Rationale for the development of the UK defence standards forsafety-critical computer software

Changes in the procurement environment and developments in technology that will require the adoption of new development certification procedures within the next few years are examined. Characteristics of safety-critical computer systems and the safety problems posed by digital computers are described. The way in which the changes have influenced the preparation of the new draft defence standards offered for public debate in the UK prior to their formal adoption by the Ministry of Defence is discussed. Principle features of the future safety-critical systems policy are outlined. The use of Ada for safety-critical software is considered     

Changing safety-critical software

Changing software to implement new features, correct problems, update functions, or replace obsolete hardware components (e.g., microprocessors) is a way of life in today's industry. A systematic software change process is essential for the maintenance and reuse of safety-critical software. This paper presents activities to consider when changing software in safety-critical systems. The focus is on the aviation industry; however, the concepts are also applicable to other safety-critical domains, such as medical or nuclear     

Component-Based Performance-Sensitive Real-Time Embedded Software

The software complexity is continuously increasing and the competition in the software market is becoming more intensive than ever. Therefore, it is crucial to improve the software quality, and meanwhile, minimize software development cost, and reduce software delivery time in order to gain competitive advantages. Recently, Component-Based Software Development (CBSD) was proposed and has now been applied in various industry and business applications as a possible way to achieve this goal. As verified by numerous practical applications in different fields, CBSD is able to increase software development productivity as well as improve software quality. Modern embedded real-time systems have both strict functional and non-functional requirements and they are essentially safety-critical, real-time, and embedded software-intensive systems. In particular, the crucial end-to-end quality-of-service (QoS) properties should be assured in embedded systems such as timeliness and fault tolerance. Herein, I first introduce the modern component technologies and commonly used component models. Then, the middleware in distributed real-time embedded systems is discussed. Further, adaptive system resource management is elaborated upon. Finally, the prospects of a component-based approach in implementing modern embedded real-time software is discussed and future research directions are suggested.     

Independent validation and verification of the TCAS II collisionavoidance subsystem

This paper describes the specification-based testing, analysis tools, and associated processes used to independently validate, verify, and ultimately, provide for certifying safety-critical software developed for the Traffic Alert and Collision Avoidance System (TCAS II) program. These tools and processes comprise an effective and Independent Validation and Verification (IV and V) activity applied to the Collision Avoidance Subsystem (GAS) software development process. A requirements specification language called the Requirements State Machine Language (RSML), originally developed by the University of California, Irvine (UCI), was employed for the specification of GAS. The end result is the next generation of TCAS II collision avoidance logic, referred to as Version 7, that is of a higher quality than its predecessors, meets the certification requirements of DO-178B Level B (Ref. 1), and can be shown to satisfy the new operational requirements it was developed to address     

Reducing the risks of using Ada onboard the Space Station

The Ada programming language was chosen by NASA as the primary computer programming language for the development of new software for the US Space Station. Ada was selected based on the results of investigations coordinated through Johnson Space Center (JSC) and that resulted in the identification of a set of problems and risks associated with using software developed in Ada. Some of the specific solutions to problems identified through these investigations are described. Three areas in which Ada's use poses risks are discussed: real-time process control; the testing and verification of flight software for man-rated systems; and software error detection, identification, and recovery required in safety-critical systems     

Analysis tools for the evaluation of maintenance software

Test packages written for built-in test (BIT) and mobile automatic test equipment (ATE) systems for the forward support of electronic and thermal imaging equipment used by the British Army are currently scrutinized and subjected to objective tests by test package evaluation and acceptance teams (TPEATs) before being accepted for field use. This is a time-consuming and costly exercise that can result in the rejection of unsuitable software. The result of such rejection on equipment logistics is for reaching, since the hardware will enter service without adequate maintenance support. In an attempt to address this problem a suite of programs aimed at assisting the verification and validation activities of the TPEAT at every stage of the software life cycle from requirements analysis through to testing and acceptance is being devised. The development of these tools is discussed     

Model-based robustness testing for avionics-embedded software

Robustness testing for safety-critical embedded software is still a challenge in its nascent stages. In this paper, we propose a practical methodology and implement an environment by employing model-based robustness testing for embedded software systems. It is a system-level black-box testing approach in which the fault behaviors of embedded software is triggered with the aid of modelbased fault injection by the support of an executable model-driven hardware-in-loop (HIL) testing environment. The prototype implementation of the robustness testing environment based on the proposed approach is experimentally discussed and illustrated by industrial case studies based on several avionics-embedded software systems. The results show that our proposed and implemented robustness testing method and environment are effective to find more bugs, and reduce burdens of testing engineers to enhance efficiency of testing tasks, especially for testing complex embedded systems.     

A safety kernel for traffic light control

The success of kernels for enforcing security in software systems has led to proposals to use kernels for enforcing safety. This paper presents a feasibility demonstration of one particular proposal for a safety kernel via the application of traffic light control. The paper begins with the safety properties for traffic light control and specifies a kernel that maintains the safety properties. An implementation sketch of the kernel in Ada is given and use of the kernel is discussed. The contribution of the paper is a demonstration that a kernel is a feasible and desirable technique for software in a realistic, safety-critical application. The paper also illustrates how formal methods aid the software engineer in constructing and reasoning about such software     

MEMs for Aerospace Navigation

The MEMS aerospace market has its own specificities in terms of market size, standards, and performance characteristics (very long term stability, reliability, and safety levels). Improvements are needed for future applications. THALES Avionics has a twenty-year experience in quartz and silicon MEMS design and manufacturing and is recognized as a leader by the French MOD in this field. MEMS pressure sensors and accelerometers are manufactured in large volume and used for safety-critical applications. THALES technology policy focused on planar architecture, die vacuum packaging, and deep reactive ion etching (DRIE) allowing good characteristics for sensors in development. A Silicon Vibrating Beam Accelerometer single chip is now under development. Its operating principle is described with two resonators in push-pull configuration. A tuning fork planar rate gyro is also developed with exactly the same technology for industrial efficiency. Performance results will be addressed. The development and industrialization road-map of theses inertial products is described for the following five years. Gyro-compassing grade inertial sensors would be available during the next decade allowing low-cost, high-grade navigators using simultaneously GNSS receivers and inertial MEMS navigators.     

Review on signal-by-wire and power-by-wire actuation for more electric aircraft

The huge and rapid progress in electric drives offers new opportunities to improve the performances of aircraft at all levels:fuel burn,environmental footprint,safety,integration and production,serviceability,and maintainability.Actuation for safety-critical applications like flight-controls,landing gears,and even engines is one of the major consumers of non-propulsive power.Conventional actuation with centralized hydraulic power generation and distribution and control of power by throttling has been well established for decades,but offers a limited potential of evolution.In this context,electric drives become more and more attractive to remove the natural drawbacks of conventional actuation and to offer new opportunities for improving performance.This paper takes the stock,at both the signal and power levels,of the evolution of actuation for safety-critical applications in aerospace.It focuses on the recent advances and the remaining chal lenges to be taken toward full electrical actuation for commercial and military aircraft,helicopters,and launchers.It logically starts by emphasizing the specificity of safety-critical actuation for aero space.The following section addresses in details the evolution of aerospace actuation from mechanically-signaled and hydraulically-supplied to all electric,with special emphasis on research and development programs and on solutions entered into service.Finally,the last section reviews the challenges to be taken to generalize the use of all-electric actuators for future aircraft programs.     

模拟技术在普通物理教学中的应用

计算机模拟技术广泛应用在教学和科研当中，在大学普通物理教学中引入计算机模拟能更生动和深刻揭示物理含义。本文介绍了“MATLAB软件”的发展及特点把它运用到大学物理教学中并给出一些实例，利用它强大的数学功能通过实例的建模、编程和仿真过程，来分析物理过程，该方法具有简便、直观、高效的特点。     

基于CAXA的三维物体模型重建及加工过程仿真

在介绍一种三维物体表面特征数据获取方法的基础上,利用CAXA软件平台,以普通眼镜盒实体为例,完成了对实体的三维模型重建及加工过程仿真(MPS),并提出了一种切实可行的CAT(计算机辅助测试)/CAD/CAM集成方案,为产品的设计、开发和制造提供了可行的方法与经验。     

包装设计数码化--产品包装设计的新技术

在对当前产品包装设计与现代数字技术相结合的途径及方法作了系统的阐述，主要通过“平面设计”、“平面图形处理”、“三维可视化的实现”这样一个过程来实现产品包装在样品稿阶段的数字化虚拟，进而通过计算机来完成对虚拟结果可行性的分析及相关数据的采集，最终使产品包装这一设计过程在高新技术的应用下，变得更加快捷、有效。     

建立民航维修专家系统的分析

简要介绍了专家系统的原理及构成.分析了“设计民航维修专家系统”的过程,目前加拿大正着手研制的“先进的维修软件系统”的概况.最后提出专家系统需要解决的关键技术问题及发展情况.     

用准稳态方法建立碳氢燃料点火燃烧的简化化学反应动力学模型

基于“准稳态”方法建立了一套碳氢燃料点火燃烧的化学反应动力学模型简化方法和相应的软件SPARCK,并从甲烷点火燃烧的GRI2.11详细基元反应动力学模型出发简化得出了包含16个组分12步总包反应形式的简化化学反应动力学模型,从庚烷点火燃烧的详细基元反应动力学模型出发简化得出了包含25个组分21步总包反应形式的简化化学反应动力学模型。通过其计算结果与CARM软件导出简化模型的计算结果和典型激波管试验结果的对比可以看出,本文简化得到的简化反应动力学模型能较为有效地再现详细基元反应模型的反应机理,简化模型的计算精度与CARM软件导出简化模型的计算精度相当。与详细基元反应动力学模型相比,简化模型有效地减少了反应组分,在工程计算中有比较好的应用前景。     

安全关键软件可靠性验证测试方法研究

为了在不降低安全关键软件可靠性验证测试结果可信性的前提下减少测试用例量,在分析经典统计假设测试和无先验贝叶斯统计方法的基础上,提出了一种先验知识动态整合的贝叶斯推断统计测试方法;并提供了软件失效概率的概率密度函数先验分布参数的详细求解办法。实验表明,所提供的安全关键软件可靠性验证测试方法可以用较少的测试用例获得同样的结果可信性。     

Software implemented transient fault detection in space computer

Computer systems operating in space environment are subject to different radiation phenomena, whose effects are often called “Soft Error”. Generally, these systems employ hardware techniques to address soft-errors, however, software techniques can provide a lower-cost and more flexible alternative. This paper presents a novel, software-only, transient-fault-detection technique, which is based on a new control flow checking scheme combined with software redundancy. The distinctive advantage of our approach over other fault tolerance techniques is the lower performance overhead with the higher fault coverage. It is able to cope with transient faults affecting data and the program control flow. By applying the proposed technique on several benchmark applications, we evaluate the error detection capabilities by means of several fault injection campaigns. Experimental results show that the proposed approach can detect more than 98% of the injected bit-flip faults with a mean execution time increase of 153%.     

Implementing reusable, instrument independent test programs in thefactory

Development of computer programs that control test sequences on Automatic Test Equipment (ATE) is costly and time consuming. Test Programs are usually written by specifying the instruments to be used in the ATE and the sequence of the setup and measurement parameters for these instruments. Reuse of test program software on other ATE is usually not possible without rewriting, revalidating and re-releasing the programs. This paper describes an implementation of a test program software development system and a standard of software runtime architecture used in our factories. The object-oriented development environment and its associated class libraries allow test programs to be written without knowledge of the ATE on which they will be run. Two main principles guided the design: the software architecture was based on recognized formal and industry standards; and our implementation used commercial off-the-shelf software products when possible. Emerging standards such as the IEEE-1226 (ABBET) as well as defacto industry standards including VXI Plug and Play have made our implementation possible. The current draft of the ABBET and P&P standards do not promote this instrument independence, but it is hoped that this will be added as the standards mature. Three immediate benefits are: cost savings that result from reusing validated test programs; cycle time reductions that result from concurrently developing test program software and ATE; and software defect reductions that result from using proven software     

Modelling and simulation of flight control electromechanical actuators with special focus on model architecting,multidisciplinary effects and power flows

In the aerospace field, electromechanical actuators are increasingly being implemented in place of conventional hydraulic actuators. For safety-critical embedded actuation applications like flight controls, the use of electromechanical actuators introduces specific issues related to thermal balance, reflected inertia, parasitic motion due to compliance and response to failure. Unfortu-nately, the physical effects governing the actuator behaviour are multidisciplinary, coupled and nonlinear. Although numerous multi-domain and system-level simulation packages are now avail-able on the market, these effects are rarely addressed as a whole because of a lack of scientific approaches for model architecting, multi-purpose incremental modelling and judicious model implementation. In this publication, virtual prototyping of electromechanical actuators is addressed using the Bond-Graph formalism. New approaches are proposed to enable incremental modelling, thermal balance analysis, response to free-run or jamming faults, impact of compliance on parasitic motion, and influence of temperature. A special focus is placed on friction and compliance of the mechanical transmission with fault injection and temperature dependence. Aileron actuation is used to highlight the proposals for control design, energy consumption and thermal analysis, power net-work pollution analysis and fault response.     

开放式计算机试题库系统

本文通过对开放式计算机试题库系统设计的阐述，介绍了开放式计算机试题库系统的基本特点，并阐述了计算机系统设计计算机试题库的基本环节、难点问题及解决方法，并给出了程序流程图。