Avionics Software (COMP 790) Course Outline
Avionics Software (COMP 790) Course Outline
- A few notes:
- Guidelines for presenters
- The "Points of discussion" listed here are merely suggestions and are not supposed to be exhaustive.
- You are expected to search for additional literature related to your topic.
- If you do not think your topic will take most of the class period to
discuss, please talk to Mac and Jeremy ahead of time and we will find
some additional material for you to talk about.
- Please send slides to Mac and Jeremy before you present to allow them
to preview them and offer feedback. The earlier you do this, the
better.
- For questions about this page, email Mac Mollison, Jeremy Erickson, or Prof. Jim Anderson.
- Aug. 27: Introduction
- In-Class Presentations
- Introductory remarks. Jim Anderson.
- Overview of the Locke paper. Jeremy Erickson. PPT
- Required Reading
- "General Avionics Software Specification," Locke et al. PDF
- Sep. 3: Background on Avionics and Real-Time Systems
- In-Class Presentations
- Background on Avionics. Mac Mollison. PPT
- Background on Real-Time Systems. Glenn Elliott. PPTX
- Sep. 10: Certification, Survey of Avionics Applications
- Points of discussion
- Certification
- How do certification rules affect real-time avionics software?
- NEW Notes from certification webinar on Oct. 20: here.
- Avionics Applications
- What is the "state of the art" in avionics? In other words, where do we draw the line
between what technology exists and what technology needs to be developed? In considering
this question, we will briefly summarize several avionics "applications."
- Combat UAVs: Predator/Reaper and variants
- Surveillance UAVs: Global Hawk
- Future UAVs: UCAS (very brief talk by Mac and Jeremy)
- Civilian avionics: Dreamliner 787
- Space: Space Shuttle
- Possibly others?
- What technical documentation exists for these systems that is publicly accessible online? In particular, we'd like to learn:
- What kind of RTOS(s) was used
- Anything about the hardware platform
- What kind of certification was necessary
- Anything related to software engineering for the system
- In-Class Presentations
- Certification. Mac Mollison. PPT
- Survey of Avionics Applications. Guruprasad Aphale. PPT
- Required Reading
- Certification
- DO-178B Wikipedia article. link
- ARINC 653 Wikipedia article. link
- Common Criteria Wikipedia article. link
- Avionics Applications
- Architecture of the Space Shuttle Primary Avionics Software System, Carlow et al. PDF
- Supplemental Reading
- Certification
- Commercial Off-The-Shelf (COTS) Avionics Software Study, Federal Aviation Administration. PDF
- Product Focus: Software, Rosenberg. PDF
- Formal Verification of Avionics Software Products, Souyris et al. PDF
- Model Extraction for ARINC 653 based Avionics Software, Camara et al. PDF
- Avionics Applications
- Air Force UAVs: The Secret History, Ehrhard. PDF
- Sep. 17: Security
- Points of discussion
- Any relevant information on security requirements/certification that was not covered in the earlier Certification topic.
- Why would you want to have multiple levels of security on a single system?
- It seems like some security requirements are designed to withstand a "trojan horse" in the system. Is that a reasonable requirement/realistic
scenario?
- In-Class Presentation
- Required Reading
- Design and Verification of Secure Systems, Rushby. PDF
- Looking Back at the Bell-La Padula Model, Bell. PDF
- Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems, Son and Alves-Foss. PDF
- Covert Timing Channel Capacity of Rate-Monotonic Real-Time Scheduling Algorithm in MLS Systems, Son and Alves-Foss. PDF
- Supplemental Reading
- MILS Virtualization for Integrated Modular Avionics, Green Hills. PDF
- A Formal Framework for Real-Time Information Flow Analysis, Son and Alves-Foss. PDF
- Security FAQs, Wind River. PDF
- This site appears to have a lot of good, relevant material.
- Mike Reiter mentioned two papers in class:
- Making Information Flow Explicit in HiStar, Zeldovich et al. PDF
- End-To-End Enforcement of Erasure and Declassification, Chong and Myers. PDF
- Note (added Jan. 6, 2011): If you don't think malicious code could get into a critical system unless
the system's developers are malicious, read about Stuxnet. (It's probably fair to say
that this goes a long way towards answering some of the original "Points of discussion" for this topic.)
- Sep. 24: RTOSs, Part I
- Here is a list of relevant RTOSs (very much a work in progress!)
- Today's topics
- Required Reading
- RTOS Fundamentals
- Interrupts
- Split interrupt handling with priority inheritance in LynxOS. link
- Also, take a look at the patent.
- Interrupts in LynxOS. link
- Memory Management
- A Comparison of Partitioned Operating Systems for Integrated Systems, Leiner et al. PDF (Skip non-relevant sections)
- MMU and paging background information. link
- POSIX
- Real-Time Posix: An Overview, Harbour. PDF
- POSIX Function calls (for reference). link
- Supplemental Reading
- DeOS
- DeOS Slack Scheduling. White paper. PDF
- Verification and Time Partitioning in the DEOS Scheduler Kernel, Penix et al. PDF
- Real-Time Operating Systems And Component Integration Considerations in Integrated Modular Avionics Systems Report, Krodel et al. PDF
- There are some good videos on the DDC-I website, though you have to register for some of them.
- Oct. 1: RTOSs, Part II
- Today's Topics
- Survey of RTOSs (examine table of features - see link from last week)
- Virtualization, Jeremy.
- Sample RTOS implementation: FreeRTOS, Chris. PDF (Slides) PDF (Handouts)
- Required Reading
- Wind River Hypervisor, Wind River PDF
- Hypervisor, Wikipedia link
- Supplemental Reading
- Embedded Software Development with eCos, Massa. PDF
- VxWorks Product Note, Wind River PDF
- VxWorks Cert Product Note, Wind River PDF
- VxWorks 653 Product Note, Wind River PDF
- VxWorks MILS Product Note, Wind River PDF
- Applying Multi-core and Virtualization to Industrial and Safety-Related Applications, Wind River and Intel PDF
- MILS Virtualization for Integrated Modular Avionics, Kliedermacher and Wolf PDF
- INTEGRITY Brochure, Green Hills PDF
- QNX/Neutrino Site, QNX Software Systems link
- Mentor Embedded Nucleus RTOS Solution, Mentor Graphics PDF
- Embedded Hypervisor, Wikipedia link
- Oct. 8: Mixed Criticality
- In-Class Presentation
- Required Reading
- Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance, Vestal. PDF
- Multicore Operating-System Support for Mixed Criticality. Anderson, Baruah, and Brandenburg. PDF
- Mixed Criticality Real-Time Scheduling for Multicore Systems. Mollison, Erickson, Anderson, Baruah, and Scoredos. PDF
- Towards the design of certifiable mixed-criticality systems. Baruah, Li, and Stougie. PDF
- Supplemental Reading
- Designing Future Systems for Airworthiness Certification: A Look at Mixed Critical Architecture Requirements (MCAR), Homan. PDF
- A Research Agenda for Mixed-Criticality Systems, Barhorst et al. DOC
- On the Scheduling of Mixed-Criticality Real-Time Task Sets, de Niz et al. PDF
- Schedulability Analysis of Sporadic Tasks with Multiple Criticality Specifications. Baruah and Vestal. PDF (Note: Sanjoy says that, for the purposes of this course, the Baruah, Li, and Stougie paper supercedes this paper.)
- Oct. 15: Middleware
- In-Class Presentation
- Bipasa Chattopadhyay. PPTX
- Required Reading
- "What is Real-Time CORBA?" link
- Towards Safety Critical Middleware for Avionics Applications, Haverkamp et al. PDF
- The Design And Performance Of A Real Time CORBA Scheduling Service, Gill et al. PDF
- Additional Sources
- Middleware (Wikipedia) link
- Embedded Middleware (Wikipedia) link
- Real-Time CORBA with TAO link
- Real-Time Innovations, Inc. link
- Embedded Middleware State of the Art, Niemela et al. PDF
- A Middleware Architecture For UAVs, by Lopez et al. PDF
- List of middleware bundled with VxWorks. link
- Oct. 29: Communication
- Topics
- The flight computer needs to communicate to hardware systems. What requirements does this impose upon the software in the
flight hardware? For example, some standards used in avionics comm busses use time multiplexing, so data must be read from the
bus at the right time. What does this mean (if anything) for us?
- In-Class Presentation
- Recommended reading
- Nov. 12: Fault Tolerance
- Points of discussion
- Active vs. Passive Replication
- Replica Coordination
- Certification
- Replication in hardware vs. software
- Are replicas physically distributed in the plane to provide higher robustness when the plane is physically damaged?
- In-Class Presentation
- Supplemental Reading
- Fault-Tolerant Avionics, Hurt and Mulcare (2001). PDF
- A Primer to Architectural Level Fault Tolerance, Butler (2008). PDF
- An Integrated Scheduling Mechanism for Fault-Toleranct Avionics Systems, Lee et al. (1998). PDF
- Architectural Principles for Safety-Critical Real-Time Systems, Lala and Harper (1994). PDF
- This includes a nice, brief description of fault tolerance on the Boeing 777 (see the History section)
- Fault-Tolerant Architectures for Space and Avionics Applications, Siewiorek et al. (????) PDF
- Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS, Owre et al. (1995). PDF
- Design of a Fault-Tolerant COTS-Based Bus Architecture, Chau et al. (1999). PDF
- Nov. 19: Energy Issues and Hardware Platforms
- In-Class Presentation
- Energy Issues
- Hardware partial outline and optional reading (NOTE: items with an asterisk are potentially relevant for fault tolerance as well)
- Explanation of hardware configurations
- Computing hardware
- Single Board Computers
- Example (with photos): here
- Backplane (also "Carrier Card")
- Example (with photos): here
- Example of processor board that can plug into a backplane: here
- Mezannine cards ("PMC")
- AFAIK, can be supported by SBC, backplane-connecting processor boards, and directly on backplanes...
- More examples: here
- Bus standards
- Physical dimensions
- Eurocard
dimension specifications were re-used in the three bus standards
listed here; see this page for a diagram.
- ASICs/FPGAs: What are they and when are they used?
- FPGA
- ASIC
- Example: FPGA Mezannine cards for VME, VPX, etc. here
- Dealing with difficult environments
- Additional Sources
- Nov. 26: Thanksgiving Break (No Class)
- Dec. 10: Development Tools
- In-Class Presentation:
- Points of discussion
- Model-driven development tools
- SCADE
- Optional Reading
- Designing Safe, Reliable Systems using Scade, P. A. Abdulla et al. PDF
- Model driven middleware: A new paradigm for developing distributed real-time and embedded systems, A. Gokhale et al. PDF
- Timing analysis
- Performance Modelling for Avionics Systems, V. Januzaj et al. PDF
- WCET TOOL CHALLENGE 2008: REPORT, N. Holsti et al. PDF
- AbsInt's aiT Worst-Case Execution Time Analyzers
- Optional Reading
- Worst-case Execution Time Analysis For Digital Signal Processors, N. Holsti et al. PDF
- Static Timing Analysis of Embedded Software, S. Malik et al. PDF
- Custom/proprietary compilers for critical software
- Specialized development environments
- Supplementary Sources
- Online Portals
- SPRUCE Community
- Supported by AFRL, Lockheed Martin, Vanderbuilt, Drexel
- Revolves around "challenge problems" posted by engineers for academics to work on
- Includes data artifacts
- CPS-VO (Cyber-Physical Systems Virtual Organization)
- From the website: "The objective of the National Science Foundation established CPS
Virtual Organization (CPS-VO) is to actively support the
formation of a multidisciplinary community and to facilitate
broadly based collaboration on CPS"
- Introduction to Embedded Sytems: A Cyber-Physical Systems Approach, by Lee and Seshia. Free E-book. link
- RTOS Table (very much a work in progress!)
- Mars Pathfinder: A Unifying "Case Study" for the course
- The Mars Pathfinder priority inversion problem is an interesting case.
- Here is a "short," anecdotal version of the story.
- Here is a longer, more authoratative, and more technical version of the story.
- This version of the story covers (among other things) the following aspects of the Mars Pathfinder:
- Hardware (also, see here)
- Communication busses
- Operating system
- Scheduling
- Testing and debugging
- Original here. (Note that the
original does not render the ASCII diagram properly, at least in my browser; it's fixed in the mirrored version.)