A core challenge to developing today’s avionics systems is a familiar one throughout technology-based industries: how to keep pace with innovation without exploding your product budgets and development cycles.
The global aerospace industry’s embrace of increasingly sophisticated onboard computing is a trend moving swiftly in one direction. New aircraft are designed around the enhanced communication, navigation and control functionality offered by modern avionics, while legacy models can be retrofitted with them to extend functional lifespans.
Onboard technology is making flying safer and more predictable for all segments of the industry. But the increasing complexity of its software can create financial headaches when it comes to verifying and validating embedded systems to achieve DO-178C/ED-12C (global standards by which certification authorities approve commercial safety-critical software-based aerospace systems) compliance.
“Our customers tell us their biggest pain point is that software complexity has been driving up costs year after year at an exponential rate,” said Ricardo Camacho, senior technical marketing manager with Parasoft, a provider of automated software testing and application security solutions.
As the systems powering aviation’s future demand more computing power, bandwidth and interconnectivity, the lines of code ensuring they safely integrate into the airspace are similarly growing in both length and complexity. The result: more tests, more bugs, more debugging, more tests to prove the debugging worked — all requiring added time and expense, not to mention the threat of falling behind in the race to market.
“It’s almost impossible for a human to deal with all these small little things – these overflows, bitwise manipulations – in your head when there is this much code,” said Yannick Moy, senior software engineer with AdaCore, which offers commercial software solutions for Ada, C and C++.
The growing complexity of the software has accelerated test providers’ investments in market opportunities for helping avionics developers cut down on rapidly ballooning testing budgets.
The growing complexity of the software has created market opportunities for test providers who can help avionics developers cut down on rapidly ballooning testing budgets.
“It’s a pretty simple question our customers have for us: ‘These systems are more complicated but we want to get to market faster, and we’re not getting more people or more money — what’s your solution?’” said Todd VanGilder, vice president of Business Development for Wineman Technology (WTI), which specializes in test systems and test cell applications with a focus on hardware-in-the-loop (HIL) simulation, and custom test machines.
The companies behind todays’ cutting edge avionics testing products have different answers to that question but share the same goals: providing tools that help customers ensure safety and security and expedite time-to-market, producing the audit trail required by certification authorities.
“There’s a point where the complexity of the system itself means some parts of testing just can’t be done the manual way,” said Dr. Antoine Colin, head of Products and Services with Rapita Systems, which provides on-target software verification tools and services for the aerospace and automotive electronics industries.
In the face of mounting to-do lists, automation is helping engineers cut through the noise to focus their attention on the highest value tasks. Colin’s team designs the testing tools in the Rapita Verification Suite (RVS) with the objective of minimizing busywork that contributes to dragging development cycles past expected delivery date.
“Instead of managing builds and test scripts, your engineer can spend100% of their time analyzing data and viewing results of tests — understanding where things have gone wrong, figuring out coverage holes and determining issues with requirements,” he said.
Colin is an eager advocate for continuous integration (CI) tools like Jenkins and Bamboo, which he says are slowly being introduced into the avionics market after proven use elsewhere. Rapita’s tools enable teams using CI, a development practice in which programmers frequently integrate code into a shared repository, to get automated unit test, coverage, and execution time results with every new build, quickly alerting team members to behavioral anomalies.
Development cycle efficiency will also increasingly involve automation driven by artificial intelligence and machine learning. Camacho said that his team is excited about using AI and machine learning to organize and prioritize static rule violations to help mitigate time sinks caused by false positives, helping teams ignore violations that Camacho describes as “a lot of noise.”
“In software projects, you could initially encounter thousands of rule violations,” said Camacho. “But from the machine having taught itself, it will prioritize thousands of violations for you. Imagine the time and cost savings of not having your team of engineers go through this multi-day prioritization exercise.”
As part of Parasoft’s range of solutions for C++ testing, it offers tools that help cover gap in code coverage by displaying available solutions for setting up tests which identify required dependencies, pre-conditions, and expected coverage.
“You sit there as a test engineer and start looking at how to reach a particular line of code. You have multiple arguments and execution threads and some of them need to be in a particular state, and it gets really difficult to mentally figure out how to set up a test case,” said Camacho. “So instead of multiple engineers getting bogged down trying to hit particular lines, it moves things forward — the return on investment is quite large.”
Moving Left on the V-Model
Conscious of rising costs in software development life cycles, Albert Ramirez-Perez of Rohde & Schwarz is focusing on efforts that push bug identification to as early in the development process as possible.
“Our focus has traditionally been at the end of the life cycle, but we’re moving to early stages because that’s where we have seen our customers get the most value,” said Ramirez-Perez, who is Principal Market Segment Manager — Aerospace & Defense with Rohde & Schwarz, a manufacturer of test & measurement, secure communications, monitoring and network testing, and broadcasting equipment,
Ramirez-Perez said that Rohde & Schwarz will devote considerable attention to cloud-based testing, which can allow for increased speeds of deploying application build, will enable cross-collaboration among different verification and testing teams from early design test vector creation, up to final production testing.
“In order to decrease the cost of entry into a given testing scenario, now we can offer this set-up as a service,” Ramirez-Perez said. “The engineers in an early stage can access a complete Cloud4Testing test bench environment including access to high-end instruments, software enhanced analysis tools, and only paying by the value of one of the servers of testing something.”
“In order to decrease the cost of entry into a given testing scenario, now we can offer this set-up in a service manner,” Ramirez-Perez said. “The engineers in an early stage can access a complete test bench with higher instruments and only paying by the value of one of the servers of testing something.”
Simulators are a powerful tool for learning as much information about potential problems while they are still inexpensive to address, says WTI’s VanGilder. His company develops hardware-in-the-loop (HIL) solutions that can make electronic control units (ECUs) respond as if they’re in their end environment long before testing reaches the more expensive right side of the V-model — the software development industry’s ubiquitous process model.
“Obviously you can’t compromise safety, so it comes down to moving the testing more on the left side of the V-model where you can iterate quicker and it’s less costly to address issues you find. We’re talking things like model-in-the-loop, software-in-the-loop, processor-in-the-loop, hardware-in-the-loop, where nothing is built yet — it’s just software and tools and simulation. The hope is that by the time you actually create the hardware and place the software on it, you’re discovering fewer problems and anomalies.”
The scalability HIL provides, as well as the flexibility in testing subcomponents while others may still be in development, will be critical to testing the industry’s next generation of airborne vehicles.
“With autonomous technology in transportation, you don’t just have transducers (sensors converting data from physical systems into electric signals) directly talking to one ECU, you have other ECUs that are looking at different transducers that are communicating to a multitude of ECUs,” said VanGilder. “Through HIL testing you can create whole subsystems to make sure every ECU is getting everything it needs from transducers but also from other smart ECUs that are in the system.”
Getting Ahead of Cybersecurity Threats
Security of onboard electronics has become a hot topic within the aerospace industry. The strongest defense against much-discussed threats like spoofing and jamming? Airtight code, says AdaCore’s Moy.
“From the start within our company we’re focused on the low-end of the software, that’s where you have the most intricate mesh of high-level objectives with low-level tasks,” said Moy. “How do these partitions communicate, how is the tasking operating — all these things must work as you intend for the high level purposes to hold otherwise everything breaks. You can see that routinely with buffer overflows, which can open systems up to hacking attacks in which breaking the local boundaries of data in the computer makes everything is possible, up to taking over the computer.”
AdaCore offers a wide range of products for the development and testing of the Ada programming language. Though less commonly taught than C and C++, Ada has earned a reputation for reliability on mission-critical systems — a strong appeal for avionics developers.
Moy says that the ever-present potential for an attacker with sufficient resources to find bugs left in the code, and the will to exploit it for nefarious purposes, demands the industry adopt a defensive posture.
AdaCore takes a proactive “security built-in, not bolted on” approach to developing its test tools, including a focus on detecting code problems — such as those found in the Common Weakness Enumeration (CWE), an evolving list of common software security weaknesses — with advanced static error detection before the programs are even run.
“Leaving everything in the hands of the developer doesn’t fly anymore, especially not with security,” he said. “Now you can focus the human review on things the tool doesn’t know about, like what secrets the software must protect and what is the invaders’ ability to attack the hardware.”
Saving in Flight Tests and Beyond
Minimizing testing costs also includes maximizing the value of flight tests – by far the most expensive tests to execute. Precisely capturing the relevant data is critical to making these flights worthwhile.
That task is becomingly more difficult on data bus systems based on high-speed Ethernet and Fiber Channel technologies, said Troy Troshynski, VP of Marketing and Product Development, Avionics Interface Technologies, a division of Teradyne, that designs and manufactures of high-performance flight modules, test and simulation modules, embedded solutions, data bus analyzers, and support systems.
“We’re switching from the paradigm of a shared data bus where you can have a single access point and access to all the data, typically one or maybe 10 megabytes per second, right on a specific aircraft system, and moving toward 10 and even 25 gigabit networks where there’s no single point where you can connect, to get all of the data on the network,” he said.
Troshynski says that since the total aggregate bandwidth is higher, engineers must intelligently pick the data that they want to look at for a given test because it’s virtually impossible to grab at all of it. Data selection tools like AIT’s Avionics Network Data Aggregator (ANDA) make it easier to select only the data on the shared network that’s pertinent, such as only monitoring subsystems that are being re-certified.
“You have to define the subset of the aggregate data on the avionics system that you want to look at, selecting that data in real time and time stamping that you can correlate it, because it’s coming from multiple points all over the network,” said Troshynski.
Mandated systems like Automatic Dependent Surveillance-Broadcast (ADS-B) require operators to stay vigilant for compliance well past installation, lest they wish to appear on the FAA’s Public ADS-B Performance Report (PAPR).
VIAVI, which provides test, measurement, and assurance solutions, developed an ADS-B transponder test that remotely and automatically tests the ADS-B system on the aircraft after it’s been installed, capturing that data and presenting the customer with a comprehensive report that helps with STC approval of transponder and GPS receiver systems. Having easy access to the full picture of system performance is important for staying airworthy. It also helps avoid unnecessary, and costly, maintenance cycles.
“When you verify performance on the ground, you’re assured that it will be operational and the aircraft won’t come back and have to go through another rework or troubleshooting cycle,” said Guy Hill, director of Avionics Test Products with VIAVI. “When you’re working through a backlog of aircraft to be retrofitted, not needing to have one come back through and go in the cycle again saves you time and money.”
Rohde & Schwarz also provides capabilities for testing terrestrial- and satellite-based communication and navigation systems, including a complete range of GBAS and GNSS constellation simulators. It’s an area that will see significant investment moving forward, says Ramirez-Perez.
“Being able to quickly and accurately validate high-precision onboard devices will be essential for bringing future market dynamics (such as autonomous flying taxis) to fruition,” he said.
Evolving to Meet Future Needs
The hardware upgrades necessary to power future technology will create new testing challenges. For example, earning certification for avionics architectures running on multi-core processors (MCPs) — processors which contain multiple central processing units (CPU) sharing tasks and resources in one physical unit — will demand rigorous testing to ensure predictable timing and behavior.
“Before, when we had separate boxes, there was clear communication and we knew exactly what was flowing from one place to another,” said Rapita’s Colin. “Now everything is in the same box — I’ve got virtual separation of things, but everything is still running on the same chip. How can you be sure things are well separated at the very low level on the chip?”
Moving from physical safety and security separation to logically separated, known as partitioning, requires verification that such partitioning is “robust,” says Nick Bowles, Rapita’s Marketing Manager, and definitive research is still ongoing. But the density of power provided by MCPs will be needed by future innovations such as autonomous flight and eVTOL, meaning demand for airworthy multi-core platforms is only going to grow.
Tobias Willuhn, program manager for Aerospace & Defense with Rohde & Schwarz, believes the next generation of airborne technology will serve as catalysts for further innovations in testing. The aviation industry as a whole is breaking new ground, he says, but the scale of the forthcoming challenges are beyond current compliance standards.
This has led to close collaboration between aircraft OEMs, component providers and the test measurement segment to identify future roadblocks and develop practical approaches for solving them.
“The development of autonomous vehicles includes a mounting phalanx of sensors that need to work seamlessly in order to provide all these services, especially when you’re flying – it’s like taking the automotive requirements and quadrupling it,” said Willuhn. “What does it mean to have a couple of kilowatts of electric power running while you fly with high precision and GPS-based navigation in an urban environment? Nobody has done it at this point, and there is a lot of demand for the industry to gain experience in this field.”
Willuhn offers the example of a future UAM business case of ordering an eVTOL flight that takes you from downtown Munich to the airport. For that to become a commercially viable reality, he said, all the vehicle’s systems and subcomponents must be fully integrated, operate highly reliably and interact with each other seamlessly. This will be a key point in bringing down operational costs – particularly for maintenance – and make UAM an affordable and safe service.
“But UAM is just a taste of what we’re seeing in this industry,” says Willuhn. “Think about the latest proposals and developments of major aircraft manufacturers and aerospace start-ups for future aircraft concepts with hybrid and electric propulsion — these are going to be game changers for the entire market, including the testing sector.”