Key Challenges to Mil-Aero Systems Development

The Military and Aerospace segment comprises a diverse range of applications including ground-based systems, commercial and military avionics, space-based systems and weapons. Common challenges associated with such systems, include:

• Life & Safety critical
• Real-time determinism
• Large bodies of validated, pre-existing code
• Considerable weight and power requirements
• Complex multiplatform systems and subsystems
• Strict test and validation requirements
• Risk adverse designs and schedules

Adopting New Technologies within Mil-Aero

Given the requirements listed above, the Mil-Aero market has been historically conservative on the adoption of new technologies and approaches. However, with promises of reduced power consumption and weight, while simultaneously increasing performance and functionality, mil-aero systems are seeing increased adoption of highly integrated System on Chips (SoCs) and multicore devices. Many of those system architects and developers who adopt these new multicore devices find that the gains are offset by significant and new challenge and risk.

Improving System Validation and Test

With the introduction of highly integrated SoCs and multicore devices comes the responsibility to ensure full validation and test across the range of factors that the system might operate under.

Safeguarding against Unintentional System Functional Changes

A key design goal of highly integrated SoCs is to ensure that they will be useful across a range of products and use cases. One way to ensure this is to allow the device to be reconfigured (via writable configuration registers) to best meet designer’s needs. Designers of safety-critical systems realize however that this flexibility can bring significant risk in the event that one of these configuration registers is inadvertently modified. These register changes might occur due to rogue software or software errors, single event upsets (EMP, power supply fluctuation, etc.) or hardware defects.

In order to achieve certification, developers must be to determine how such register changes affect system function and performance, and how the system can recover from such a change.

A Simics Virtual Platform allows any configuration register to be changed at any point during the execution of applications software. Developers are able to simulate unintentional register change, observe its effect on the system, and develop “safety nets” to detect and correct in such an event.

Better Corner Case Testing

Highly integrated SoCs have many more registers and devices than are used by less capable devices. Developers of safety-critical and real-time systems need ways to inject any type of system fault that might occur, but traditional development tools such as JTAG allow the monitoring and modification of only a subset of registers.

Even as the applications continue to execute, a Simics Virtual Platform provides full visibility and control of every functional hardware parameter (state, delays, clock skew, frequency variation, memory or register contents, etc). These capabilities enable the test and verification team to validate corner cases that would otherwise remain untested and it eliminates the need for dedicated test hardware, environmental chambers, or test and data acquisition equipment.

Creating ”Safety Nets”

As the processing power increases, any one subsystem becomes capable of replacing an increasing number of legacy subsystems. However such a consolidation approach may increase vulnerability to failure or loss of specific functionality. To mitigate this, “safety nets” which detect and correct errors with minimal impact on system functionality are often developed.

For the creation of safety nets, virtual platforms provide several benefits compared to physical hardware:

• Any type of hardware failure or corruption can be simulated
• Easily allow additional redundant platforms to be added into the system
• Completely stoppable to allow a holistic systems approach to safety net development
• Fully scriptable and automatable so complex system scenarios can be played out

Porting Applications

The effort to port legacy code from its single-core origins to multicore or distributed devices can be particularly challenging especially in areas of task and data synchronization, shared resource sharing, scheduling, debugging and validation/test.

When the target system runs as a virtual platform(s) within Simics, developers benefit from features that have been added with debug in mind:

• Full system stop – every device, clock, IO line and component stops and restarts simultaneously
• Full hardware visibility and control – every parameter and variable can be inspected and modified
• Reverse execution – running the full system software in reverse observing all hardware and software breakpoints, and watchpoints along the way
• Determinism and Repeatability – Unless one or more input parameters are changed by developers, each execution run will precisely repeat the previous run. This ensures that bugs once seen will always repeat.
• Checkpoints - a complete register and memory-level snapshot of a running system that remains restorable and run-able on any Simics host.

Efficient Software Development and Integration when Hardware is Unavailable

For many mil-aero programs, the cost and availability of hardware (e.g. airborne, weapons, space based, etc) can present considerable challenges to software development.

When virtual platforms are used instead, a large majority of software development, integration and test development can take place. There is no need for physical hardware, dedicated labs, or racks of test equipment. Now, multiple team members in diverse physical locations can work together on software development without the scheduling or operational challenges presented by development hardware.

As that hardware does become available, Simics allows virtual platforms to interface with physical platforms over standard networks. As the hardware becomes available, developers can progress with their work on fully virtual platforms, to virtual/physical platforms, and finally fully physical systems.

DO-178 and Model Based Development

The importance and value of models for the development of safety-critical and real-time systems has been explicitly recognized and in-fact, DO-178C/ED-12C due to be finalized during 2010, will include a supplement on Model Based Development. You can keep apprised of progress at the SCAS forum

For Further Information

• Simics Model Library Repository  contains details on virtual platform models, processors and components.
• Simics Solutions for Mil/Aero  datasheet.
• Virtualized Systems Development (VSD)  overview, video and white paper on new development, integration and test capabilities.