Model-Based Design and Automated Validation of ARINC653 Architectures Using the AADL

  • Jérôme Hugues
  • Julien DelangeEmail author


Safety-Critical Systems as used in avionics systems are now extremely software-reliant. As these systems are life- or mission-critical, software must be carefully designed and certified according to stringent standards. One typical pitfall of corresponding development project is the late detection of safety issues or bugs at integration time that impose to redo development steps. Model-Based Engineering aims at capturing system concerns with specific notations and use models to drive the development process through all its phases—design, validation, implementation and ultimately, certification. Through a single consistent notation, such an approach would avoid undefined assumptions and traditional hurdles due to informal, text-based, specifications. In this chapter, we present recent contributions we pushed forward in the AADL architecture description language for the design and validation of Integrated Modular Avionics systems. First, we review modeling patterns to support abstractions for Integrated Modular Avionics systems. We then introduce capabilities to check all ARINC653 patterns are enforced at model-level. In addition, we review error modeling and safety analysis capabilities towards the production of safety reports conforming to ARP4761 recommendations, along with code generation strategies to map model elements to code. All these contributions are integrated in one uniform modeling process based on the AADL.


AADL EMV2 Safety analysis Code generation ARINC653 



Copyright 2016 Carnegie Mellon University. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

No warranty. This Carnegie Mellon University and Software Engineering Institute Material is furnished on an as-is basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied, as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity, or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

[Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.



  1. 1.
    Airlines Electronic Engineering, Avionics application software standard interface—ARINC653. Technical Report (ARINC—Aeronautical Radio, Inc., 1997)Google Scholar
  2. 2.
    ATSB Transport Safety Investigation Report, In-flight upset event 240 km north-west of Perth, WA Boeing Company 777-200, 9M-MRG. Technical Report Aviation Occurrence Report 200503722 (ATSB, 2005)Google Scholar
  3. 3.
    R. Bloomfield, P. Bishop, Safety and assurance cases: past, present and possible future an adelard perspective, in Making Systems Safer, ed. by C. Dale, T. Anderson (Springer, London, 2010), pp. 51–67CrossRefGoogle Scholar
  4. 4.
    J. Cabot, R. Clarisó, UML/OCL verification in practice, in ChaMDE 2008 Workshop Proceedings: International Workshop on Challenges in Model-Driven Software Engineering (2008), pp. 31–35Google Scholar
  5. 5.
    Carnegie Mellon Software Engineering Institute: OSATE—Open Source AADL Tool Environment. Technical report (2016),
  6. 6.
    R.N. Charette, This car runs on code, in IEEE Spectrum, Feb 2009Google Scholar
  7. 7.
    B. Clark, R. Madachy, Software Cost Estimation Metrics Manual for Defense Systems (Software Metrics Inc., Haymarket, 2015)Google Scholar
  8. 8.
    J. Craveiro, J. Rufino, F. Singhoff, Architecture, mechanisms and scheduling analysis tool for multicore time-and space-partitioned systems. ACM SIGBED Rev. 8(3), 23–27 (2011)CrossRefGoogle Scholar
  9. 9.
    J. Delange, P. Feiler, D. Gluch, J.J. Hudak, AADL fault modeling and analysis within an ARP4761 safety assessment. Technical Report (2014)Google Scholar
  10. 10.
    J. Delange, P.H. Feiler, Architecture fault modeling with the AADL error-model annex, in 40th EUROMICRO Conference on Software Engineering and Advanced Applications, EUROMICRO-SEAA 2014, Verona, Italy, 27–29 Aug 2014 (2014), pp. 361–368Google Scholar
  11. 11.
    J. Delange, P.H. Feiler, Incremental latency analysis of heterogeneous cyber-physical systems, in Proceedings of 3rd IEEE International Workshop on Real-Time and Distributed Computing in Emerging Applications, REACTION 2014, Rome, Italy, 2 Dec 2014 (2014)Google Scholar
  12. 12.
    J. Delange, L. Pautet, F. Kordon, Design, implementation and verification of MILS systems. Softw. Pract. Exper. 42(7), 799–816 (2012)CrossRefGoogle Scholar
  13. 13.
    E. Denney, G. Pai, J. Pohl., Advocate: an assurance case automation toolset, in Proceedings of the 2012 International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2012 (Springer, Berlin, Heidelberg, 2012), pp. 8–21Google Scholar
  14. 14.
    R. Frana, J.-P. Bodeveix, M. Filali, J.-F. Rolland., The AADL behaviour annex – experiments and roadmap, in Engineering Complex Computer Systems (2007), pp. 377–382Google Scholar
  15. 15.
    A. Gacek, J. Backes, D. Cofer, K. Slind, M. Whalen, Resolute: an assurance case language for architecture models, in Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology (ACM, 2014), pp. 19–28Google Scholar
  16. 16.
    C. Hagen, J. Sorensen, Delivering military software affordably, in Defense AT&L (2013), pp. 30–34Google Scholar
  17. 17.
    A.V. Khoroshilov, I. Koverninskiy, A. Petrenko, A. Ugnenko, Integrating AADL-based tool chain into existing industrial processes, in ICECCS (2011), pp. 367–371Google Scholar
  18. 18.
    N. Mahadevan, A. Dubey, G. Karsai, A case study on the application of software health management techniques. ISIS-11-101, Jan 2011 (2011)Google Scholar
  19. 19.
    Military Aerospace, DO-178C nears finish line with credit for modern tools and technologies, May 2010Google Scholar
  20. 20.
    OMG, UML 2.0 Specification (Object Management Group, Final Adopted Specification, 2005)Google Scholar
  21. 21.
    SAE International, AS5506B—Architecture Analysis and Design Language (AADL), Sept 2012Google Scholar
  22. 22.
    SAE International, AS55061/A—SAE Architecture Analysis and Design Language (AADL) Annex Volume 1, Oct 2015Google Scholar
  23. 23.
    B. Zalila, I. Hamid, J. Hugues, L. Pautet, Generating distributed high integrity applications from their architectural descriptionGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.Institut Supérieur de l’Aéronautique et de l’EspaceUniversit de ToulouseToulouseFrance
  2. 2.Carnegie Mellon Software Engineering InstitutePittsburghUSA

Personalised recommendations