Perspectives: Reusable Software in Integrated Avionics

By Cary Spitzer | April 1, 2005
Send Feedback

The advent of reusable software components (RSC), coupled with the emergence of integrated modular avionics (IMA), represents a new way to do business.

We recently saw the certification of the first RSC, produced by Rockwell Collins. We also have seen the limited application of IMA in the Boeing 777 airplane information management system (AIMS). Likewise the U.S. Air Force's F-22 will feature IMA in its common integrated processor. The ground, therefore, has been broken for a surge in the application of IMA in new aircraft such as the Airbus A380 and the Boeing 787.

Meanwhile, RTCA Special Committee 200 (SC-200) and EUROCAE Working Group 60 (WG-60) have been working for more than three years on a document with the draft title, "Integrated Modular Avionics (IMA) Development Guidelines and Certification Considerations." It will provide guidance on the unique features to be addressed in developing and accepting an IMA that can use RSCs, with emphasis on a recommended set of objectives, processes and activities for developers and integrators of IMA modules, applications and systems. Based on this guidance, IMA developers and integrators will be able to expedite the activities required to make changes to an existing IMA system and hosted application and/or install another application. There have been 12 dynamic plenary sessions on both sides of the Atlantic, with strong participation by American and European industry, government and academic personnel. RTCA and EUROCAE plan to publish the document this summer.

In the draft document IMA is "a shared set of flexible, reusable and interoperable hardware and software resources that, when integrated, form a platform that provides services, designed and verified to a defined set of safety and performance requirements, to host applications performing aircraft functions." Thus, many familiar terms have taken on new meaning in the creation of the document. A platform is "a module or group of modules, including core software, which manages resources in a manner sufficient to support at least one application."

In turn, a module is "a component or collection of components that may be accepted by themselves or in the context of an IMA. A module also may comprise other modules. A module may be software, hardware or a combination of hardware and software, which provides resources to the IMA hosted applications."

An application is "software and/or application-specific hardware with a defined set of logical interfaces that, when integrated with a platform, performs a function." A platform may contain multiple applications, limited only by its characteristics, such as computing power, memory, input/output and possible certification considerations.

The new document relies on the well-established and widely used RTCA DO-178B/EUROCAE ED-12 and RTCA DO-254/EUROCAE ED-80 for basic avionics development and acceptance. One of the document's major contributions is that it prescribes guidelines for the use of third-party software. That is, one organization may build the platform with its associated operating system, while another organization may generate an application (software). The platform and hosted applications then may be installed in an aircraft manufactured by a third organization. Applications may be changed or new ones added after installation of the platform in the aircraft.

Partitioning is the key architectural design feature that allows the multiple applications to be hosted on a single platform. Partitioning provides "the necessary separation and independence of functions or applications to ensure that only intended coupling occurs" and is essential when developing and operating an application.

"Acceptance," another concept emerging from the work of SC-200 and WG-60, is "acknowledgment" by a certification authority that the module, application or system meets its defined requirements. Further, "incremental acceptance" describes "a process for obtaining credit toward approval and certification by accepting or finding that an IMA module, application and/or off-aircraft IMA system complies with specific requirements."

Because of the many applications that can be hosted on an IMA, the development of the master minimum equipment list (MMEL), as well as the training of the flight crew and maintenance personnel, takes on new, unprecedented complexity. The MMEL must recognize the possibility of multiple function failures if a platform's core module fails. Related to this is the generation and prioritized display of caution and warning messages, which must not mask the true nature of the underlying failure. Proper crew response to IMA failures must be carefully examined as part of the IMA development process.

In summary, the use of IMA is rapidly expanding, and RTCA and EUROCAE are producing a document to provide guidance in its development and acceptance.

Cary Spitzer is chairman of RTCA SC-200 and president of AvioniCon, a consulting company.

Receive the latest avionics news right to your inbox