Airbus® Defence & Space is a leading manufacturer of civil and military aircraft, claiming over 6,000 planes in operation in 2013. Airbus Military is the division of Airbus Defence & Space responsible for production of the A330® Multi-Role Tanker Transport (MRTT).
The A330 MRTT features an Advanced Refuelling Boom System (ARBS) which includes a Boom Control and Computing System (BCCS) that is classified as a Level A system according to DO-178B guidelines. Airbus Defence & Space selected RVS (Rapita Verification Suite) to carry out worst-case execution time (WCET) analysis for this DO-178B project.
The ARBS is a fly–by–wire system based on a partitioning architecture which is compliant with ARINC 653. Data processing and the logic of the ARBS system are implemented by software that, due to the criticality of the refueling function, is classified as Level A software.
Due to the safety–critical nature of the functions performed by the BCCS, it is considered a Hard Real–Time (HRT) system where its correctness relies not only on functional correctness but also on the timely delivery of the computed results. This means that establishing its WCET is of vital importance.
Airbus Defence & Space faced three major challenges during the development and testing of the ARBS:
- Effectively determining worst-case execution times.
- Meeting DO-178B requirements.
- Reducing development costs.
Airbus Defence & Space selected RapiTime for its ability to provide a hybrid-static analysis/dynamic measurement approach to WCET analysis. This avoided the challenges of a purely static analysis technique, which relies on the availability of a model for each target to be analyzed.
To meet the objectives of this DO-178B project, RapiTime was used to:
- Instrument the source code.
- Collect execution data from the software while it ran.
- Analyze WCET results to gain confidence that timing requirements were still met in worst-case situations.
Instrumenting source code
Using RapiTime, instrumentation was added to the source code. A small and fixed number of system calls were located within the source code of every partition as a simple form of instrumentation.
The executable was loaded and run on the embedded target. When the application was run, execution of each instrumented call was logged and timestamped.
Analyzing the source code
RapiTime used collected execution time data and knowledge of the source code structure to predict the software’s WCET. This, along with other timing metrics, was written to a timing report that could be easily analyzed.
RapiTime’s automated WCET instrumentation and analysis significantly reduced the effort needed to produce evidence required for DO-178B certification compared to manual processes.
The results collected by RapiTime include analysis of timing hotspots that have given Airbus Defence & Space the opportunity to optimize the source code to improve resource utilization.