Methodology for cost-effective software fault tolerance formission-critical systems

A computing capabilities continue to advance, there will be a concurrent rise in the number of both hardware and software faults. These will be caused by the greater volume of more complex software, by the increased number of untested software states, and by more incidents of hardware/software interaction faults as a result of increased hardware speed and density. The traditional software implemented fault tolerance: approaches have been successfully utilized in life-critical systems, such as digital flight controls, where their additional costs can be easily justified. Examples include N-Version Programming and Recovery Block approaches. However, there is still a need for dependable computing for mission-critical applications as well. Often, these traditional techniques are avoided for mission-critical systems due to the difficulty in justifying their extra up-front development cost. We provide an alternative for the high “sunk cost” of traditional software fault tolerance techniques. The methodology, called data fusion integrity processes (DFIPs), is a simple, yet effective technique for mission-critical systems. In addition, the approach establishes a framework from which other costlier, more extensive traditional techniques can be added. We present details of the DFIP methodology and a DFIP framework for Ada programs. We also briefly discuss development of a DFIP code generation system which exploits Java that will enable users to quickly build a DFIP framework in Ada, and select reusable DFIP component methods     

Certification of production-representative/productionsoftware-intensive systems for dedicated test and evaluation

Fundamental questions that arise in the certification of readiness for dedicated test and evaluation of software-intensive systems are addressed. They concern what comprises production-representative or production software, what are the software impacts on dedicated system operational test readiness, how software impacts should be considered in the certification process, and what are the retest/recertification requirements associated with software changes/modifications. A paradigm is proposed that answers these questions and outlines guidelines for implementing a solution to these issues. The paradigm is based on existing test and evaluation events and uses a combination of defense and commercial standards and definitions to propose criteria for software certification and retest or regression test     

An analysis of selected software safety standards

Standards, draft standards, and guidelines that provide requirements for the assurance of high integrity software are studied. The focus is on identifying the attributes necessary in such documents for providing reasonable assurance for high integrity software, and on identifying the relative strengths and weaknesses of the documents. The documents vary widely in their requirements and the precision with which the requirements are expressed. Security documents tend to have a narrow focus and to be more product oriented, while safety documents tend to be broad in scope and center primarily on the software development process. It is found that overall there is little relationship between the degree of risk and the rigor of applicable standards. Recommendations are provided for a base standard for the assurance of high integrity software     

Implementing reusable, instrument independent test programs in thefactory

Development of computer programs that control test sequences on Automatic Test Equipment (ATE) is costly and time consuming. Test Programs are usually written by specifying the instruments to be used in the ATE and the sequence of the setup and measurement parameters for these instruments. Reuse of test program software on other ATE is usually not possible without rewriting, revalidating and re-releasing the programs. This paper describes an implementation of a test program software development system and a standard of software runtime architecture used in our factories. The object-oriented development environment and its associated class libraries allow test programs to be written without knowledge of the ATE on which they will be run. Two main principles guided the design: the software architecture was based on recognized formal and industry standards; and our implementation used commercial off-the-shelf software products when possible. Emerging standards such as the IEEE-1226 (ABBET) as well as defacto industry standards including VXI Plug and Play have made our implementation possible. The current draft of the ABBET and P&P standards do not promote this instrument independence, but it is hoped that this will be added as the standards mature. Three immediate benefits are: cost savings that result from reusing validated test programs; cycle time reductions that result from concurrently developing test program software and ATE; and software defect reductions that result from using proven software     

基于ARINC 615A的无人机地面站软件加载设计研究

当前无人机地面站软件升级缺乏标准，而地面站软件架构复杂、规模巨大，需要一套标准的软件升 级协议保证无人机地面站软件升级的安全性和高效性。本文在深入研究ARINC 615A 数据加载协议的基础上， 根据地面站领域的实际情况，对ARINC 615A 协议进行了裁剪和适用性优化，设计了一套适合地面站领域的标 准软件升级协议，用于保证无人机地面站软件升级的标准、安全和高效。     

IEEE 1394: a growing computer connectivity standard for automatedtest

This paper describes the latest trends in the IEEE 1394 (“firewire^TM” or “iLink^TM”) standards and why it is becoming the connectivity standard of choice for automatic test applications. Why move to IEEE 1394, what are the possible risks with doing so, what are some of the myths associated with IEEE 1394 and a practical example of an automatic test application will all be presented with the prime emphasis on giving the latest information that will help you get IEEE 1394 integrated into your automatic test system     

Flight safety performance of the microwave landing system

The microwave landing system (MLS), which is scheduled to be implemented progressively over the next 10 years, is intended to supply the instrument landing system (ILS) as the international standard landing aid. MLS has been demonstrated to be superior to ILS from both performance and reliability standpoints, yet considerable debate persists on its relative merits. Although tolerance criteria for flight safety are embedded in these comparisons, flight safety has not been a major component of these discussions. The reasons why flight safety has not been an issue are addressed, and observations on the flight safety of MLS are related from a systems point of view. The effect of MLS on airport capacity is identified as a central issue. Observations are derived from a review of available documentation and operational results to date as well as discussions with the participants     

New approaches to weapon system testing or “back to thefuture”

This paper proposes abandoning the use of multipurpose ATE for “horizontal” support of weapon systems in favor of returning to “vertical” support. An R&D effort is proposed to develop a software “hot mock-up” system for field testing weapon system assemblies     

面向适航认证的模型驱动机载软件构件的安全性验证

 在软件开发的过程中为适航认证提供证据,已成为机载软件开发的研究热点。现代复杂机载软件多为构件化分布式架构,如何有效验证构件之间安全性依赖关系与适航认证标准当中规定目标的一致性,是机载软件设计阶段的一个重要问题。首先,使用系统建模语言(SysML)块图建立带有安全性特征的系统静态结构模型,将其转换为块依赖图以便进行精确的形式化描述。在此基础上给出形式验证方法,检验系统静态结构模型中的安全性依赖关系与适航认证标准中所规定目标之间是否一致。最后,通过一个飞机导航系统的例子说明如何将该方法应用于机载软件开发的过程中。利用这种方法对系统静态结构模型的安全性依赖关系进行验证,能够提高系统整体的安全性,并为适航认证提供证据。     

The J-MASS Marketplace: a new way for DoD to do business

It is current DoD policy to use commercial off-the-shelf software whenever it meets DoD requirements. The application of this policy to modeling and simulation has resulted in the concept of “The Joint Modeling and Simulation System (J-MASS) Marketplace.” J-MASS is designed as an Open Systems Architecture with the capability for the Simulation Support Environment (SSE) to be expanded by the addition of site specific software. In the “J-MASS Marketplace” industry will build commercial tools to work with J-MASS and individual organizations will license what they need for their particular site. The J-MASS SSE is a framework or backplane into which everything else plugs. A J-MASS product release would have the core capabilities, but the unique needs of various organizations would be satisfied by industry. This paper addresses how the J-MASS Marketplace could work and how compliance can be defined. It will outline opportunities for industry in both building software for the Marketplace and in defining the Marketplace concept     

Issues in microwave power systems engineering

The key issues in microwave power system engineering are beam safety, frequency allocation, and affordability. These major issues are presented, discussed, and suggestions for resolving them are offered. The issue of beam safety can be captured in the phrase “Fear of Frying.” Can a properly engineered beamed power safety system allay the public perception of microwave radiation dangers? Openness, visibility, and education may be keys to resolving this issue satisfactorily. “Not in my Spectrum” is a phrase that is frequently encountered in connection with the issue of where can the microwave power beam frequency be located. International cooperation may provide a part of the solution to this issue. “Wow, that much!” is a phrase encountered when dealing with the issue of economic affordability of large beamed power systems. A phased engineering approach for multiple uses even during construction is presented to aid in garnering revenue during the system build phase. Also, dual mode DC-RF converters are encouraged for bi-directional power flow utility and economies of scale in production     

一个模糊软件可靠性确认模型

模糊软件可靠性模型不仅适用于刻划测试阶段的软件可靠性行为,而且适用刻划确认(验收)阶段的软件可靠性行为。并给出在确认(验收)阶段判定软件是否达到可靠性目标的准则。     

The Future of UAS: Standards, Regulations, and Operational Experiences [Workshop Report]

The outcomes of "the future of UAS: standards, regulations and operational experiences" workshop, held on the 7 -8 December 2006, in Brisbane, Queensland, Australia. The goal of the workshop was to identify recent international activities in the unmanned airborne systems (UAS) airspace integration problem. The workshop attracted a broad cross-section of the UAS community, including: airspace and safety regulators, developers, operators, and researchers. The three themes of discussion were: progress in the development of standards and regulations; lessons learnt from recent operations; and advances in new technologies. This summarises the activities of the workshop and explores the important outcomes and trends as perceived by these authors.     

Software architecture for building

Test system developers can benefit greatly from a software architecture that allows for easy interchangeability of instruments in those systems. Using open industry standard software architectures such as Virtual Instrument Software Architecture (VISA), and Interchangeable Virtual Instruments (IVI), developers are able to create systems with interchangeable test instrumentation. This paper describes the VISA and IVI software standards and demonstrates how their use within a broader software architecture, which includes standard development environments and flexible test executive software, facilitates the creation of interchangeable test systems     

大型客机CATⅢ级精密进近着陆设备的适航性要求

本文主要研究CATIII运行的适航性,首先介绍了适航性的基本概念,同时指出运输类飞机有关设备、系统及安装的适航标准,然后根据进场、着陆和滑跑三个飞行阶段,从性能、完好性、有效性三个方面提出系统适航性的具体要求,此外还包括某些自动飞行控制系统的适航要求,最后简述有关使用和维修方面的持续适航性。     

Improving the productivity of complex electronic systems design byutilizing applied design methodologies

The design process of complex electronic systems consists of four traditional main stages, which are system design, electronic design, mechanical design, and design for manufacturing. Even today when many integrated computer aided design environments are in use for electronic systems design, we still seem to accept that the design process really has to follow this path of four individual design stages. It is common that we are dealing with data transfer problems between different types of CAE-applications. However, there is a possibility to avoid the disadvantages due to integration problems between the design stages if we decide to develop the design methodology itself instead of developing those independent software applications. One effective way to improve the productivity of complex electronic systems design is to tune the so-called systematic design approach by adding special aspects of electronic systems design into the questionnaires used for collecting the requirement lists for further mechanical design and DFM. Another important tool is the carefully made manufacturability analysis. The deep interaction of mechanical and electronic design, extended by manufacturability analysis can also lead to innovative solutions as presented previously by the author. In the article entitled “Manufacturability Analysis-A Useful Subset of Systems Engineering” we were able to show that the number of iteration cycles during the different design and manufacturing stages could be reduced by 50% compared to the conventional design methodology. In this paper, we illustrate additional tools to continue this promising development work     

Performability analysis of avionics system with multilayer HM/FM using stochastic Petri nets

The integrated modular avionics (IMA) architecture is an open standard in avionics industry, in which the number of functionalities implemented by software is greater than ever before. In the IMA architecture, the reliability of the avionics system is highly affected by the software applications. In order to enhance the fault tolerance feature with regard to software application failures, many industrial standards propose a layered health monitoring/fault management (HM/FM) scheme to periodically check the health status of software application processes and recover the malfunctioning software process whenever an error is located. In this paper, we make an analytical study of the HM/FM system for avionics application software. We use the stochastic Petri nets (SPN) to build a formal model of each component and present a method to combine the components together to form a complete system model with respect to three interlayer query strategies. We further investigate the effectiveness of these strategies in an illustrative system.     

Improved adaptive clutter cancellation through data-adaptivetraining

Adaptive array algorithms based on sample matrix inversion (SMI) require the availability of a secondary data set to “train” the adaptive filter. Numerous data-independent rules have been proposed for selecting this training data. However, such rules often perform poorly in inhomogeneous environments. We present data-adaptive methodologies for selecting the training data. The techniques, called “Power Selected Training” and “Power Selected Deemphasis”, use measurements of the interference environment to select training data. This work describes these algorithms and their performance on recorded radar data     

Surveillance through walls and other opaque materials

The Department of Defense (DoD) has funded a dazzling array of “high tech” solutions for many of the problems facing our military forces. Many of these “solutions” have been effective for long range mass destruction but have not been applicable for the close-in hand-to-hand combat that is on our streets. Our goal at the Hughes AET Center has been to convert “high tech” DoD capabilities into cost effective tools to help law enforcement agencies do their jobs better. Surveillance systems presently used by law enforcement officers make extensive use of television, infrared and other Line-of-Sight (LOS) surveillance systems. However, these systems cannot tell what is happening on the other side of a wall, behind bushes, around the corner, in the dark or through a dense fog. A new sensor has been developed that uses technology developed by the DoD for missile warhead fuzing. This small, light weight, low power “Radar” is based upon the fact that radio waves can penetrate nonmetallic materials. This new surveillance capability can help provide information about what is in a wall, ceiling or floor or on the other side of a door or concrete wall. Real field scenarios are used in this paper to show how this radar works and how field users can tell if someone is moving inside a building, even from remote locations     

“Dakota Sun”-the next generation solar powered racingvehicle

Based on the experience gained from Sunrayce '95, the Solar Motion Team has made many changes to the design of the next generation solar car. These changes have resulted in a vehicle that is very different from the “Solar Rolar”, The Dakota Sun is a three wheeled vehicle with separate cab and solar array. This design allows for improved aerodynamics, decreased weight, lower rolling resistance, and ease of manufacture compared to the four wheeled catamaran used in the last race. However, this design sacrifices total enclosed wheel base area, additional room for components, and added power from side solar panels, The major objectives for the team's redesigned Sunrayce '97 entry are: systems integration; decrease the weight of the car; decrease aerodynamic drag; more efficient use of available energy; and increased driver safety. The team has set a standard to use the latest available technology. Although this increases the complexity of the components, by using a systems engineering approach the “Dakota Sun” has evolved into a more integrated vehicle. This philosophy of integrated design has resulted in great improvements in mechanical design and manufacturing techniques, as well as electrical innovations. The major design changes evident from the original Sunraycen '95 vehicle are the result of an evolutionary design process that has produced the highly competitive Sunraycel '97 design outlined in this article