Design of critical embedded systems: from early specifications to prototypes

During the last decades, critical embedded systems in many application domains have transitioned from federated architectures to integrated architectures like Integrated Modular Avionics (IMA) platforms. Such trend is driven by the objective to reduce the size and weight of on-board equipment, the dissipated power and the number of computing unit types (and so to improve the maintainability and serviceability of the equipment). This evolution along with the growing need for more functionalities push toward the use of high-performance processors. Therefore, Commercial Off-The-Shelf (COTS) processors are now commonly used in many safety-critical systems to benefit from the huge processing power and the low cost of components designed for high-volume markets. But, ensuring that these components developed for mainstream markets can safely be used in critical applications is critical as their failure could jeopardize the success of the mission or the safety of persons. Most of the mission-critical systems have to meet specific and stringent non-functional requirements. They notably have to operate in harsh environmental conditions and to respect hard real-time constraints. Consequently, the development of embedded systems for application domains like avionics, space or transportation systems is primarily driven by their safety and reliability requirements. A structured and mastered development process following safety standards aims to guarantee that all the nonfunctional requirements are met. The traceability of the system requirements from the specifications to the final system is thus mandatory. To prevent costly late design changes (that could compromise the whole product development), verification steps have to be followed at each stage of the development from early system models to final HW prototypes. But, existing development processes and methods are now challenged by the increasing integration of mission-critical systems. With the shift to integrated computing architectures, multiple applications that were executed on independent computing units in the past are now executed on the top of a common computing platform. For such platform, supporting the incremental certification of applications is a key point for an efficient development process of the applications. So, a strict time and space partitioning between these applications is ensured by the platform to guarantee the safety of the system and to enable a composability of the applications. In this context, the move to multi-core processors represents a challenge as the shared resources result in inter-tasks interferences, which are difficult to evaluate. Methodologies to evaluate and control these timing interferences are thus essential to enable the avionics domain to shift to the multicore paradigm. And with the increasing reliability concerns of advanced semiconductor technologies, the early reliability estimation of the system also becomes a challenge. The talk will present the requirements of mission-critical systems. The industrial challenges of their design and of their early prototyping are discussed.