Refine Your Search



Search Results

Technical Paper

A Lightweight Spatio-Temporally Partitioned Multicore Architecture for Concurrent Execution of Safety Critical Workloads

Modern aircraft systems employ numerous processors to achieve system functionality. In particular, engine controls and power distribution subsystems rely heavily on software to provide safety-critical functionality, and are expected to move toward multicore architectures. The computing hardware-layer of avionic systems must be able to execute many concurrent workloads under tight deterministic execution guarantees to meet the safety standards. Single-chip multicores are attractive for safety-critical embedded systems due to their lightweight form factor. However, multicores aggressively share hardware resources, leading to interference that in turn creates non-deterministic execution for multiple concurrent workloads. We propose an approach to remove on-chip interference via a set of methods to spatio-temporally partition shared multicore resources.
Technical Paper

A Method of Reporting and Prioritizing Faults for Aircraft Downtime Reduction

The exponential increase in the number of aircrafts and air travelers has triggered new innovations which aim to make airline services more reliable and consumer friendly. Quick and efficient maintenance actions with minimum downtime are the need of the hour. Areas that have a large potential for improvement in this regard are the real time use of diagnostic data, filtering/elimination of nuisance faults and machine learning capabilities with respect to maintenance actions. Although, numerous LRUs installed on the aircraft generate massive amounts of diagnostic data to detect any possible issue or LRU failure, it is seldom used in real time. The turnaround time for LRU maintenance can be greatly reduced if the results of the diagnostics conducted during LRU normal operation is relayed to ground stations in real-time. This enables the maintenance engineers to plan ahead and initiate maintenance actions well before the aircraft lands and becomes available for maintenance.
Technical Paper

A Methodology for Formal Requirements Validation and Automatic Test Generation and Application to Aerospace Systems

Automation on Validation and Verification (V&V) leveraging Formal Methods, and in particular Model Checking, is seeing an increasing use in the Aerospace domain. In recent years, Formal Methods have been used to verify systems and software and its correctness as a way to augment traditional methods relying on simulation and testing. Recent updates to the relevant Aerospace regulations (e.g. DO178C, DO331 and DO333) now have explicit provisions for utilization of models and formal methods. In a previous paper a compositional methodology for the verification of Aerospace Systems has been described with application to Electrical Power Generation and Distribution Systems. In this paper we present an expansion of the previous work in two directions. First, we describe the application of the methodology to the validation of Proximity Sensing Systems (PSS) requirements showing the effectiveness of the method to a new aerospace domain.
Journal Article

A Methodology for Increasing the Efficiency and Coverage of Model Checking and its Application to Aerospace Systems

Formal Methods, and in particular Model Checking, are seeing an increasing use in the Aerospace domain. In recent years, Formal Methods are now commonly used to verify systems and software and its correctness as a way to augment traditional methods relying on simulation and testing. Recent updates to the relevant Aerospace regulations (e.g. DO178C, DO331 and DO333) now have explicit provisions for utilization of models and formal methods. At the system level, Model Checking has seen more limited uses due to the complexity and abstractions needed. In this paper we propose several methods to increase the capability of applying Model Checking to complex Aerospace Systems. An aircraft electrical power system is used to highlight the methodology. Automated model-based methods such as Cone of Influence and Timer Abstractions are described. Results of those simplifications, in combination with traditional Assume-Guarantee approaches will be shown for the Electric Power System application.
Technical Paper

A New Environment for Integrated Development and Management of ECU Tests

Due to the rapidly increasing number of electronic control units (ECUs) in modern vehicles, software and ECU testing plays a major role within the development of automotive electronics. To ensure effective as well as efficient testing within the whole development process, a seamless transition in terms of the reusability of tests and test data as well as powerful and efficient means for developing and describing tests are required. This paper therefore presents a new integration approach for modern test development and test management. Besides a very easy-to-use way of describing tests graphically, the main focus of the new approach is on the management of a large number of tests, test data, and test results, allowing close integration into the automotive development processes.
Technical Paper

Adaptive Test Feedback LoopA Modelling Approach for Checking Side Effects During Test Executionfor Advised Explorative Testing

The main objective of testing is to evaluate the functionality, reliability, and operational safety of products. However, this objective makes testing a complex and expensive stage in the development process. This is particularly true for complex and large systems, such as trains or aircrafts, which require maximum operational safety. From the perspective of an aircraft manufacturer, the checks are carried out via test cases on the integration, system and application levels. Thus, they certify the products against the requirements using black box testing approach. In doing so, a test plan defines a sequence of test cases whereby it sets up the environment, stimulates the fault, and then observes the system under test for each case. Subsequently, the post processing of the test execution classifies the test plan in passed or failed.
Technical Paper

Adopting Model-Based Software Design and Verification for Aerospace Systems

The complexity of software development is increasing unprecedentedly with every next generation of aircraft systems. This requires to adopt new techniques of software design and verification that could optimize the time and cost of software development. At the same time these techniques need to ensure high quality of software design and safety compliance to regulatory guidelines like DO-178C [1] and its supplements DO-330[2] and DO-331[3]. To arrive at new technologies one has to evaluate the alternate methods available for software design by developing models, integration of models, auto-code generation, auto test generation and also the performance parameters like time, effort, reuse and presentation needs to be evaluated. We have made an attempt to present summary of alternate design concept study, and edge of MBD over other design techniques.
Technical Paper

Advancements in Hardware-in-the-Loop Technology in Support of Complex Integration Testing of Embedded System Software

Automotive technology is rapidly changing with electrification of vehicles, driver assistance systems, advanced safety systems etc. This advancement in technology is making the task of validation and verification of embedded software complex and challenging. In addition to the component testing, integration testing imposes even tougher requirements for software testing. To meet these challenges dSPACE is continuously evolving the Hardware-In-the-Loop (HIL) technology to provide a systematic way to manage this task. The paper presents developments in the HIL hardware technology with latest quad-core processors, FPGA based I/O technology and communication bus systems such as Flexray. Also presented are developments of the software components such as advanced user interfaces, GPS information integration, real-time testing and simulation models. This paper provides a real-world example of implication of integration testing on HIL environment for Chassis Controls.
Journal Article

Analysis of Flight Test Results of the Optical Ice Detector

Cloud phase discrimination, coupled with measurements of liquid water content (LWC) and ice water content (IWC) as well as the detection and discrimination of supercooled large droplets (SLD), are of primary importance in aviation safety due to several high-profile incidents over the past two decades. The UTC Aerospace Systems Optical Ice Detector (OID) is a prototype laser sensor intended to discriminate cloud phase, to quantify LWC and IWC, and to detect SLD and differentiate SLD conditions from those of Appendix C. Phase discrimination is achieved through depolarization scattering measurements of a circularly polarized laser beam transmitted into the cloud. Optical extinction measurements indicate the liquid and ice water contents, while the differential backscatter from two distinct probe laser wavelengths implies an effective droplet size. The OID is designed to be flush-mounted with the aircraft skin and to sample the air stream beyond the boundary layer of the aircraft.
Journal Article

Applying Model-Based Design and Automatic Production Code Generation to Safety-Critical System Development

Model-based software development and automatic code generation have become increasingly established in recent years. The automotive industry has widely adopted and successfully deployed these methods in many different series production programs worldwide. This brought various benefits, such as a reduction in development times, improved quality due to more precise specifications, and early verification and validation by means of simulation. At the same time, more and more safety-related and safety-critical systems have been - and will be -introduced into modern vehicles. Common examples are active front steering, adaptive cruise-control, and integrated chassis control. This leads to the question, if and how model-based design and automatic production code generation can be applied to the development of safety-critical systems.
Technical Paper

Automatic Generation of Production Quality Code for ECUs

This paper describes a new production code generator that meets both the requirements of code developers for efficient and reliable production code, as well as the desire of system engineers to establish a control design process based on simulation models that double as executable specifications for the ECU software. The production code generator supports automatic scaling, generates optimized fixed-point C code for microcontrollers like the Motorola 683xx, Siemens C16x, and Hitachi SH-2, and produces ASAP2 [1] calibration information. Benchmark results show that the autogenerated code can match or even exceed the efficiency of typical handwritten production code. Code quality is assured by design and by systematic, automatic, and extremely comprehensive test procedures.
Technical Paper

Behavior Modeling Tools in an Architecture-Driven Development Process - From Function Models to AUTOSAR

This paper will first introduce and classify the basic principles of architecture-driven software development and will briefly sketch the presumed development process. This background information is then used to explain extensions which enable current behavior modeling and code generation tools to operate as software component generators. The generation of AUTOSAR software components using dSPACE's production code generator TargetLink is described as an example.
Technical Paper

Combining Automotive System and Function Models to Support Code Generation and Early System Verification

Function models have a well-established position in automotive software development. Formal system models, on the other hand, are rare. This article describes the various aspects of function and system models, focusing mainly on AUTOSAR-compatible models. It also depicts the challenges for future overall models that combine the function models and the system model, and the resulting benefits, such as early system verification via PC-based simulations.
Journal Article

Communication Infrastructure for Hybrid Test Systems - Demands, Options, and Current Discussions

The application of a communication infrastructure for hybrid test systems is currently a topic in the aerospace industry, as also in other industries. One main reason is flexibility. Future laboratory tests means (LTMs) need to be easier to exchange and reuse than they are today. They may originate from different suppliers and parts of them may need to fulfill special requirements and thus be based on dedicated technologies. The desired exchangeability needs to be achieved although suppliers employ different technologies with regard to specific needs. To achieve interoperability, a standardized transport mechanism between test systems is required. Designing such a mechanism poses a challenge as there are several different types of data that have to be exchanged. Simulation data is a prominent example. It has to be handled differently than control data, for example. No one technique or technology fits perfectly for all types of data.
Technical Paper

Coupling HIL Simulations Over Long Distance - A Way Forward

Hardware-in-the-loop (HIL) testing is indispensable in the software development process for control units and has been an integral part of the software development process for years. Large HIL systems for integration tests are used to test the correct behavior of distributed functions and the communication between the control units. The vast development programs that are involved require building duplicates of such test systems or parts of them, due to the fact that the tasks are distributed between different companies or different departments within a company. However, there is an alternative to duplicating a test system. Instead of using a cloned system, coupling HIL systems over large distances is an alternate approach. This paper presents what requirements this coupling must fulfill and and describes a path-breaking method to fulfill them. In addition, results of an implementation are shown.
Technical Paper

Creating Test Patterns for Model-based Development of Automotive Software

The importance of electronics, especially software, has greatly increased over the last few years. Efforts to maintain a high level of software quality have made testing an important part of the development process. With the advent of model-based development, testing methods can be used not only on code level, but also on model level. Next to test execution itself, test development is seen as the most time- and cost-intensive part of the testing process. This paper outlines and classifies current approaches to model-based test development, with the aim of providing guidelines for test developers for choosing the method best suited to the type of system under test and the test objective.
Technical Paper

DO-254/ED-80 - An Application Guidelines to Redesign/Re-Engineering Airborne Electronic Hardware

Avionics industry is moving towards fly-by wire aircrafts with less reliance on mechanical systems leading to increase in the complexity of in-flight hardware elements. RTCA/DO-254 and EUROCAE ED-80 plays a vital role in the design assurance of airborne electronic hardware. RTCA/ DO-254 and EUROCAE ED-80 are the industry standards for Design Assurance Guidance for Airborne Electronic Hardware. The two different agencies FAA and EU regulate and apply this design assurance guidance to the regulatory law in CFR and EASA CS respectively. This paper discusses the need for DO-254 /ED-80 certification in Aerospace industry, the advantages and benefits to the avionics manufacturers. The paper presents the study made on similarities and differences between DO-254/ED-80.
Technical Paper

Data Fusion Techniques for Object Identification in Airport Environment

Airport environments consist of several moving objects both in the air and on the ground. In air moving objects include aircraft, UAVs and birds etc. On ground moving objects include aircraft, ground vehicles and ground personnel etc. Detecting, classifying, identifying and tracking these objects are necessary for avoiding collisions in all environmental situations. Multiple sensors need to be employed for capturing the object shape and position from multiple directions. Data from these sensors are combined and processed for object identification. In current scenario, there is no comprehensive traffic monitoring system that uses multisensor data for monitoring in all the airport areas. In this paper, for explanation purposes, a hypothetical airport traffic monitoring system is presumed that uses multiple sensors for avoiding collisions.
Technical Paper

Design and Implementation of Aircraft System Health Management (ASHM) Utilizing Existing Data Feeds

The Aircraft System Health Management (ASHM) tool is a UTC developed web application that provides access to Aircraft Condition Monitoring Function (ACMF) reports and Flight Deck Effects (FDE) records for Boeing 787®, A320®, and A380® aircraft. The tool was built with a flexible architecture to field a range of off-board diagnostics and prognostics modules designed to transform an abundance of data into actionable and timely knowledge about fleet health. This paper describes the system architecture and implementation with a focus on “lessons learned” in applying diagnostic and prognostics algorithms to available fleet data. Key topics include ensuring analytic robustness, design for cross-enterprise collaboration and defining a workable approach to testing, validating and deploying prognostics and diagnostics models with various degrees of complexity. A case study is provided related to fluid leak detection within an environmental control subsystem.
Technical Paper

Development of Safety-Critical Software Using Automatic Code Generation

In future cars, mechanical and hydraulic components will be replaced by new electronic systems (x-by-wire). A failure of such a system constitutes a safety hazard for the passengers as well as for the environment of the car. Thus electronics and in particular software are taking over more responsibility and safety-critical tasks. To minimize the risk of failure in such systems safety standards are applied for their development. The safety standard IEC 61508 has been established for automotive electronic systems. At the same time, automatic code generation is increasingly being used for automotive software development. This is to cope with today's increasing requirements concerning cost reduction and time needed for ECU development combined with growing complexity. However, automatic code generation is hardly ever used today for the development of safety-critical systems.