Open-DO masterclass at Avionics

Franco Gasperoni will be hosting an hour long masterclass dedicated to the Open-DO initiative at the upcoming Avionics event (March 11-12, 2009) in Amsterdam. In a talk written by Franco and Ryan Brooks from Boeing, he will look at the current software challenges facing avionics systems, the motivation for a communal Open-DO effort, how development and contributions to Open-DO could take place and will speculate on possible business models. Abstract In 2002 John Knight ([1], [2]) enumerated the software challenges facing aviation systems. These challenges can be summarized as follows: (1) devise better techniques to estimate and manage development costs and their corresponding schedules; (2) bring under control application scale and improve tools and techniques to develop safety-critical software with less effort; (3) improve requirements  specification  and enable whole specification analysis; (4) prevent loopholes in the interplay between systems engineering and software engineering and cater for total system modeling; (5) account for system security; (6) enable the use of commercial-off-the-shelf components as a means of reducing costs; (7) develop techniques that enforce high levels of assurance of non-interference in the absence of physical separation; and (8) address the limitation of pure verification by testing and formulate comprehensive approaches to verification. While the solution to some of these issues is complete or underway (e.g. IMA – Integrated Modular Avionics – and ARINC 653 for (7), SysML and AADL for (4), or static analysis and formal methods for (8)), others remain unsolved. Addressing the remaining issues while incorporating the possibilities offered by the upcoming DO-178C standard will be a challenge for the avionics software industry, especially if each player goes solo.  In this presentation we argue for the need of a Free and Open-Source (FOSS) environment to construct certifiable software. This environment which we call Open-DO, is intended to be the common foundation on which high-integrity tools will be able to inter-operate and off-the-shelf certifiable components developed. It will also offer an ideal environment for teaching high-integrity software development practices in academia. After providing the motivation for a communal Open-DO effort, this presentation describes some of its possible components: the Open System Engineering Environment (OSEE) [3], Topcased [4], and “Project Coverage” [5]. OSEE, originally deployed on Boeing’s Longbow Apache helicopter program, is an Eclipse-based FOSS project aimed at organizing the complex interactions between suppliers and system integrators when creating  a single large system having stringent requirements for full lifecycle traceability, safety, verification, and document deliverables. This talk will introduce OSEE and explore how it could be used as a common engineering platform to develop applications which require DO-178B/C certification. OSEE comes with an action tracking system, a change management system, as well as a requirements and document management solution. Most importantly OSEE provides a framework for the integration of other applications at the data level. One family of such applications could be Topcased, born out of the French Aerospace Valley, it is also an Eclipse-based FOSS effort focusing on model-driven engineering for the realization of critical embedded systems. Benefiting from recent advances in hardware virtualization technology, the aim of “Project Coverage” is the production of a code coverage analysis toolset capable of generating DO-178B evidence for all levels of criticality. Beyond the production of useful tools and certification material for industrial users, an important goal of “Project Coverage” is to raise awareness and interest about safety-critical and certification issues in the FOSS community. While OSEE lays the foundations for the engineering environment, and Topcased brings modeling technologies into the picture, “Project Coverage” is the first step in direction of DO-178 FOSS verification tools. “Project Coverage” was born out of the FOSS group of the System@tic R&D competitive cluster. Both Topcased and “Project Coverage” are partly supported by French public funds. In its third and final part, this presentation will consider how development and contributions to Open-DO could take place and will speculate on possible business models. The presentation will end with a call to action for others to join this effort. References [1]    J. C. Knight. “Safety-Critical Systems: Challenges and Directions”, International Conference on Software Engineering, Orlando, Florida (May 2002). http://www.cs.virginia.edu/~jck/publications/knight.state.of.the.art.summary.pdf. [2]    J. C. Knight. “Software Challenges in Aviation Systems”, International Conference of Computer Safety, Reliability and Security, Catania, Italy (September 2002). http://www.cs.virginia.edu/~jck/publications/safecomp.2002.pdf [3]    “Open System Engineering Environment”, http://www.eclipse.org/proposals/osee/. [4]    “Topcased”. http://topcased.gforge.enseeiht.fr/. [5]    “Project Coverage”. http://libre.adacore.com/coverage/.