An open software architecture for high-integrity and high-availability avionics

M. Agrawal, S. Cooper, L. Graba, V. Thomas
{"title":"An open software architecture for high-integrity and high-availability avionics","authors":"M. Agrawal, S. Cooper, L. Graba, V. Thomas","doi":"10.1109/DASC.2004.1390766","DOIUrl":null,"url":null,"abstract":"We describe a software architecture that can greatly reduce re-certification costs associated with the re-hosting of avionics applications from one platform to another. This is achieved by (1) enabling the development of core application components independent of platform specific concerns related to I/O and fault-tolerance, (2) defining abstractions of platform I/O and fault-tolerance strategies for use by application components, and (3) providing transforms that enable system integrators to build a system with its specific I/O and fault-tolerance requirements using platform-independent application components. Application component and transform source code (and in many cases, binaries) can be moved from one platform to another without the need for modification. The system configuration and any new transforms developed still need to be recertified. The I/O abstractions defined by the architecture are key to enable the development of platform independent application components. Inputs to components are simple values (signals) with attributes such as refresh rate and units. On different platforms, these values may be generated at different rates, in different units, and in different ways (by combining values from multiple sources, produced by a fail-stop source, etc.). Transforms mask these platform differences from application components. Similarly, differences in component output attributes and those required by the platform are handled by transforms. The architecture makes provision for application specific built-in-tests, fault-detectors, and reconfiguration strategies. Again, these are specified and implemented independent of core application functionality, allowing application components to be moved across platforms with different fault-tolerance strategies. A software framework based on this architecture has been implemented and demonstrated using an FMS-like application. Core application functionality was implemented as components and packaged as shared libraries. Multiple I/O and redundancy schemes were then constructed using these application modules by changing only the configuration. This demonstrated the feasibility of developing application components in a platform independent manner and configuring them for different platforms.","PeriodicalId":422463,"journal":{"name":"The 23rd Digital Avionics Systems Conference (IEEE Cat. No.04CH37576)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 23rd Digital Avionics Systems Conference (IEEE Cat. No.04CH37576)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DASC.2004.1390766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

We describe a software architecture that can greatly reduce re-certification costs associated with the re-hosting of avionics applications from one platform to another. This is achieved by (1) enabling the development of core application components independent of platform specific concerns related to I/O and fault-tolerance, (2) defining abstractions of platform I/O and fault-tolerance strategies for use by application components, and (3) providing transforms that enable system integrators to build a system with its specific I/O and fault-tolerance requirements using platform-independent application components. Application component and transform source code (and in many cases, binaries) can be moved from one platform to another without the need for modification. The system configuration and any new transforms developed still need to be recertified. The I/O abstractions defined by the architecture are key to enable the development of platform independent application components. Inputs to components are simple values (signals) with attributes such as refresh rate and units. On different platforms, these values may be generated at different rates, in different units, and in different ways (by combining values from multiple sources, produced by a fail-stop source, etc.). Transforms mask these platform differences from application components. Similarly, differences in component output attributes and those required by the platform are handled by transforms. The architecture makes provision for application specific built-in-tests, fault-detectors, and reconfiguration strategies. Again, these are specified and implemented independent of core application functionality, allowing application components to be moved across platforms with different fault-tolerance strategies. A software framework based on this architecture has been implemented and demonstrated using an FMS-like application. Core application functionality was implemented as components and packaged as shared libraries. Multiple I/O and redundancy schemes were then constructed using these application modules by changing only the configuration. This demonstrated the feasibility of developing application components in a platform independent manner and configuring them for different platforms.
用于高完整性和高可用性航空电子设备的开放式软件体系结构
我们描述了一种软件架构,它可以大大降低与航空电子应用程序从一个平台重新托管到另一个平台相关的重新认证成本。这可以通过以下方式实现:(1)使核心应用程序组件的开发独立于与I/O和容错相关的平台特定关注点;(2)定义供应用程序组件使用的平台I/O和容错策略的抽象;(3)提供转换,使系统集成商能够使用与平台无关的应用程序组件构建具有特定I/O和容错需求的系统。应用程序组件和转换源代码(在许多情况下是二进制代码)可以从一个平台移动到另一个平台,而无需修改。系统配置和开发的任何新转换仍然需要重新认证。体系结构定义的I/O抽象是支持开发与平台无关的应用程序组件的关键。组件的输入是带有刷新率和单位等属性的简单值(信号)。在不同的平台上,这些值可能以不同的速率、不同的单位和不同的方式生成(通过组合来自多个源的值,由故障停止源产生,等等)。转换从应用程序组件中屏蔽了这些平台差异。类似地,组件输出属性和平台所需属性之间的差异由转换处理。该体系结构为特定于应用程序的内置测试、故障检测器和重新配置策略提供了准备。同样,这些功能的指定和实现独立于核心应用程序功能,允许使用不同的容错策略跨平台移动应用程序组件。基于该体系结构的软件框架已经实现,并使用类似于fms的应用程序进行了演示。核心应用程序功能作为组件实现,并打包为共享库。然后使用这些应用程序模块通过仅更改配置来构建多个I/O和冗余方案。这证明了以平台独立的方式开发应用程序组件并为不同平台配置它们的可行性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信