Ada in the Avionics Industry

George Romanski

romanski@verocel.com

SigAda-2005 2

©

Overview

Evolution of the Ada Industry Personal Observations and Experiences

Certification Projects Certification Guidance Integrated Modular Avionics (IMA) Ada on IMA

SigAda-2005 3

©

1980 – Ada Compiler - Germany

Front-End – Karlsruhe University Host – Siemens (IMB 370 clone) Target – Siemens process control computer

Project included:Compiler ‘middle-end’Back-endCode generatorRun-time system

SigAda-2005 4

©

1980 – Ada Compiler - Germany

Front-End – Karlsruhe University Host – Siemens (IMB 370 clone) Target – Siemens process control computer

Project included:Compiler ‘middle-end’Back-endCode generatorRun-time system

Did not meet expectations !

But learned from the experience !

SigAda-2005 5

©

1983 – MCHAPS Project

Ada Compiler and support environment Well engineered design/specifications (lots of

paper) Spent lots of money

SigAda-2005 6

©

1983 – MCHAPS Project

Ada Compiler and support environment Well engineered design/specifications (lots of

paper) Spent lots of money

Did not meet expectations !

But learned from the experience !

SigAda-2005 7

©

1984 – SD-Ada

Systems Designers /Systeam (Karlsruhe) Host - VAX Target – 68K, 1750A

Bootstrap 24 hrs on VAX 785(Recompile the compiler)

SigAda-2005 8

©

1984 – SD-Ada

Systems Designers /Systeam (Karlsruhe) Host - VAX Target – M68K, 1750A

Bootstrap 24 hrs on VAX 785(Recompile the compiler)

M68K moderately successful !

VAX compiler, 1750A compiler – did not meet $ expectations

SigAda-2005 9

©

1986 - XD-Ada Compiler

Systems Designers / DEC Host - VAX Target

M68K 1750A

Front/Middle-end Vax-Ada

Commercial and Military Avionic systems

Mostly Military and spacebased systems

SigAda-2005 10

©

1986 - XD-Ada Compiler

Systems Designers / DEC Host - VAX Target

M68K 1750A

M68K Lots of $$’

1750A compiler – moderately successful

Front/Middle-end Vax-Ada

Commercial and Military Avionic systems

Mostly Military and spacebased systems

SigAda-2005 11

©

1990 Alsys

Host – Many PC with 4-MByte memory board

Targets – Many (including) Intel 68K

Used on BOEING 777C-SMART

(Certifiable Small Ada Run-Time)

SigAda-2005 12

©

1990 Alsys

Host – Many PC with 4-MByte memory board

Targets – Many (including) Intel 68K

Used on BOEING 777C-SMART

(Certifiable Small Ada Run-Time)

COTS Certification Package

using DO-178B

SigAda-2005 13

©

1991 – 1994 Boeing 777

Most systems written in Ada Many proprietary subsets Mostly certified by users

(no RTS or minimal RTS) C-SMART

Certification package was 35 pounds per 1000 LOC.

Ada – great success story !!

SigAda-2005 14

©

1998 – Ada’95 + Ravenscar

Aonix C-SMART (Ada 95) Raven

Certification package

SigAda-2005 15

©

1998 – Ada’95 + Ravenscar

Aonix C-SMART (Ada 95) Raven

Certification package

Used on several avionics projects

SigAda-2005 16

©

Verocel – 1999 – to present

‘C’ based certifications Ada Based certifications PLM Based certifications Targets

PIC micro-controller 68K Cold-Fire PPC

400 bytes RAM

½ GByte RAM(larger than Machines for early Host compilers)

SigAda-2005 17

©

Verocel – 1999 – to present

‘C’ based certifications Ada Based certifications PLM Based certifications Targets

PIC micro-controller 68K Cold-Fire PPC

400 bytes RAM

½ GByte RAM(larger than Machines for early Host compilers)

40% certification work done in Ada (measured by LOC)

All based on DO-178B

SigAda-2005 18

©

Certification Guidance

Guidance used for Software DO-178B Software Considerations in Airborne

Systems and Equipment Certification DO-248B Annual Report for Clarification of

DO-178B ARINC-653 Avionics Application Standard

Interface DO-xxx Integrated Modular Avionics Development

Guidance and Certification Considerations (SC-200 working group)

DO-178B

IMA

SigAda-2005 19

©

Continued Evolution of DO-178B Guidance

DO-178B (1991)

DO-248B DO-278 IssuePapers

CASTPapers

SC-205

DO-178C Model Based DevelopmentObject Oriented ProgrammingFormal Methods…

Annexes+

(2008?)

SigAda-2005 20

©

IMA Guidance

ARINC-653 Published in 1997 Supplement 1 published 2003 Supplement 2 ‘few months away’

SC-200 Approved by Plenary committee Aug 2005 Submitted for final editorial review and

approval To be published as DO-xxx (next available

number)

SigAda-2005 21

©

Use Of IMA

Many new projects are based on IMA architectures. Airbus 380 Boeing 787 767 Tanker C-130 AMP Airbus 400M X45, X47 (Unmanned aircraft)

SigAda-2005 22

©

Use Of IMA

Many new projects are based on IMA architectures. Airbus 380 Boeing 787 767 Tanker C-130 AMP Airbus 400M X45, X47 (Unmanned aircraft)

All of these IMA systems based on ARINC-653

SigAda-2005 23

©

Line Replaceable Units - Databus

Sensors

Effectors

LRU-CLRU-A

LRU-B

Databus

Most flying planes Use this architecture

SigAda-2005 24

©

Line Replaceable Units - Switch

Sensors

Effectors

LRU-CLRU-A

LRU-B

Databus

Switch

Switch is a high-bandwidthCommunication system

SigAda-2005 25

©

Line Replaceable Module

LRM

DC

DC

Sensors

Effectors

DC Switch

A B C

DC- Data Concentrators

LRM housesapplications A,B and C

SigAda-2005 26

©

Partitioning Applications on LRM

MOS

App. 1Ada

POS

App. 2C++

App. 3C

POS POSPartitionOperating System

ModuleOperating System

Config.Table

APEX APEX APEX

SigAda-2005 27

©

ARINC-653 Organization – on LRM

Hardware

O/SKernel

System SpecificFunctions

CoreSoftwareLayer

ApplicationsSoftwareLayer Application

Partition 1System

Partition 1

ApplicationPartition 2

SystemPartition 2

Apex Interface

SigAda-2005 28

©

IMA Model for an Ada application

Ada Application

Ada Application

ARTE

POS

Virtual Target

VirtualAddressSpace

Communication through virtual Ports only

HealthManagementSystem

SigAda-2005 29

©

Ada Objects Created not Declared

CREATE_PROCESS (Ada_Procedure, )

CREATE_SEMAPHORE

CREATE_EVENT

POSProcessObject

SemaphoreObject

EventObject

Ada Program

No AdaTasks

SigAda-2005 30

©

Ada Exceptions

Divide by zero

MOS

POS

ARTE

Exception Handler

Partition HM

Module HM

System HMH/W exception handler

SigAda-2005 31

©

ARINC 653 is a standard that abstracts the operating system services from the application

Ada fits in but gives up scheduling operations

All support libraries must be certified

Ada on ARINC 653

Ada is Highly suitable for Avionics Applicationson ARINC-653 platforms

SigAda-2005 32

©

Where does Ada fit in?

In with a good chance!

The main objection to Ada is:

SigAda-2005 33

©

Where does Ada fit in?

In with a good chance!

The main objection to Ada is:

Lack of Ada Programmers!