Academia.eduAcademia.edu

Figure 1 – uploaded by Mark Nicholson

See full PDFdownloadDownload figure
The avionics standard ARINC 653 (ref. 3) contains specifications for an individual IMA computing module. The standard proposes a layered architecture as shown in Figure 1. Each software application is divided into a number of partitions. A partition is an area logically separated from other application areas and the operating system, both for scheduling purposes and to protect data/code memory space. The protection of storage space for a partition is a particularly important function as applications of different development assurance levels (DALs) are likely to be running on the same module. The data/code of the high integrity (DAL) applications must be protected from low integrity (DAL) applications. The use of temporal partitioning guarantees each partition access to the processor for a fixed time slice per cycle. A number of modules will be linked via a common network e.g. ARINC 629 (ref. 4).

Figure 1 The avionics standard ARINC 653 (ref. 3) contains specifications for an individual IMA computing module. The standard proposes a layered architecture as shown in Figure 1. Each software application is divided into a number of partitions. A partition is an area logically separated from other application areas and the operating system, both for scheduling purposes and to protect data/code memory space. The protection of storage space for a partition is a particularly important function as applications of different development assurance levels (DALs) are likely to be running on the same module. The data/code of the high integrity (DAL) applications must be protected from low integrity (DAL) applications. The use of temporal partitioning guarantees each partition access to the processor for a fixed time slice per cycle. A number of modules will be linked via a common network e.g. ARINC 629 (ref. 4).

Related Figures (4)

Table 1 — List of Consolidating Interaction Activities
Table 1 — List of Consolidating Interaction Activities
Figure 3 — Consolidating Interaction Activities between IMA Supplier and Application Suppliers
Figure 3 — Consolidating Interaction Activities between IMA Supplier and Application Suppliers
It is anticipated that a sizable set of contracts will emerge during the development of the baseline safety case and some method will be required to ensure their completeness and consistency. This forms part of our ongoing research activities. However, once the safety case baseline has been established then the advantage of using contracts can be further demonstrated by considering upgrades to the IMA system. There are two ty pes of change, an alteration to a client or to the supplier. In the case of the memory partitioning example this translates to an application or IMA infrastructure alteration. If a client is altered or a new client introduced then analysis is only required to show that the constraints are acceptable and satisfied for the c ient. This means that when an application is updated or inserted on to the IMA platform only the constraints within the relevant contracts have to be examined. The IMA platform (supplier) doesn’t need to be re-ana ysed. However, if these constraints are not acceptable then an alternative strategy needs to be found such as re-configuring the applications. Table 2 — Example Proposed Memory Partitioning Contract
It is anticipated that a sizable set of contracts will emerge during the development of the baseline safety case and some method will be required to ensure their completeness and consistency. This forms part of our ongoing research activities. However, once the safety case baseline has been established then the advantage of using contracts can be further demonstrated by considering upgrades to the IMA system. There are two ty pes of change, an alteration to a client or to the supplier. In the case of the memory partitioning example this translates to an application or IMA infrastructure alteration. If a client is altered or a new client introduced then analysis is only required to show that the constraints are acceptable and satisfied for the c ient. This means that when an application is updated or inserted on to the IMA platform only the constraints within the relevant contracts have to be examined. The IMA platform (supplier) doesn’t need to be re-ana ysed. However, if these constraints are not acceptable then an alternative strategy needs to be found such as re-configuring the applications. Table 2 — Example Proposed Memory Partitioning Contract
Related topics:
Integrated Modular Avionics
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved