ARINC 653

Viatra2 (VIsual Automated model TRAnsformations) is a general-purpose model transformation engineering framework that aims at supporting the entire life-cycle, i.e. the specification, design, execution, validation and maintenance of transformations within and between various modeling languages and domains in the MDA. This paper reports on the current status of the tool and sketches some future directions.

Symmetric multiprocessing (SMP) and Time and Space Partitioning (TSP) are two complementary paradigms for the design of multi-core-based aerospace systems. They impose new steps in the development process: capturing complex configuration attributes, analyzing their correctness – in particular their predictability – while guaranteeing performance. In this context, model-based techniques provide a well-suited framework to design, analyze and automatically synthesize those systems. In this paper, we report on a set of extenstions of TASTE to support SMP and TSP-based multi-core platforms. We first present the key architectural elements of these systems and then detail how these have been integrated as part of the code generation tool-chain. We then present experiments realized on two case studies and two hardware targets, both provided with the RTEMS operating system and XTRATUM hypervisor.

The ARINC 653 specification defines the functionality that an Operating System (OS) must guarantee to enforce robust spatial and temporal partitioning as well as an avionics application programming interface for the system. The standard application interface-the ARINC 653 Application Executive (APEX)-is defined as a set of software services a compliant OS must provide to avionics application developers. The ARINC 653 specification defines the interfaces and the behavior of the APEX but leaves implementation details to OS vendors. This paper describes an OS independent design approach of a Portable APEX interface. POSIX, as a programming interface available on a wide range of modern OS, will be used to implement the APEX layer. This way the standardization of the APEX is taken a step further: not only the definition of services is standardized but also its interface to the underlying OS. Therefore, the APEX operation does not depend on a particular OS but relies on a well defined set of standardized components.

declara ceder os seus direitos de cópia sobre o seu Relatório de Projecto em Engenharia Informática, intitulado "AMOBA-ARINC653 Simulator for Modular Space Based Applications", realizado no ano lectivo de 2007/2008 à Faculdade de Ciências da Universidade de Lisboa para o efeito de arquivo e consulta nas suas bibliotecas e publicação do mesmo em formato electrónico na Internet.

The ARINC 653-based AIR (ARINC 653 in Space Real-Time Operating System) architecture, developed as a response to the interest of the aerospace industry in adopting the concepts of Integrated Modular Avionics (IMA), proposes a partitioned environment, observing strict temporal and spatial segregation, in which partitions are able to use different (real-time) operating systems and host applications of different criticality levels. This paper centers on recent enhancements to the AIR architecture, like the AIR POS Adaptation Layer (PAL), which aim at optimizing the development and integration processes with the flexible support to new partition operating systems (POS) in mind. We also discuss the current efforts, which already benefit from the properties of the AIR Technology, to integrate Linux as a POS, exploiting the concepts of the paravirtualization interface currently provided by the Linux kernel. Resumo. A arquitectura AIR (ARINC 653 in Space Real-Time Operating System), baseada na especificação ARINC 653 e desenvolvida como resposta ao interesse da indústria aeroespacial em adoptar os conceitos de Integrated Modular Avionics (IMA), propõe um ambiente compartimentado e com observância estrita de segregação temporal e espacial, onde as partições podem utilizar diferentes sistemas operativos (de tempo-real) e conter aplicações com diferentes níveis de criticalidade. Este artigo centra-se em melhoramentos recentesà arquitectura AIR, como o componente AIR POS Adaptation Layer (PAL), que visam optimizar os processos de desenvolvimento e integração, com a flexibilidade no suporte a novos sistemas operativos em mente. Discutimos também os esforços actuais, que já beneficiam das propriedades da tecnologia AIR, para integrar o Linux como sistema operativo de uma das partições, explorando os conceitos da interface de paravirtualização actualmente fornecida pelo núcleo Linux.

The Integrated Modular Avionics and the ARINC 653 specifications are assuming a key role in the provision of a standard operating system interface for safety-critical applications in both the aeronautic and space markets. The AIR Technology, designed within the scope of an ESA initiative to develop a proof of concept, implements the notion of robust temporal and spatial partitioning. A different operating system kernel may be used per partition, furnishing the bare services to build the ARINC 653 application programming interface. This paper describes the advances done during AIR-II, an initiative to evolve the AIR Technology proof of concept towards an industrial product. Current prototype activities are based on RTEMS and on the SPARC V8 LEON3 processor and work is being done on the integration of Linux in the AIR Technology.

Hardware/software (HW/SW) Co-development techniques exploits the trade-offs between hardware and software in a system through their parallel design, taking advantage of the flexibility of the system design to develop architectures that can meet stringent timing and performance requirements with a shorter design cycle. Advances in the automation of the design of HW and SW, the adoption of the Model Driven Architecture (MDA) paradigm and Component-Based techniques make possible the definition of a proper integration substrate that facilitates the continuous interaction of the HW and SW development paths.

This paper explains and documents the usage of ProtoBusMAG, a software option, now available on
all LeCroy oscilloscopes. This case study spans three functions: MessageToValue, DeltaMessage and
BusLoad. Each one is exemplified on real data on a CAN bus emitted by an inertial sensor.
ProtoBusMAG operates on any decoded stream generated by a LeCroy oscilloscope, such as UART,
MIL-STD-1553, SPI, ARINC 429, LIN, FlexRAY, MIPI, etc. and provides unprecedented insights into the
quality and structure of the data at both the analog and digital levels.

Avionics is one kind of domain where prevention prevails. Nonetheless fails occur. Sometimes due to pilot misreacting, flooded in information. Sometimes information itself would be better verified than trusted. To avoid some kind of failure, it has been thought to add,in midst of the ARINC664 aircraft data network, a new kind of monitoring.

An open distributed system is a network of computer modules upon which one or more computer applications can run and inter-communicate. Recently there has been a move to use an open distributed system, known as Integrated Modular Avionics (IMA), aboard aircraft. To fully utilise the benefits of IMA, such as incremental upgrade, a change is needed to the safety analysis and certification of avionics computer systems. At present aircraft computing systems are, generally, physically separate units, with software tightly bound to the underlying computing hardware. Individual systems analysis examines the unit as a whole entity, producing a monolithic safety case. Thus, even a small change in the system can mean that extensive re-analysis is required. Clearly if incremental upgrades are to be achieved for a system as complex as IMA a different approach is required. This paper presents a framework for certification which adapts existing ARP standards, detailing a number of "consolidating interaction" activities that are required between the operating system and applications developers and safety analysts during the development lifecycle in order to facilitate largely independent safety analysis of the components, whilst still ensuring that the system is acceptably safe. We demonstrate how these activities will help establish a maintainable safety case for IMA.

To build reliable avionic applications, we interconnect Integrated Modular Avionics (IMA) architectures with Time- Triggered Ethernet (TT-Ethernet). These systems have direct impacts on human lives where the failure is unacceptable. Therefore, verification is an important issue to ensure the safety and the performance of the system. The integration of IMA architectures is a very complex and challenging engineering task. To cope with complexity and to perform verification, a model-based approach, which endows engineering teams with a methodology and an adequate tooling is of a paramount importance. To design IMA architectures interconnected with TT-Ethernet, we have proposed an extension of the AADL language in previous works. In this paper, we present a simulation-based verification of our extension and show how it can be simulated using a discrete event simulation environment called DEVS Suite. The main advantage of this technique is to perform cycle-accurate simulation of the comp...

Data races in multi-threaded programs may occur when multiple accesses on different threads access a shared location without proper synchronization, and one of them is a store. It is difficult to develop data race free programs and to manually fix existing data races in the programs, because they may lead to unpredictable results to the programmer. This paper presents a technique that heals data races using software transactional memory. This technique consists of Transactional Region Specifier, which localizes the incorrect code blocks including shared variables, and Instrumentor, which inserts transactional memory codes to heal data races. We evaluate the accuracy of our healing technique using a set of synthetic programs.

ION AND REFINEMENT techniques are the cornerstone of design methodologies. Abstraction is the fundamental device by which designers extract the essential features of a complex problem, reducing the complexity of its representation and manipulation and increasing productivity. This process has been shaped during the past few decades through conceptual representations and languages that are progressively more detached from a given system's implementation because they neglect details that are relevant only in the context of specific realizations. The converse process of refinement fills out those details with tools that can evaluate design alternatives through simulations and analysis and, when possible, through synthesis and compilation techniques. In most cases, the refinement step proceeds by mapping, decomposing, and subsequently assembling the system from elementary parts, or components, that encapsulate a logical unit of behavior. The adoption of component-based methodologies has paved the way to the development of the model-based approach to design (for example, see Terrier and Gérard 1). This shift was marked by an increased use of concurrency, which more naturally maps on the structure of modern distributed embedded systems, over the traditional software paradigm of sequential execution. Concurrency, however, increases complexity, because the number of interactions that must be considered tends to grow more than linearly with the number of components, and sometimes significantly so. This has led to the proliferation of a host of component models, whose primary purpose is to constrain the kind of interaction patterns available to designers, to simplify the analysis or achieve a certain degree of expressiveness. Designers use component models because they are convenient ways to represent a design and because designers can choose the abstraction that best matches the characteristics of the system under development. Convergence of technologies into the same application area, however, results in heterogeneous Metamodeling Editor's note: This article provides an overview of current efforts in Europe for using metamodeling in the integrated development of critical systems such as automotive electronics. It distinguishes between lightweight versus heavyweight approaches, surveys a number of related current European projects, and gives details about the Speeds project to illustrate the role of metamodeling-driven system engineering.

This document proposes an agile software process for the development of avionics software. Developers of mission critical airborne software are heavily constrained by the RTCA DO-178B regulations. These regulations impose strict rules regarding traceability and documentation that make it extremely hard to employ an iterative software development process. In particular, the extra validation overhead increases the time spent on small iteration cycles (for example, a bug-fix) to several weeks. Currently, this sector is also pressed to switch to a more agile, customer driven approach. This document is meant as a guide to speed up development and cope with changing requirements using agile techniques in the avionics domain. The process indicates the major difference with standard agile project development and applies these changed principles on well-known agile practices. It explains why certain agile techniques have less effect as the project progresses and and points out the stadia in which practices are beneficial and where they might cause a slowdown.

Model Driven Engineering (MDE) is gaining popularity as an alternative to the code-centric software development approach. Model Transformation (MT) is one of the main components of MDE. MT can be visualized as a program with models as inputs. Model evaluation and processing is automated by a Model Transformation tool. In this paper, we walk through the terminologies involved in MT and elaborate the benefits of MT with practical usage scenarios. The paper highlights the most recent challenges faced in the process to make model transformation more sophisticated. The intent of the paper is to portray a complete picture of model transformation in a way to relate the practical implementations with respect to the theoretical aspects of MT. The paper concludes by putting lights on some of the current trends in the field and the areas in model transformation where significant contribution is the needed.

This paper presents a visualization tool that provides the overall information of process synchronization based on the event services in ARINC-653 applications. The tool visualizes logical synchronization among processes and race conditions by the violations of synchronization order, such as the priority inversion, through analyzing the aspect of the process execution and the accesses to the shared resources of each partition considering event services. We evaluated our visualization tool using synthetic programs for ARINC-653 on a simulation system for integrated modular avionics.

Sponsored by the European Community under the 6th Framework Program (FP6), the "Distributed equipment Independent environment for Advanced avioNic Applications", also known by its acronym, DIANA, is a consortium working to enhance existing IMA platforms and development means.

Data races in multi-threaded programs may occur when multiple accesses on different threads access a shared location without proper synchronization, and one of them is a store. It is difficult to develop data race free programs and to manually fix existing data races in the programs, because they may lead to unpredictable results to the programmer. This paper presents a technique that heals data races using software transactional memory. This technique consists of Transactional Region Specifier, which localizes the incorrect code blocks including shared variables, and Instrumentor, which inserts transactional memory codes to heal data races. We evaluate the accuracy of our healing technique using a set of synthetic programs.

This paper presents a dynamic detector, called Race-653 that locates atomicity races in ARINC-653 applications using an on-the-fly analysis technique. Race-653 consists of 653-Monitor and 653-Detector modules. The 653-Monitor collects monitored information during an execution of the applications, such as processes, semaphores, and accesses for each shared resource. The 653-Detector reports atomicity races by checking violations of a synchronization discipline based on semaphore. We implemented the detector as a PIN tool using PIN binary instrumentation framework and evaluated accuracy of the tool on a simulation system for integrated modular avionics.

ARINC 653 Specification defines a standardized interface of real-time operating systems and an Application Executive (APEX) to develop the reliable applications for avionics based on Integrated Modular Avionics (IMA). The requirements of system platform based on ARINC 653 Standard are defined as configuration data and are integrated to the XML configuration file(s) in the real-time operating system. Unfortunately, existing configuration tools for integrating requirements do not provide checking the syntax errors of XML and verifying the integrity of input data for partitioning. This paper presents a configuration tool for ARINC 653 OS that consist of Wizard module which generates the basic configuration data for IMA based on XML Scheme of ARINC 653 Standard, XML and Partition Editor for the partitioning system of IMA, and Verification module which checks the integrity of input data and XML syntax with its visualization.

The ARINC-653 standard architecture for flight software specifies an application executive which furnishes an application programming interface and defines a hierarchical framework which provides health management for error detection and recovery. In every partition of the architecture, however, asynchronously concurrent processes or threads may include concurrency bugs such as unintended race conditions which are common and difficult to remove by testing. To reinforce the capability of the ARINC-653 health management system and to increase the reliability of flight software, this paper describes the development of a race healing framework in a simulated ARINC-653 platform which provides ARINC-653 programming interface. The experimental results allow us to argue that our race healing framework is practical enough to be configured under the ARINC-653 partitions.

Applying Model Driven Architecture (MDA) concepts and tools to Multi Agent Systems (MAS) is a topic of great interest in recent years. MDA intends to reduce computer code development effort via model transformations and makes complex systems available and more practical for research. In this work, we propose a model transformation process for a widely used agent-based modeling and simulation tool, RePast Simphony. We adopt SysML for the platform-independent specification of an agent. We provide platform-independent and platform-specific models for an agent model, a mapping between them and a meta-model specification for RePast Flowchart Diagrams. We show the process for a SysML to RePast round-trip model transformation. Our work covers transformations to/from SysML Activity Diagram from/to RePast Flowchart Diagram.

Avionic systems have been migrating from the legacy federated architecture towards an integrated modular architecture (IMA). The IMA architecture replaces the equipment principle by a set of interoperable components (hardware and software). The interoperability between the integrated components requires a detailed specification and description of their interfaces, which, in the avionic domain, is usually written in Interface Control Documents (ICD). However, ICD creation and usage during the integration process is challenging. In fact, the two main problems with the usage of ICDs are the lack of a commonly accepted language to define and use them on the one hand, and the lack of tool support in their production and consumption. In this paper, we present our approach and methodology to overcome these limitations.

Abstract. The Model Driven Development (MDD) paradigm stimulates the use of models as the main artifacts for software development. These models can be situated at high levels of abstraction, close to the application's business domain. Many consecutive automatic transformations (a transformation chain) can be applied to these models to add the necessary details in order to generate a concrete implementation. This means that a large part of the total development effort is relocated to the development of transformations and hence we should have the necessary tooling support for designing transformation chains. In this paper we propose a metamodel for a transformation chain modeling language that enables implementation independent composition of transformations. We also propose a concrete syntax for this language that is based on UML activity diagrams.

In this paper, we present a transition journey of automotive software architecture design from using legacy approaches and toolchains to employing new modeling capabilities in the recent releases of Matlab/Simulink (M/S). We present the seamless approach that we have employed for the software architecture modeling of a mixed-critical electric powertrain controller which runs on a multi-core hardware platform. With our approach, we can achieve bidirectional traceability along with a powerful authoring process, implement a detailed model-based software architecture design of AUTOSAR system including a detailed data dictionary, and carry out umpteen number of proof-of-concept studies, what-if scenario simulations and performance tuning of safety software. In this context, we discuss an industrial case study employing valuable lessons learned, our experience reports providing novel insights and best practices followed.

The application of the Model Driven Architecture (MDA) approach to the design of embedded software based on Real-Time Operating Systems (RTOS) is encouraged by the fact that such software has a wide variety of platforms. In this way, the creation of methods for the development of platform models that meet such diversity of platforms is necessary. This study proposes a method called PM-MDA for the development of platform models that design embedded software based on RTOS in the context of MDA. In addition, this study defines the swxRTOS metamodel, a UML 2.0 profile for RTOS based on embedded software design. Such profile defines a set of stereotypes to describe Platform Models (PMs) and is intended to generically describe the services provided by a given embedded system platform of the RTOS. This profile promotes the creation of Platform Models, which will be used as input parameters in the model transformation. Due to the inherent complexity in embedded software design and the existence of a wide variety of platform models, new methods that support the development of such software become crucial.

Sponsored by the European Community under the 6th framework program (FP6), the "Distributed equipment Independent environment for Advanced avioNic Applications", also known by its acronym, DIANA, is a consortium working to enhance existing IMA platforms and development means. The existing industry open standards for integrated modular avionics (IMA) such as ARINC 653 do not cover all aspects to promote factual

In the last couple of decades we have witnessed a steady growth in the complexity and widespread of real-time systems. In order to master the rising complexity in the timing behaviour of those systems, rightful attention has been given to the development of time-predictable computer architectures. The Patmos time-predictable microprocessor used in the T-CREST project employs performance-enhancing hardware while keeping the system analyzable. Time composability, at both hardware and software level, is a considerable aid to reducing the integration costs of complex applications. A time-composable operating system, on top of a time-composable processor, facilitates incremental development, which is highly desirable for industry. This paper makes a twofold contribution. First, we present enhancements to the Patmos processor to allow achieving time composability at the operating system level. Second, we extend an existing time-composable operating system, TiCOS, to make best use of advanced Patmos hardware features in the pursuit of time composability.

Abstract. With conventional methods of performing verification and validation- heavily reliant on testing performed late in the software production process-the late detection of errors adds substantially to project costs and delays in delivery, and introduces significant risks. This paper presents a method of software development aimed at "correctness by construction", which greatly attenuates these problems. The process described here has been applied successfully to the development of avionic software for the new C-130J ("Hercules") aircraft. 1

Model-driven engineering (MDE) is becoming a key approach in systems engineering, including Integrated Modular Avionics (IMA) design. It relies on systematic use of models from an early phase of the design process to provide source code generation, validation and analysis support. However, due to the complexity of IMA systemsthat may incorporate hundreds of avionics functions and dozens of execution nodeseven early stage model-based analysis of their design can become cumbersome. This is especially true for safety related nonfunctional requirements like communication channel redundancy or error propagation and contamination. In this paper, we present a model-driven framework to support the iterative design and analysis of IMA systems using an integrated Simulink model for analyzing the complete HW-SW architecture of the system.

Current and upcoming avionics systems must be able to accommodate expected growing application software volume and capability. The software domain has struggled to meet increasing demands while retaining the necessary level of confidence in its appropriate operation. Meanwhile, although computing components are becoming less expensive, the fixed and operational costs of hardening them to their potential environments are not progressing with the same speed. We introduce a flexible architecture based on distribution of function and assured reconfiguration that can react to failures in both hardware and software. Reconfiguration, when its safety properties are assured, can enhance analysis capabilities for critical safety properties and reduce certification costs for much of the system. This paper outlines an architecture for assured reconfiguration, the principles of reconfiguration assurance, and the accompanying cost and safety arguments.

Current and upcoming avionics systems must be able to accommodate expected growing application software volume and capability. The software domain has struggled to meet increasing demands while retaining the necessary level of confidence in its appropriate operation. Meanwhile, although computing components are becoming less expensive, the fixed and operational costs of hardening them to their potential environments are not progressing with the same speed. We introduce a flexible architecture based on distribution of function and assured reconfiguration that can react to failures in both hardware and software. Reconfiguration, when its safety properties are assured, can enhance analysis capabilities for critical safety properties and reduce certification costs for much of the system. This work outlines an architecture for assured reconfiguration, the principles of reconfiguration assurance, and the accompanying cost and safety arguments.

It is a great honor for me, to deliver the opening remarks of our panel. Because of Pandemics we have online program. We will have 18 papers from 9 different countries. Istanbul Aydın University host OSTIV Met Panel again. The first one was organized at ABMYO/IAU in Istanbul in 2005. MET Panel, 2021brings together leading scientists, pilots, researchers, engineers, directors of companies in the field of Meteorology for Soaring to exchange information on their latest research progress which covers a wide range of critically important topics. I would like to thank OSTIV President, MET PANEL Chair, Session Chairs, authors/coauthors for contributions, I wish a successful panel. Dear participants, I would like to give some information to OSTIV Met Panel, The VISION of the Meteorological Panel is the worldwide exchange of ideas in the field of meteorology as a contribution to the development of air sports: gliding, hang-gliding, paragliding and ballooning. The MISSION of the Meteorological Panel is to bring together and coordinate the people and necessary elements to create a forum for education and development. The STRUCTURE of the Meteorological Panel is designed to offer support and networking opportunities to meteorologists, pilots and other people, who are interested in meteorology for air sports, such as: Regular meetings and seminars to discuss and exchange, ideas of new methods, models and tools and to, measure the atmosphere with gliders or motor gliders; working groups for specific projects.

Traceability is considered crucial for establishing and maintaining consistency between software development artifacts. Although considerable research has been devoted to relating requirements and design artifacts with source code, less attention has been paid to relating requirements with architecture by using well-defined semantics of traces. We present a tool that provides trace establishment by using semantics of traces between R&A (Requirements and Architecture). The tool provides the following: (1) generation/validation of traces by using requirements relations and/or verification of architecture, (2) generation/validation of requirements relations by using traces. The tool uses the semantics of traces together with requirements relations and verification results for generating and validating traces. It is based on model transformations in ATL and term-rewriting logic in Maude.

In software engineering the role of software architecture as a means of managing complexity and achieving emergent qualities such as modifiability is increasingly well understood. In this paper we demonstrate how many principles from the field of software architecture can be brought across to the field of safety case management in order to help manage complex safety cases. Traditional approaches to certification of modular systems as a statically defined configuration of components can result in a large certification overhead being associated with any module update or addition. A more promising approach is to attempt to establish a modular, compositional, approach to constructing safety cases that has a correspondence with the modular structure of the underlying architecture. This paper establishes the mechanisms for managing and representing safety cases as a composition of safety case 'modules'. Having defined the concept of a modular safety case, the paper also describes ...

The application of the Model Driven Architecture (MDA) approach to the design of embedded software based on Real-Time Operating Systems (RTOS) is encouraged by the fact that such software has a wide variety of platforms. In this way, the creation of methods for the development of platform models that meet such diversity of platforms is necessary. This study proposes a method called PM-MDA for the development of platform models that design embedded software based on RTOS in the context of MDA. In addition, this study defines the swxRTOS metamodel, a UML 2.0 profile for RTOS based on embedded software design. Such profile defines a set of stereotypes to describe Platform Models (PMs) and is intended to generically describe the services provided by a given embedded system platform of the RTOS. This profile promotes the creation of Platform Models, which will be used as input parameters in the model transformation. Due to the inherent complexity in embedded software design and the existence of a wide variety of platform models, new methods that support the development of such software become crucial.

The application of the Model Driven Architecture (MDA) approach to the design of embedded software based on Real-Time Operating Systems (RTOS) is encouraged by the fact that such software has a wide variety of platforms. In this way, the creation of methods for the development of platform models that meet such diversity of platforms is necessary. This study proposes a method called PM-MDA for the development of platform models that design embedded software based on RTOS in the context of MDA. In addition, this study defines the swxRTOS metamodel, a UML 2.0 profile for RTOS based on embedded software design. Such profile defines a set of stereotypes to describe Platform Models (PMs) and is intended to generically describe the services provided by a given embedded system platform of the RTOS. This profile promotes the creation of Platform Models, which will be used as input parameters in the model transformation. Due to the inherent complexity in embedded software design and the existence of a wide variety of platform models, new methods that support the development of such software become crucial.

This paper describes the reconfiguration strategy and mechanisms adopted in the Integrated Modular Avionics (IMA) based platform designed and evaluated in the scope of the European research and development project DIANA. The mechanisms aim at improving dispatchability of aircrafts while keeping a reasonable and limited impact on certification costs. The paper first introduces the concept of multi-static reconfiguration i.e., a set of pre-qualified configurations from which the active one will be autonomously selected according to the system health state at system start-up. A configuration selection mechanism, exploiting a Byzantine Agreement algorithm, is discussed. Particular attention is paid to the proof of correctness of the adopted algorithm. Practical considerations concerning its implementation, like, for instance, the authentication protocol to be used are also considered. Finally, the implementation of the mechanism on top of an ARINC 653 Application Executive is briefly described.

The paper reports Rzeszow University of Technology Research Team contributions to the European Community SCARLETT project. The main objective of the research team was to prepare an avionic pitch control hard real-time application following ARINC 653 and ARINC 664 specifications. VxWorks 653 and PikeOS real-time operating systems are the application platforms. The paper mentions a general SCARLETT project objectives and the ARINC 653 specification. The main part of the paper includes a report of the application's development and its evaluation. ARINC 653, VxWorks 653, PikeOS, hard real-time systems, control systems, avionics, Integrated Modular Avionics I. INTRODUCTION Modern airliner's computer systems include a vide set of hard real-time applications [7]. Typical avionic components such as cruise speed, flight level or pitch angle control systems can be good examples of them. It is worth to notice that the avionic hard real-time systems have to usually both execute control ...

The paper reports Rzeszow University of Technology Research Team contributions to the European Community SCARLETT project. The main objective of the research team was to prepare an avionic pitch control hard real-time application following ARINC 653 and ARINC 664 specifications. VxWorks 653 and PikeOS real-time operating systems are the application platforms. The paper mentions a general SCARLETT project objectives and the ARINC 653 specification. The main part of the paper includes a report of the application's development and its evaluation. ARINC 653, VxWorks 653, PikeOS, hard real-time systems, control systems, avionics, Integrated Modular Avionics I. INTRODUCTION Modern airliner's computer systems include a vide set of hard real-time applications [7]. Typical avionic components such as cruise speed, flight level or pitch angle control systems can be good examples of them. It is worth to notice that the avionic hard real-time systems have to usually both execute control ...

This paper reports successive steps of a real-time avionic pitch control application creation. The application structure follows a new real-time systems development profile published in ARINC specification 653. The paper mentions some main ARINC specification 653 features and shows the subsequent application creation levels: control system units distribution, timing requirements definition, application implementation and tests. It describes the author's experience gained during an avionic hard real-time system development and focuses on real-time software engineering details of the application creation.

The use of contracts in component-based development is a well-established approach. However there exists a wide range of views as to the nature of the contracts that are necessary to support safety-critical systems development, assurance and certification. Different standards and projects have tried to reduce ambiguity and propose the best practice in this area. In this paper we present work that moves one step further forward with the creation of a methodology and grammar that incorporates encompasses and helps structure current models of 'safety contracts'.

This paper reports successive steps of a real-time avionic pitch control application creation. The application structure follows a new real-time systems development profile published in ARINC specification 653. The paper mentions some main ARINC specification 653 features and shows the subsequent application creation levels: control system units distribution, timing requirements definition, application implementation and tests. It describes the author's experience gained during an avionic hard real-time system development and focuses on real-time software engineering details of the application creation.

Introduction Space domain applications no longer depend solely on specially developed hardware and software. The specific requirements of this highly demanding application domain are being increasingly met by commercially available components. One software component which is definitely making its way into space projects is the real-time operating system (RTOS). Apart from reducing the cost of development and validation, commercial off-the-shelf (COTS) operating systems offer the flexibility that is necessary to succeed in the battle of rapid technological changes and perennial space applications. Space Applications Space applications can be broadly divided into ground and on-board applications. Ground systems provide ground and operational support for space missions (e.g. International Space Station). Ground support may include a main application configuration database (e.g., the International Space Station has 2 million components under configuration control

The fault-tolerant reconstruction of the integrated modular avionics system electronic system can effectively improve the reliability of the system and ensure the normal operation of system functions. Accurate analysis of the reconstruction time of the integrated modular avionics system is helpful to evaluate the rationality of the reconstruction blueprint and the reliability of the reconfigurable integrated modular avionics system. Based on the in-depth study of the integrated modular avionics system architecture, software and hardware configuration, and system reconstruction process, this paper analyzes the system reconstruction time of different reconstruction modes in view of the uncertainty and diversity of the system reconstruction leading to the complex system state. According to the basic concepts and characteristics of the integrated electronic system, the integrated electronic system model is summarized and designed. Propose an application migration optimization algorithm for system reconfiguration. Based on the integrated electronic system model, build an integrated modular avionics system reconstruction verification platform. Using the reconstruction verification platform, the proposed reconfigurable integrated electronic system framework and model are used for experimental verification.