Upload
oliver-baker
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Growing the SAVI Paradigm
Don Ward, Aerospace Vehicle Systems Institute (AVSI)Steve Helton, Boeing Research and Technology (BR&T)Safe & Secure Systems & Software SymposiumJune 14, 2011
SAVI Progress – 2010 2011
• Background– SAVI is high-value integration paradigm change– Progress made in demonstrating feasibility of approach
• Proof of Concept Project II (Expanded Proof of Concept)– Basic Thrusts– Example of Results
• Next Steps– Shadow Projects are newly underway– Progress to Date
• Conclusion: – All indications green– Need more resources
6/12/2011 2011 Safe & Secure Systems & Software Symposium © AVSI 2
The Situation
High-level Req’s in RFP
High-level Design RFP Response
Req’s Changes
Target CompletionPDR
Trades Req’s Defined Sys Design Sys Re-DesignDetailed Design
CDR
System Integration Checks
Sys Development V&VSys Integration
SCHEDULEDELAY
6/6/11 2011 Safe & Secure Systems & Software Symposium © AVSI 33
Aero
Avionics
Systems
Aero
Avionics
Systems
Suppliers
Suppliers
SuppliersCOST
GROWTH
Systems Are Becoming More Complex
Estimated Onboard SLOC Growth
6
8
10
12
14
16
18
20
1960 1970 1980 1990 2000 2010 2020
Year
Ln(O
nboa
rd S
LOC
)
Line FitBoeingAirbusUnaffordable
299M
27M
A330/340: 2M
A320: 800KA310: 400K
A300FF: 40K
A300B: 4..6K
INS: 0.8K
8M
Slope = 0.17718Intercept = -338.5Curve implies SLOC
doubles about every 4 years
134M
61M
B757, B767: 190KB747: 370K
B777: 4M
B737: 470K
The line fit is pegged at 27M SLOC because the projected SLOC sizes for 2010 through 2020 are unaffordable. The COCOMO II estimated costs to develop that much software are in excess of $10B.
$160 B
$7.8 B
$290 M
$81 M
$38 M
SoftwareBase CostCOCOMO II
AssumedAffordabilityLimit
Airbus data source: J.P. Potocki De Montalk, Computer Software in Civil Aircraft, Sixth Annual Conference on Computer Assurance (COMPASS ’91), Gaithersburg, MD, June 24-27, 1991.Boeing data source: John J. Chilenski. 2009. Private email.
4/9/11 2011 Safe & Secure Systems & Software Symposium © AVSI 44
… and constrained by dated SE methods
Silo’ed Organizations
Mismatched Assumptions
“pi”
3.14 3.141592653589793
Written
Requirements
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 55
Current tools for managingcomplexity have issues
• Operational Models• System Models• Component Models• Functional/Behavior Model• Performance Model• Structural/Component Model• Cost Model• Safety Model• Security Model• Reliability Model• Maintainability Model• Structural Model• Mass Production Model• Manufacturing (Assembly)
Models
• Modeling Domains– Ops/Mission Analysis– System Design– Algorithm Development– Hardware Design– Software Design– Logistics Support– Manufacturing– Integration & Test– Performance Simulation– Engineering Analysis– Human System Integration
• System Architecture Model (Integration Framework)
– Analysis Models– Hardware Models– Software Models– Verification Models
MultipleTruths
Incompatible Abstractions
Indeterminate Change Impact
Impact on ‘ilities
MODELEXPLOSION
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 66
Common issues create common goals and suggest a cooperative solution
• Integration complexity will continue to increase• Individual companies cannot solve it alone• Industry cannot afford to solve it multiple times• We cannot afford “not” to solve it
A coordinated, industry-wide effort is needed to solve this issue.
4/9/11 2011 Safe & Secure Systems & Software Symposium © AVSI 77
The Aerospace Vehicle Systems Institute
AVSI is a global cooperative of aerospace companies, government organizations, and academic institutions
The System Architecture Virtual Integration program is an AVSI
program addressing virtual integration of systems.
Past AVSI projects have covered the breadth of aerospace systems
and current research includes projects in the areas of reliability,
certification, and virtual integration.
4/9/11 2011 Safe & Secure Systems & Software Symposium © AVSI 88
Boeing brought the issue to AVSI
2005 2006 2007 2008 2009
AFE 32 & 32S1 AFE 58AFE 57
BoeingGoodrichHoneywellRockwell Collins
AirbusBAE SystemsBoeingGE AerospaceHoneywellLockheed MartinRockwell CollinsFAADoD ArmyDoD Navy
Boeing Commercial Aircraft Boeing Research & Technology
AFE 59Plan
CMU/SEI
AirbusBAE SystemsBoeingGE AerospaceLockheed MartinRockwell CollinsFAADoD Army
CMU/SEI
Dassault?Goodrich?Honeywell?NASA?
6 Labor-Yrs (1.5) 16+ Labor-Yrs (2)9+ Labor-Yrs (1)
2010
AirbusBAE Systems (?)BoeingEMBRAER (S1)GoodrichHoneywell (S1)Lockheed Martin (not S1)Rockwell CollinsFAADoD ArmyNASA (?)CMU/SEI (?)
AFE 59
Labor-Yrs (TBD ?)
6/5/11 2011 Safe & Secure Systems & Software Symposium © AVSI 99
Architecture-Centric Engineering
10
Cyber SecurityAvailability
Authentication
Integrity
Confidentiality
No repudiation
Safety and Reliability
MTBF
FMEA
Hazard analysis
Real-timePerformance
Execution time/Deadline
Deadlock/starvation
Latency
ResourceConsumption
Bandwidth
CPU time
Power consumption
Data precision/accuracy
Temporal correctness
Confidence
Data Quality
AnnotatedArchitecture Model
Virtual Integration and Validation of System Architecture
Auto-generated analytical models
source: SEI
6/12/11 2011 Safe & Secure Systems & Software Symposium © AVSI
What are the Core Elements of SAVI?
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1111
Virtual Integration for Development Cycle
1212
SoftwareArchitectural
Design
SystemDesign
ComponentSoftwareDesign
CodeDevelopment
UnitTest
SystemTest
Integration Test
Acceptance Test
Sensitivity analysis for uncertainty
RequirementsEngineering
→ generation of test cases← updating models with actual data
Confidence in implementation
From Prediction to Validation
Mod
el-d
rive
n ar
tifac
t gen
erat
ion
Con
form
ance
of m
odel
s an
d sy
stem
s
Top-Level Verification Items
High-levelAADL Model
DetailedAADL Model
Specify Model-Code Interfaces
6/5/11 2011 Safe & Secure Systems & Software Symposium © AVSI
Global Team Implementing SAVI
A distributed, multi-party development team implemented the PoC demo, reflecting current real-world development environments
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1313
Boeing
Worldwide PoC Model Development
SEI
Rockwell Collins
BAE Systems
Subversion ModelRepository at AVSI
Airbus
Lockheed-Martin
Honeywell
Goodrich
EMBRAERUS Army
FAA
What Has SAVI Been Doing?
• Strengthening the Proof of Concept by:– Building and Exercising Critical Use Cases
• “Fit” Use Case• Reliability Assessment Use Case• Safety Analysis Use Case• Behavior Use Case• About 10-15% of Total Number of Use Cases Postulated
– Improving RoI Estimate– Iterating to reset the Integrated Program Plan to fit
current economic climate
6/6/11 2011 Safe & Secure Systems & Software Symposium © AVSI 14
Expanded Proof of Concept Demonstration
Model Data Exchange Layer and Repository
Development
Address Questions With Current SAVI Approach
Improve ROI Analysis
Develop SAVI 1.0 Program Plan
• Collected and prioritized use cases• Expand the PoC demo to exercise
these, including mechatronic systems
• Investigating multi-language-model approaches to the Model Repository
• Developed initial SAVI requirements
• Added statistical estimation• Showed that RoI estimates are
favorable for both Suppliers and System Integrators
Initial SAVI Integrated Program Plan is being revised
Objectives Results
Outreach Expanded interaction with other efforts
6/12/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1616
Define SAVI Use Cases
• Use cases reflect modes of interaction in SAVI framework
• Identify initial high-level requirements
• Help identify technology gaps
• Use cases used to exercise PoC models
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1717
Mechatronics: Physical System Modeling
Mechatronic Actuator Model
Structural Finite Element Model
Applied Load (from MatLab model) Wing Structure Response
0
0.002
0.004
0.006
0.008
0.01
0.012
0.014
0.016
0.018
0.02
0 2 4 6 8 10 12
Architectural model captures and integrates behavior of virtual subsystems
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1818
AADL Error Annex Drives Reliability and Safety Analyses
• AADL and Error Model Annex Standard– For both reliability & safety modeling
• Assess system reliability and safety from same annotated architecture model– Focus application on embedded software system (IMA)
• Reliability Use Case– MTTF for dual redundant flight guidance (FG) and auto pilot (AP)– Different deployment configurations on dual and triple redundant HW– Consider perfect and imperfect functional & fault management SW
• Safety Use Case– Functional hazard assessment of FG and AP– Failure mode and effects analysis (FMEA) for CPU, FG and AP
failures
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 1919
Safety Analysis Use Case Tier 2 Flight Guidance IMA Architecture
Computer Hardware View Embedded Software View
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 2020
Use Case Demonstrations
6/12/11 2011 Safe & Secure Systems & Software Symposium © AVSI 2121
FEM PLUG-IN DEMO
SAFETY USE CASE DEMO
Where We Are Now
• PoC feasibility is stronger after EPoCD Phase 1.– Supporting plans more credible (EPoCD final report)– RoI estimates still valid
• Use Case structure on solid footing.– Structured approach to demonstrating details– Exercising Use Cases clearly demonstrated– Relatively small number exercised– AADL is growing (new Annexes, interfaces feasible)
• SAVI is still looking for critical mass of– Number of participants– Right skill sets for participants
6/12/11 2011 Safe & Secure Systems & Software Symposium © AVSI 2222
Average RoI for ten Monte Carlo runs
Overall average deviation
78.09% 98.33% 115.88% 0.81% 1.05% 1.73%
What Is Next?
• EPoCD Phase 2 focused on “Shadow” projects– Parallel SAVI integrations with “real” projects– Subsystem level – Goodrich DVMS– System level – AMRDEC/Rockwell CH-47 Upgrade
• Prepare for SAVI 1.0– Multi-language reevaluation (SysML/AADL/?)– Priority Set of Use Cases to demonstrate– Exercise as many priority Use Cases as possible– Look to more realistic projects
• Integrated Program Plan– Detail the SAVI Integrated Program Plan– Refine incremental development plans – SAVI 2.0, 3.0
6/6/11 2011 Safe & Secure Systems & Software Symposium © AVSI 2323
Questions?
Contacts:
Dr. Don WardPhone: (254) 842-5021
Mobile: (903) 818-3381
Dr. Dave Redman Office: (979) 862-2316
Mobile: (979) 218-2272
3/23/11 2011 Safe & Secure Systems & Software Symposium © AVSI 2424