ABSTRACT
The use of domain-specific modeling (DSM) in safety-critical avionics is rare, even though the ever-increasing complexity of avionics systems makes the use of DSM reasonable. DSM shows its advantage especially capturing complex systems, data and relationships. The reason for the limited use in the (safety-critical) avionics area is mainly due to the high demands on the safety of software and systems. Everything that is to be used in flight operations and development must undergo a rigorous and complex certification process. Any data used in operations must be verified. A reduction of this effort can be achieved by using qualified tools. A qualified tool can either replace or support certification activities.
This paper elaborates different use cases of how DSM could be used in relation to airworthy software. For those use cases we review the effort of a certification and retrieve the major shortcomings and showstoppers of available frameworks, e.g. infeasible qualification of DSM runtimes and the inavailability of qualification artifacts. Finally, we elaborate possible ways of mitigation.
- Bjoern Annighoefer. 2019. An Open Source Domain-Specific Avionics System Architecture Model for the Design Phase and Self-Organizing Avionics. In SAE Technical Paper Series. SAE International. Google ScholarCross Ref
- Bjoern Annighoefer, Matthias Brunner, Julian Schoepf, Bastian Luettig, Matthieu Merckling, and Peter Mueller. 2020. Holistic IMA Platform Configuration using Web-technologies and a Domain-specific Model Query Language. In 2020 AIAA/IEEE 39th Digital Avionics Systems Conference (DASC). IEEE. Google ScholarCross Ref
- Bjoern Annighoefer, Johannes Reinhart, Matthias Brunner, and Bernd Schulz. 2021. The Concept of an Autonomic Avionics Platform and the Resulting Software Engineering Challenges. In 2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS). IEEE. Google ScholarCross Ref
- Daniel Balasubramanian, Anantha Narayanan, Christopher P. van Buskirk, and Gabor Karsai. 2006. The Graph Rewriting and Transformation Language: GReAT. Electron. Commun. Eur. Assoc. Softw. Sci. Technol. 1 (2006).Google Scholar
- Gerd Behrmann, Alexandre David, and Kim G Larsen. 2004. A tutorial on uppaal. Formal methods for the design of real-time systems (2004), 200--236.Google Scholar
- Alan Burns. 1999. The Ravenscar Profile. ACM SIGAda Ada Letters XIX, 4 (Dec. 1999), 49--52. Google ScholarDigital Library
- Adrien Champion, Alain Mebsout, Christoph Sticksel, and Cesare Tinelli. 2016. The Kind 2 model checker. In International Conference on Computer Aided Verification. Springer, 510--517.Google ScholarCross Ref
- Alessandro Cimatti, Edmund Clarke, Fausto Giunchiglia, and Marco Roveri. 1999. NuSMV: A new symbolic model verifier. In International conference on computer aided verification. Springer, 495--499.Google ScholarDigital Library
- Steinberg Dave, Budinsky Frank, Paternostro Marcelo, and Merks Ed. 2009. EMF Eclipse Modeling Framework. Addison-Wesley Professional.Google Scholar
- Davide Di Ruscio. 2007. SPECIFICATION OF MODEL TRANSFORMATION AND WEAVING IN MODEL DRIVEN ENGINEERING. dissertation. Dipartimento di Informatica Universita di L'Aquila.Google Scholar
- Francois-Xavier Dormoy. 2008. SCADE 6 A Model Based Solution For Safety Critical Software Development. In Embedded Real Time Software and Systems (ERTS2008).Google Scholar
- dSpace. 2022. TargetLink dSpace. https://www.dspace.com/de/gmb/home/products/sw/pcgs/targetlink.cfm#176_25806. Accessed: 2022-01-25.Google Scholar
- Peter H. Feiler and David P. Gluch. 2012. Model-Based Engineering with AADL. Addison-Wesley, Upper Saddle River, N.J.Google ScholarDigital Library
- Robert France and Bernhard Rumpe. 2005. Domain specific modeling. Software & Systems Modeling 4, 1 (feb 2005), 1--3. Google ScholarDigital Library
- Martin Halle and Frank Thielecke. 2015. Next generation IMA configuration engineering-from architecture to application. In 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC). IEEE, 6B2--1.Google ScholarCross Ref
- Martin Halle and Frank Thielecke. 2016. Model-based transition of IMA architecture into configuration data. In 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC). 1--10. Google ScholarCross Ref
- Martin Halle and Frank Thielecke. 2019. Tool Chain for Avionics Design, Development, Integration and Test. In Software Engineering.Google Scholar
- Vance Hilderman. 2014. DO-178C Costs Versus Benefits. https://afuzion.com/do-178c-costs-versus-benefits/. Accessed: 2022-02-15.Google Scholar
- Mohamad Ibrahim and Umut Durak. 2021. State of the Art in Software Tool Qualification with DO-330: A Survey. Proceedings of the Software Engineering (2021), 22--26.Google Scholar
- Muhammad Zohaib Iqbal, Hassan Sartaj, Muhammad Uzair Khan, Fitash Ul Haq, and Ifrah Qaisar. 2019. A model-based testing approach for cockpit display systems of avionics. In 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS). IEEE, 67--77.Google ScholarCross Ref
- Frédéric Jouault and Ivan Kurtev. 2006. Transforming Models with ATL. In Satellite Events at the MoDELS 2005 Conference, Jean-Michel Bruel (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 128--138.Google Scholar
- Juha Kärnä, Juha-Pekka Tolvanen, and Steven Kelly. 2009. Evaluating the use of domain-specific modeling in practice.Google Scholar
- Dirk Kuschnerus, Felix Bruns, Attila Bilgic, and Thomas Musch. 2012. A UML profile for the development of IEC 61508 compliant embedded software. In Embedded Real Time Software and Systems (ERTS2012).Google Scholar
- Gilles Lasnier, Bechir Zalila, Laurent Pautet, and Jérome Hugues. 2009. Ocarina : An Environment for AADL Models Analysis and Automatic Code Generation for High Integrity Applications. In Reliable Software Technologies - Ada-Europe 2009. Springer Berlin Heidelberg, 237--250. Google ScholarDigital Library
- Akos Ledeczi, M Maroti, A Bakay, Gabor Karsai, J Garrett, C Thomason, G Nordstrom, J Sprinkle, and Péter Völgyesi. 2001. The Generic Modeling Environment. Workshop on Intelligent Signal Processing, Budapest, Hungary 17 (01 2001).Google Scholar
- MathWorks. 2022. Polyspace Making Critical Code Safe and Secure. https://www.mathworks.com/products/polyspace.html. Accessed: 2022-01-25.Google Scholar
- MIRA-Limited. 2004. MISRA-C:2004 - Guidelines for the use of the C language in critical systems. MIRA, Limited.Google Scholar
- P. Mueller, T. Belschner, M. Lehmann, and R. Reichel. 2018. AAA process: a new approach to affordable fly-by-wire systems for CS23 aircraft. CEAS Aeronautical Journal 9 (01 2018). Google ScholarCross Ref
- Arne Nordmann, Nico Hochgeschwender, and Sebastian Wrede. 2014. A Survey on Domain-Specific Languages in Robotics. In Simulation, Modeling, and Programming for Autonomous Robots. Springer International Publishing, 195--206. Google ScholarDigital Library
- Object Management Group. 2016. MOF Query/View/Transformation. Standard ormal/2016-06-03. Object Management Group, Milford, USA. https://www.omg.org/spec/QVT/1.3Google Scholar
- Object Management Group. 2017. OMG Unified Modeling Language. Standard formal/2015-03-01. Object Management Group, Milford, USA. https://www.omg.org/spec/UML/2.5/PDFGoogle Scholar
- Object Management Group. 2019. OMG Meta Object Facility (MOF) Core Specification. Standard formal/2019-10-01. Object Management Group, Milford, USA. https://www.omg.org/spec/MOF/2.5.1/PDFGoogle Scholar
- Leanna Rierson. 2013. Developing Safety - Critical Software - A Practical Guide for Aviation Software and DO-178C Compliance. Taylor & Francis Group LLC.Google Scholar
- Jeffrey S Rohl. 1968. A note on Backus Naur form. Comput. J. 10, 4 (1968), 336--337.Google ScholarCross Ref
- RTCA. 1992. DO-178B Software Considerations in Airborne Systems and Equipment. Standard. RTCA, Washington, USA. https://rtca.orgGoogle Scholar
- RTCA. 2011. DO-178C Software Considerations in Airborne Systems and Equipment. Standard. RTCA, Washington, USA. https://rtca.orgGoogle Scholar
- RTCA. 2011. DO-330 Software Tool Qualification Considerations. Standard. RTCA, Washington, USA. https://rtca.orgGoogle Scholar
- SAE. 2010. Guidelines for Development of Civil Aircraft and Systems. Standard. SAE. https://www.sae.org/standards/content/arp4754a/Google Scholar
- Julian Schoepf, Bjoern Annighoefer, and Reinhard Reichel. 2019. A Meta-Model and Transformation Schema for the Automated Generation of ICDs in an Automated Development Process of IMA System Functions. In Proceedings of the 7th International Workshop on Aircraft System Technologies. Shaker.Google Scholar
- S. Subbiah and S. Nagaraj. 2003. Issues with object orientation in verifying safety-critical systems. In Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003. IEEE. Google ScholarCross Ref
- Vanessa Tietz, Julian Schoepf, Andreas Waldvogel, and Bjoern Annighoefer. 2021. A concept for a qualifiable (meta)-modeling framework deployable in systems and tools of safety-critical and cyber-physical environments. In 2021 ACM/IEEE 24th International Conference on Model Driven Engineering Languages and Systems (MODELS). IEEE, 163--169.Google ScholarCross Ref
- Andres Toom, Tonu Naks, Marc Pantel, M Gandriau, and I Wati. 2008. Gene-auto: an automatic code generator for a safe subset of simulink/stateflow and scicos. In Embedded Real Time Software and Systems (ERTS2008).Google Scholar
- Lucas Wagner, Alain Mebsout, Cesare Tinelli, Darren Cofer, and Konrad Slind. 2017. Qualification of a model checker for avionics software verification. In NASA Formal Methods Symposium. Springer, 404--419.Google ScholarCross Ref
Index Terms
- Why the use of domain-specific modeling in airworthy software requires new methods and how these might look like?
Recommendations
An Approach to Modeling Software Safety
SNPD '08: Proceedings of the 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed ComputingSoftware for safety-critical systems must deal with the hazards identified by safety analysis in order to make the system safe, risk-free and fail-safe. Software safety is a composite of many factors. Existing software quality models like McCall’s and ...
Hazard Analysis Methods for Software Safety Requirements Engineering
ICSIM '22: Proceedings of the 2022 5th International Conference on Software Engineering and Information ManagementThe rise of software-based system control in safety-critical systems has made software safety a critical part of a system safety program. The risk of catastrophic software system failure increases with the growth of safety-critical technologies in ...
Formal methods in avionic software certification: the DO-178C perspective
ISoLA'12: Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: applications and case studies - Volume Part IIThe ideal of correct software has always been the goal of research in the field of Information Technologies. For the next years scientific communities hope for a great challenge: a complete strategy in software programming and software engineering ...
Comments