to the engineering and marketing specification, and practicality.

Software Test Plan

As soon as the engineering specification is complete, the test plan can start. The test plan describes a practical method to test every feature, especially the safety-critical ones. Often, the expense of testing can be dramatically reduced by adding a small amount of software and electronics to help the testing. The most common aid is an interface to an external computer, used to simulate inputs and read outputs.

Maintenance Manual

As soon as the engineering specification is complete, writing the maintenance manual can start. There are several levels. A level D product such as an in-flight entertainment unit (a flying TV) may escape with a schematic and procedures for installation and adjustment. A navigation system, autopilot or engine may have thousands of pages of procedures, inspections and rigging instructions. Documents are now (2003) routinely delivered on CD-ROM, in standard formats that include text and pictures.

Code production and review

The code is written, then programmers exchange the code, and review someone else's code. Skilled organizations use a checklist of possible mistakes, and add to it when they find a new mistake. The code is also often examined by programs. The compilers or special checking programs like "lint" check to see if types of data are compatible with the operations on them. Another set of programs measure software metrics, to look for parts of the code that are likely to have mistakes. All the problems are fixed, or at least understood and double-checked.

Some code, such as digital filters, graphical user interfaces and inertial navigation systems, are so well-understood that software tools have been developed to write the software. In these cases, specifications are developed, and boring but reliable software is produced automatically.

Unit testing

"Unit test" code is written that should exercise every instruction of the code at least once. A "coverage" tool should be used to verify that every instruction is executed. This test is among the most powerful. It forces detailed review of the program logic, and detects most coding, compiler and some design errors. Some organizations write the unit tests before writing the code, using the software design as a module specification. The unit test code is executed, and all the problems are fixed.

Integration testing

As pieces of code become available, they are added to a skeleton of code, and tested in place to make sure each interface works. This is called integration, and the testing is called integration testing. Usually the built-in-tests of the electronics should be finished first, to begin burn-in and radio emissions tests of the electronics. Next, the most valuable features of the software are integrated. It is very convenient for the integrators to have a way to run small selected pieces of code, perhaps from a simple menu system.

Black box and acceptance testing

Meanwhile, the test engineers have been assembling a test rig, and releasing preliminary tests for use by the software engineers. At some point, the tests cover all of the functions of the engineering specification. At this point, testing of the entire avionic unit begins.

Certification

Each step produces a deliverable, either a document, code, or a test report. When the software passes all of its tests (or enough to be sold safely), these are bound into a certification report, that can literally have thousands of pages. The designated engineering representative, who has been nagging the organization all along, then decides if the result is acceptable. If it is, he signs it, and the avionic software is certified.

At this point, the software is usually very good software.
< Back
 
Web info.abaara.com
 

Categories: Avionics | Embedded systems | Software

Web Results

 
 



 

This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License
 
© 2007 to The Amacheba Group, LLC. All rights reserved. Terms of Use | Disclaimer

 
Page topic: Avionics software