Model-Based Design, Automated Code Generation and Safety Analysis of ARINC653 Architectures using the AADL

Safety-Critical Systems for the aerospace domain are becoming extremely software-reliant, with tight coupling with hardware and network elements. At the same time, these have to demonstrate conformance with stringent standards so as to ensure a sufficient level of safety. In this talk, we report on recent advances in the SAE Architecture Analysis and Design Language -- AADL -- standard and supporting tools for the modeling of avionics system and software. SAE AS2-C committee pushed forward various standard documents 1) to model avionics system compatible with the Integrated Modular Avionics (IMA) paradigm, and 2) to support the analysis of safety properties by modeling the effects of faults and errors on architecture through the Error Modeling annex language. The proposed approach allows for an efficient modeling of the various aspects of a system, ranging from high-level architecture down to precise defects mode. Using OSATE analysis facilities, designer can generate from models analysis reports conformant to SAE ARP 4761, such as the Functional Hazard Assessment (FHA), Fault-Tree Analysis (FTA) or Failure Mode and Effects Analysis (FMEA). In a second phase, using Ocarina, one can generate the configuration of an ARINC653 APEX to set up run-time elements (partitions, time and memory budgets, communication ports QoS policies), but also the configuration of health monitoring policies. We illustrate how those elements are applied on the Software Health Management unit an ADIRU unit exposed as part of the incident report by the ATSB. This public case study allows for a precise assessment of the AADLv2 new capabilities.