Growing the SAVI Paradigm Don Ward, Aerospace Vehicle Systems Institute (AVSI) Steve Helton, Boeing Research and Technology (BR&T) Safe & Secure Systems.

Growing the SAVI Paradigm

Don Ward, Aerospace Vehicle Systems Institute (AVSI)Steve Helton, Boeing Research and Technology (BR&T)Safe & Secure Systems & Software SymposiumJune 14, 2011

SAVI Progress – 2010 2011

• Background– SAVI is high-value integration paradigm change– Progress made in demonstrating feasibility of approach

• Proof of Concept Project II (Expanded Proof of Concept)– Basic Thrusts– Example of Results

• Next Steps– Shadow Projects are newly underway– Progress to Date

• Conclusion: – All indications green– Need more resources

6/12/2011 2011 Safe & Secure Systems & Software Symposium © AVSI 2

The Situation

High-level Req’s in RFP

High-level Design RFP Response

Req’s Changes

Target CompletionPDR

Trades Req’s Defined Sys Design Sys Re-DesignDetailed Design

CDR

System Integration Checks

Sys Development V&VSys Integration

SCHEDULEDELAY


Aero

Avionics

Systems

Aero

Avionics

Systems

Suppliers

Suppliers

SuppliersCOST

GROWTH

Systems Are Becoming More Complex

Estimated Onboard SLOC Growth

6

8

10

12

14

16

18

20

1960 1970 1980 1990 2000 2010 2020

Year

Ln(O

nboa

rd S

LOC

)

Line FitBoeingAirbusUnaffordable

299M

27M

A330/340: 2M

A320: 800KA310: 400K

A300FF: 40K

A300B: 4..6K

INS: 0.8K

8M

Slope = 0.17718Intercept = -338.5Curve implies SLOC

doubles about every 4 years

134M

61M

B757, B767: 190KB747: 370K

B777: 4M

B737: 470K

The line fit is pegged at 27M SLOC because the projected SLOC sizes for 2010 through 2020 are unaffordable. The COCOMO II estimated costs to develop that much software are in excess of $10B.

$160 B

$7.8 B

$290 M

$81 M

$38 M

SoftwareBase CostCOCOMO II

AssumedAffordabilityLimit

Airbus data source: J.P. Potocki De Montalk, Computer Software in Civil Aircraft, Sixth Annual Conference on Computer Assurance (COMPASS ’91), Gaithersburg, MD, June 24-27, 1991.Boeing data source: John J. Chilenski. 2009. Private email.


… and constrained by dated SE methods

Silo’ed Organizations

Mismatched Assumptions

“pi”

3.14 3.141592653589793

Written

Requirements


Current tools for managingcomplexity have issues

• Operational Models• System Models• Component Models• Functional/Behavior Model• Performance Model• Structural/Component Model• Cost Model• Safety Model• Security Model• Reliability Model• Maintainability Model• Structural Model• Mass Production Model• Manufacturing (Assembly)

Models

• Modeling Domains– Ops/Mission Analysis– System Design– Algorithm Development– Hardware Design– Software Design– Logistics Support– Manufacturing– Integration & Test– Performance Simulation– Engineering Analysis– Human System Integration

• System Architecture Model (Integration Framework)

– Analysis Models– Hardware Models– Software Models– Verification Models

MultipleTruths

Incompatible Abstractions

Indeterminate Change Impact

Impact on ‘ilities

MODELEXPLOSION


Common issues create common goals and suggest a cooperative solution

• Integration complexity will continue to increase• Individual companies cannot solve it alone• Industry cannot afford to solve it multiple times• We cannot afford “not” to solve it

A coordinated, industry-wide effort is needed to solve this issue.


The Aerospace Vehicle Systems Institute

AVSI is a global cooperative of aerospace companies, government organizations, and academic institutions

The System Architecture Virtual Integration program is an AVSI

program addressing virtual integration of systems.

Past AVSI projects have covered the breadth of aerospace systems

and current research includes projects in the areas of reliability,

certification, and virtual integration.


Boeing brought the issue to AVSI

2005 2006 2007 2008 2009

AFE 32 & 32S1 AFE 58AFE 57

BoeingGoodrichHoneywellRockwell Collins

AirbusBAE SystemsBoeingGE AerospaceHoneywellLockheed MartinRockwell CollinsFAADoD ArmyDoD Navy

Boeing Commercial Aircraft Boeing Research & Technology

AFE 59Plan

CMU/SEI

AirbusBAE SystemsBoeingGE AerospaceLockheed MartinRockwell CollinsFAADoD Army

CMU/SEI

Dassault?Goodrich?Honeywell?NASA?

6 Labor-Yrs (1.5) 16+ Labor-Yrs (2)9+ Labor-Yrs (1)

2010

AirbusBAE Systems (?)BoeingEMBRAER (S1)GoodrichHoneywell (S1)Lockheed Martin (not S1)Rockwell CollinsFAADoD ArmyNASA (?)CMU/SEI (?)

AFE 59

Labor-Yrs (TBD ?)


Architecture-Centric Engineering

10

Cyber SecurityAvailability

Authentication

Integrity

Confidentiality

No repudiation

Safety and Reliability

MTBF

FMEA

Hazard analysis

Real-timePerformance

Execution time/Deadline

Deadlock/starvation

Latency

ResourceConsumption

Bandwidth

CPU time

Power consumption

Data precision/accuracy

Temporal correctness

Confidence

Data Quality

AnnotatedArchitecture Model

Virtual Integration and Validation of System Architecture

Auto-generated analytical models

source: SEI

6/12/11 2011 Safe & Secure Systems & Software Symposium © AVSI

What are the Core Elements of SAVI?


Virtual Integration for Development Cycle

1212

SoftwareArchitectural

Design

SystemDesign

ComponentSoftwareDesign

CodeDevelopment

UnitTest

SystemTest

Integration Test

Acceptance Test

Sensitivity analysis for uncertainty

RequirementsEngineering

→ generation of test cases← updating models with actual data

Confidence in implementation

From Prediction to Validation

Mod

el-d

rive

n ar

tifac

t gen

erat

ion

Con

form

ance

of m

odel

s an

d sy

stem

s

Top-Level Verification Items

High-levelAADL Model

DetailedAADL Model

Specify Model-Code Interfaces

6/5/11 2011 Safe & Secure Systems & Software Symposium © AVSI

Global Team Implementing SAVI

A distributed, multi-party development team implemented the PoC demo, reflecting current real-world development environments


Boeing

Worldwide PoC Model Development

SEI

Rockwell Collins

BAE Systems

Subversion ModelRepository at AVSI

Airbus

Lockheed-Martin

Honeywell

Goodrich

EMBRAERUS Army

FAA

What Has SAVI Been Doing?

• Strengthening the Proof of Concept by:– Building and Exercising Critical Use Cases

• “Fit” Use Case• Reliability Assessment Use Case• Safety Analysis Use Case• Behavior Use Case• About 10-15% of Total Number of Use Cases Postulated

– Improving RoI Estimate– Iterating to reset the Integrated Program Plan to fit

current economic climate


Expanded Proof of Concept Demonstration

Model Data Exchange Layer and Repository

Development

Address Questions With Current SAVI Approach

Improve ROI Analysis

Develop SAVI 1.0 Program Plan

• Collected and prioritized use cases• Expand the PoC demo to exercise

these, including mechatronic systems

• Investigating multi-language-model approaches to the Model Repository

• Developed initial SAVI requirements

• Added statistical estimation• Showed that RoI estimates are

favorable for both Suppliers and System Integrators

Initial SAVI Integrated Program Plan is being revised

Objectives Results

Outreach Expanded interaction with other efforts


Define SAVI Use Cases

• Use cases reflect modes of interaction in SAVI framework

• Identify initial high-level requirements

• Help identify technology gaps

• Use cases used to exercise PoC models


Mechatronics: Physical System Modeling

Mechatronic Actuator Model

Structural Finite Element Model

Applied Load (from MatLab model) Wing Structure Response

0

0.002

0.004

0.006

0.008

0.01

0.012

0.014

0.016

0.018

0.02

0 2 4 6 8 10 12

Architectural model captures and integrates behavior of virtual subsystems


AADL Error Annex Drives Reliability and Safety Analyses

• AADL and Error Model Annex Standard– For both reliability & safety modeling

• Assess system reliability and safety from same annotated architecture model– Focus application on embedded software system (IMA)

• Reliability Use Case– MTTF for dual redundant flight guidance (FG) and auto pilot (AP)– Different deployment configurations on dual and triple redundant HW– Consider perfect and imperfect functional & fault management SW

• Safety Use Case– Functional hazard assessment of FG and AP– Failure mode and effects analysis (FMEA) for CPU, FG and AP

failures


Safety Analysis Use Case Tier 2 Flight Guidance IMA Architecture

Computer Hardware View Embedded Software View


Use Case Demonstrations


FEM PLUG-IN DEMO

SAFETY USE CASE DEMO

Where We Are Now

• PoC feasibility is stronger after EPoCD Phase 1.– Supporting plans more credible (EPoCD final report)– RoI estimates still valid

• Use Case structure on solid footing.– Structured approach to demonstrating details– Exercising Use Cases clearly demonstrated– Relatively small number exercised– AADL is growing (new Annexes, interfaces feasible)

• SAVI is still looking for critical mass of– Number of participants– Right skill sets for participants


Average RoI for ten Monte Carlo runs

Overall average deviation

78.09% 98.33% 115.88% 0.81% 1.05% 1.73%

What Is Next?

• EPoCD Phase 2 focused on “Shadow” projects– Parallel SAVI integrations with “real” projects– Subsystem level – Goodrich DVMS– System level – AMRDEC/Rockwell CH-47 Upgrade

• Prepare for SAVI 1.0– Multi-language reevaluation (SysML/AADL/?)– Priority Set of Use Cases to demonstrate– Exercise as many priority Use Cases as possible– Look to more realistic projects

• Integrated Program Plan– Detail the SAVI Integrated Program Plan– Refine incremental development plans – SAVI 2.0, 3.0


Questions?

Contacts:

Dr. Don WardPhone: (254) 842-5021

Mobile: (903) 818-3381

[email protected]

Dr. Dave Redman Office: (979) 862-2316

Mobile: (979) 218-2272

[email protected]


Growing the SAVI Paradigm Don Ward, Aerospace Vehicle Systems Institute (AVSI) Steve Helton, Boeing Research and Technology (BR&T) Safe & Secure Systems.

Documents

computer software

software base cost cocomo

savi progress

common issues

multiple times

underway progress

background savi

boeing data source