Airbus, a European world leader in the market for civil passenger aircraft, was expanding its portfolio of airliners with the modernized single-aisle A318, the long-range Airbus A340-500/600, and the A380 extra wide body twin-deck aircraft, among others.
Airbus Deutschland GmbH, the supplier of the cabin management system, turned to redlogix – in its former firm as 4D Engineering GmbH – for the development of substantial software components for the A318, A340-500/600 and A380.
In the challenging area of on-board software for civil aviation redlogix was demonstrating its technological competence with the the development of safety critical systems and the according standards and processes. The parts contracted to us were classified as criticality levels DAL D, C and B due to DO-178B.
In cooperation with our hardware partner TQ Systems we have been centrally involved in development of the Mini-FAP (FAP = Flight Attendant Panel) device. For the firmware of this device all DO-178B software development processes were defined and executed by redlogix in main responsibility.
Technologies Employed
- PowerPC
- Intel Pentium
- Touchscreen
- TCP/IP
- Tornado / VxWorks
- DO-178B
- ANSI C
- Java Native Interface
System Overview
CIDS (Cabin Intercommunication Data System) is the core digital cabin management system used in all Airbus aircraft. The system controls and displays cabin functions for passengers and crew. This includes cabin lighting, cockpit/cabin announcements, door status indication, emergency signals, non-smoking/fasten seatbelt signs, smoke detectors, cabin temperature, water/waste tank capacity and various other cabin functions, some of which are safety critical. The system consists of a central computer, the director, the director interface board, one or more flight attendant panels and a data network for audio transmission in the cabin. However, each air transportation carrier sets specific needs and requirements for the CIDS configuration and thus, flexibility was a key feature for the software design.
Flight Attendant Panel
The FAP (Flight Attendant Panel) is used to display and set the CIDS cabin parameters and functions. It is based upon an Intel Pentium system and is operated by means of a touchscreen. The monitor consists of an LCD with 1024 x 768 pixel resolution.
Screenshot Flight Attendant Panel
An application that runs on the VxWorks real-time operating system from Wind River Systems is used for communication with the actual user interface. The FAP has various different types of memory cards for loading operating parameters. In addition to the basic hardware, it is also possible to add an optional PC and use a special driver developed by redlogix to display information on the LCD monitor of the FAP.
Director Interface Board
The DIB (Director Interface Board) is an interface between the main CIDS computer and the FAPs. It is based upon a Motorola PPC860 and communicates with the director via a dual-ported RAM. TCP/IP is used for the connection with the FAPs.
For safety reasons, two directors and two DIBs are installed. All are active and carry out all functions at the same time. The redundant set can therefore take over if the other set should not be operational.
Since the director is independent of the number of FAPs, one of the functions of the DIB, is to communicate with and manage several FAPs.
Software Architecture
The VxWorks real-time operating system provides the basis for the software architecture of the FAPs. VxWorks has been found to be a very valuable RTOS for demanding real-time applications, especially in the case of such complex projects. With its extensive network connectivity and generous function libraries in combination with Tornado, the integrated development environment, it permits convenient cross-development of embedded real-time software systems.
This is used to support an application layer in the form of an event-controlled, message-based multitasking system. The task system is driven by the strictly priority-based preemptive scheduling of VxWorks. Each task implements a state machine, which means that the control flow is determined by events. These events, as well as all other data, are exchanged between tasks by means of messages buffered in a message queue for each task. This type of architecture has been found to be very effective and is therefore frequently used by redlogix for more complex real-time applications.
Development and Certification for RTCA DO-178B Compliance
The A318 and A340 application software was implemented in ANSI C (and Java for the FAP), while the A380 software was done in C++. The Tornado II integrated development environment was used during development. The manufacturer had already obtained certification for aviation applications for the core of the VxWorks real-time operating system, which is frequently used for on-board software in the aviation industry. The CIDS application software required aviation Level C and D certification, while the smoke detector board was classified as DAL B. As a result, the CIDS software was developed in compliance with DO-178B, one of the world’s most stringent standards for software development, for levels B, C and D.
For the Mini-FAP device software and the I-PRAM software component on DIB redlogix was given sole responsibility for the delivery of extensive certification documentation in compliance with DO-178B level D. Special logging tools and mechanisms were developed and implemented for convenient software testing.