Analysing flight software
EADS ST software functions in an automatic mode and needs to address the external disturbances as well as the hardware's different failures that may occur during the flight. The case study, therefore, exhibits the most pertinent points necessary for embedded application and concentrates on real time critical behaviour. EADS ST software combines asynchronous behaviours and cyclical synchronous behaviours in the same process. Asynchronous behaviours include stage ignition and release, failure isolation and recovery while cyclical synchronous behaviours include control/command of the vehicle and failure detection. Some particular issues were raised. One of them concerns the difficulty arising from combining cyclic and acyclic behaviour, which leads to an explosion of the state space. Because of this, some abstraction techniques had to be put into practice. Another important issue that the case study conjured was the validation of the scheduling policy used by the launcher software, which is based on a fixed-priority pre-emptive scheme. Furthermore UML model was designed under the Rational Rose tool and utilized the IFx/IF tools such as semantics checker, simulator and model checker so that it can be validated. In addition to their real time behaviour, these tools have the great advantage of being compatible with OMEGA semantics. The simulator in particular enables the correction of numerous errors such as unexpected deadlocks which exist in the model and were not discovered by manual revue. The tools and methodology used in this case study will be available shortly as a published paper.
