A call for action

Cyrille Comarcomar@adacore.com

Matteo Bordinbordin@adacore.com

www.open-do.org

Summary

Introduction

FLOSS & Open Source Communities

Introducing Open-DO

Why an Open Initiative for DO-178?

Keys to Success

Annex: Description of the mentioned projects

Which Arinc 653 OS will be around in 15 years?

Commercial Solutions- WRS, Sysgo, LynuxWorks, GHS, DDCI

Private Solutions maintained internally by Avionics companies- At least 3 in Europe & 1 in the US

Experimental- RTEMS + 653 interface

Introduction

Any lessons from what happened in the Unix world?

FLOSS License

Free to use… for ever

Free to look at sources

Free to change

Free to redistribute

Open Source Communities

Significant technologies are successfully managed by such communities:

- The Linux Kernel

- Eclipse

- GCC

- RTEMS

- Mono

- Python

…

For more than 20 years now

Open Source Communities

The GCC example… and many more

• Contributors: from individuals to corporations

• Sharing technology not products

Roles in Open Source Communities

Active participants

Short term cost increase- Learning curve

- Working in an open environment

- Contributing back

Long term cost decrease by- Sharing Resources

- Solving a common problem

- Avoiding solving already solved problems

Initiators & regulators

Passive Users• Benefit from the work of others

• Can’t customize to their own needs

• Help spread the technology

• What about the DO-178 community?

• Is there a need for openness & cooperation?

• Potential for community growth?

• AVSI (Aerospace Vehicle Systems Institute)

• Certify Together

• This comittee• military

• space, automotive, …

Some Relevant Open Projects & Technologies

OSEE

Couverture

SPARK

Some Relevant Open Projects & Technologies

OSEE

Couverture

SPARK

LibreOpen Source

High AssuranceCertification

AgileLean

The meeting of 3 worlds

Open - DO Concepts

LibreOpen Source

High AssuranceCertification

AgileLean

VisibilityResilianceSharingReuse

Iterative requirementsContinuous IntegrationTest Driven Development…

Qualified toolsLife cycle traceabilityReq based testing

Open - DO Concepts

Relevant Agile/Lean Concepts

Test Driven Development Requirement Based testing

Executable Specifications

Continuous Integration

IP 217Iterative requirements

Open - DO Challenges

Opening & sharing more than “source code”

- requirements, designs, testcases …

Life-Cycle Traceability Agile Workflows for the DO-178

Some DO-178B workflows

System aspects related to Software Development

Section 2

Overview of aircraft and engine certification

Section 10

Software Life Cycle Process

Software Life Cycle - section 3

Software Planning Process – Section 4

Software Development Processes – Section 5

Software Verification - section 3

Software Config Management – section 7

Software Quality Assurance - Section 8

Certification Liaison - section 9

Integral Processes

Software Life Cycle Data – Section 11

Additional Considerations – Section 12

Top level workflow

Transition criteria between activities

Workflow supportWorkflow verification

Some DO-178B workflows (2)

System aspects related to Software Development

Section 2

Overview of aircraft and engine certification

Section 10

Software Life Cycle Process

Software Life Cycle - section 3

Software Planning Process – Section 4

Software Development Processes – Section 5

Software Verification - section 3

Software Config Management – section 7

Software Quality Assurance - Section 8

Certification Liaison - section 9

Integral Processes

Software Life Cycle Data – Section 11

Additional Considerations – Section 12

Requirement coverage

Requirements

Design

Coding

Reviews

Testing

Completeness Analysis

Code coverage

Traceability

Component certification workflow

Some DO-178B workflows (3)

System aspects related to Software Development

Section 2

Overview of aircraft and engine certification

Section 10

Software Life Cycle Process

Software Life Cycle - section 3

Software Planning Process – Section 4

Software Development Processes – Section 5

Software Verification - section 3

Software Config Management – section 7

Software Quality Assurance - Section 8

Certification Liaison - section 9

Integral Processes

Software Life Cycle Data – Section 11

Additional Considerations – Section 12

Qualification of Verification Tools Workflow

Requirement Coverage

Tool Operational Requirements

Reviews

Testing

Completeness Analysis

Traceability

OSEE

Open DO Components

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

Specialized for given certification standards

Open DO Components

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

OSEE Couverture… Gene-auto Topcased

Open DO Components

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

Toy certifiable projects Specialized Examples (e.g. for do-178c annexes)

Open DO Components

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

OS runtimes IP stack middleware…

Open DO Components

Open-Do

WorkflowsDocumentTemplates

QualifiableTools

EducationMaterials

CertifiableComponents

PSAC SDP, SVP, SCMP… Standards SAS…

Open DO Components

Why an open initiative for the DO-178 world?

Why Open-DO?

Educational materials for clarifying intent

Experimental test-bed for annexes

A support to the DO-178C effort

Provides a shared infrastructure- For long term investment

- For long term cost reduction

Allows some level of cooperation with competitors

Lower training costs (especially for subcontractors)

Avionics industrial community

Why Open-DO?

Lower training costs for DERs

Vehicle for clarifying specific issues

Help sharing or practices between authorities

Certification authorities

Why Open-DO?

Offers an ideal showcase for their open technologies

Tool sharing makes it easier to provide a complete supported solution

Creates and ecosystem where everyone can meet potential

customers and partners

Tool providers

Why Open-DO?

Balance

- Europe vs US

- Boeing vs Airbus

- Authorities vs Industry

Find key participants for critical mass

- Certification authorities

- Major Aeronautics players

- Established tool providers

- Academics

Attract public funds for bootstrap

Find appropriate governance rules

Keys to success

define « Open Source 2010 »

certification workflows

Annex – Information on Mentioned Projects

OSEE

Couverture

SPARK

System Engineering Environment

Focus on system engineering

Open to external tool integrationOpen development philosophy

Integrated management environment

OSEE

Application life cycle management system

First-class Eclipse project contributed by- www.eclipse.org/osee

- Apache Team (Phoenix, AZ)

- 5 years in development, 5 people full-time

- Not specific to DO-178

Development Artifacts Tracking

Requirements

Test cases

Test procedures Models Code

Tests

Tests Actual Output Tests Expected Output

OSEE Development Artifacts(import artifacts from external tools)

Traceability Model

OSEE

Slide: 33

Requirements Test cases

Test procedures

Design

CodeTests

Test Actual Output Test Expected Output

End-to-End Traceability Model

OSEE & Traceability

Slide: 34

Define Development Teams

Assign Members to Teams

Joe John

Ryan Don

Qualification

VerificationAnalysis

Joe

Don

Workflow Instantiation(example: verification of a

REQ_1_2b)

assign

assign

OSEE & Workflow Modeling/Tracking

Slide: 35

TOPCASED

Design / Analysis Model

Metamodel

Code

Toolkit in OPen source for Critical Application & SystEm Development

www.topcased.org

(formal) analysis

TOPCASED (II)

UML SysML AADL …

Graphical Modeling

Model Transformation Framework

- An Integrated Eclipse Distribution

- The Future Official Eclipse Solution for UML modeling

- http://wiki.eclipse.org/MDT-Papyrus-Proposal

ECore

Slide: 37

GeneAuto

- A Qualifiable Generic Framework for Code Generation

- Dynamic Systems Modeling: Simulink/StateFlow, Scicos

- Targeting C (and Ada soon)

- Available as a FLOSS

- along with qualification material (planned)

- Partners: Airbus, Continental, Thales-Alenia, Barco, IAI, …

Input Model

Intermediate representati

on

Code

…

…Qualified

Slide: 38

SPARK

- Annotation of Ada programs for Formal Analysis

- Partial correctness

- Information/Data Flow

- The whole technology is NOW available as a FLOSS

- http://www.praxis-his.com/sparkada/

AdaSPARK

Couverture

- Language-Independent Structural Coverage Framework

- Source coverage WITHOUT instrumentation (st, dc, mc/dc)

- Object Coverage (instructions, branches)

- Instrumented Simulation Framework

- The whole technology will be available as a FLOSS…

- including the qualification material

- https://libre.adacore.com/coverage/

Slide: 40

Couverture (II)

if Pression (M) >= P_Limit then

Alarme (M, « PRE »)

elsif Temperature (M) >= T_Limit then

Alarme (M, « TEMP »)

end if;

0x124600X12464+

...

Source CodeCross Compiler

Instrumented, Virtualized Execution

Environment Execution Traces

Object Coverage

Report

(instruction, branch)

Source Coverage

Report

(statement, DC, MC/DC)

Upcoming Events

The Lean, Agile Approach to High-Integrity SoftwareParis - March 26th, 2009

Jim Sutton, Lockheed MartinAlexandre Boutin, YahooEmmanuel Chenu, ThalesDavid Jackson, Praxis High-Integrity SystemsCyrille Comar, AdaCore

Open-Do Masterclass @ Avionics EUAmsterdam - March 11th-12th, 2009

Franco Gasperoni, AdaCore

Open-Do Masterclass @ Avionics USSan Diego – June, 1st – 2nd, 2009

Ryan Brooks, BoeingRobert B.K. Dewar, AdaCore

info@open-do.org

Next Informal Open-DO Meeting @ EclipseCon 2009Santa Clara, March 21st -25th, 2009Airbus, Boeing, AdaCore