EADS CASA MTAD Refueling Application Case Study

Background

EADS is a global leader in aerospace, defence and related services, with 2003 revenues of EUR30.1 billion. The EADS Group includes the aircraft manufacturer Airbus, the world's largest helicopter supplier Eurocopter and the joint venture MBDA, the second largest missile producer in the global market. EADS is the major partner in the Eurofighter consortium, is the prime contractor for the Ariane launcher, develops the A400M military transport aircraft and is the largest industrial partner for the European satellite navigation system Galileo.

EADS CASA is one of the Spanish branches of EADS. Its Military Transport Aircraft Division (MTAD) designs, manufactures and commercialises light and medium transport aircraft. Tanker aircraft represent a growing market for EADS/CASA with the company responsible for the transformation of Airbus A310-300 and A330-200 platforms into the Combi/Cargo/Passenger configuration and into the Multi-role Tanker Transport (MRTT). Together with four other companies, MTAD is part of the joint Air Tanker project which has been selected as a Preferred Bidder for Britain's Future Strategic Tanker Aircraft programme (FSTA).

The A330 MRTT is the world's most modern tanker transport plane. Developed from the Airbus A330 family it provides a combination of versatility and flexibility to deliver cost-effective high performance. Central to this is its advanced state-of-the-art fly-by-wire boom. This is controlled by sophisticated control software to allow in-flight refuelling with avionics that can be customised to client needs.

As well as refuelling, this application will also be responsible for controlling an artificial 3D-vision surveillance system, a night vision compatibility system, release and retract system with redundant hoist and lock and an independent disconnection system.

Business need

Sophisticated, safety critical control systems are crucial to the successful operation of the A330 MRTT. Due to the highly competitive nature of the global tanker market, speed of development, cost and the ability to flexibly configure systems to meet individual needs were vital to the project's success.

These objectives required a programming environment that combined the highest levels of safety with development speed and flexibility. The foundation operating system needed to be ARINC 653 compliant, while the overall system required RTCA DO-178B level A safety certification.

CASA has been using Ada since the 1980s, meaning that a combination of the programming language and Wind River's Platform for Safety Critical ARINC 653 were therefore the natural choice for the tail boom project. Through AdaCore and Wind River's partnership the integrated solution combines the highest level of safety with strong support to provide the fastest development environment.

AdaCore's GNAT Pro provides a run-time suited for avionic applications that is certifiable up to level A of DO-178B, meeting the boom project's requirements for safety- and mission-critical robustness and flexibility. Wind River Platform for Safety Critical ARINC 653 is based on VxWorks AE653, a fully ARINC653 Supplement 1 compliant operating system that includes time and space based protection domains integrated with Wind River's leading device software development tools and partner solutions including Ada, test and verification tools and market specific hardware board support packages. Platform for Safety Critical ARINC 653 enables application of different safety levels to share computing resources and is specifically designed to support applications such as integrated modular avionics.

"To ensure that together we deliver the safety-critical systems that avionics applications demand our partnership with AdaCore is extremely close, the result of a successful and long-standing collaboration," commented Rob Hoffman, Director Aerospace and Defense, Wind River. "Our work on the EADS CASA boom project demonstrates the advantages in flexibility and development speed that our combined solution delivers."

About AdaCore and GNAT Pro

Founded in 1994 by the original authors of the GNAT technology, AdaCore is the leading provider of solutions for all aspects of Ada software development. This link means that customers access expertise provided by the actual developers of GNAT Pro themselves, ensuring the best technical support, supplied by those with the strongest level of Ada expertise. AdaCore is a new kind of software company providing innovation through its market-leading GNAT Pro technology and an expert support system second to none. The net result is reduced risk, higher productivity and shorter time to delivery.

GNAT Pro is the most widely used Ada development environment, and a natural solution where efficient and reliable code is critical. At the heart of GNAT Pro is a full featured multi-language (Ada, C, C++) development environment complete with libraries, bindings and a range of supplementary tools. All its technology combines the flexibility and freedom associated with Open Source development and the assurance that comes from knowing that all tools go through a rigorous quality assurance process. It is based on the GNU GCC compiler technology and is backed by rapid and expert support service.

GNAT Pro High Integrity Edition for AE653 targets the Wind River Platform for Safety Critical ARINC 653. It provides sophisticated Ada development tools for the various partition kinds and operating modes available on AE653, and includes a full Ada binding to the ARINC653 Application Executive (APEX) implemented by AE653. The product features a configurable Ada run-time library capability, and specific run-time library profiles for common classes of safety-critical applications. These capabilities reduce the cost of safety-certification by customising the Ada run-time support library to the application.

GNAT Pro has been used by industry and government customers worldwide in professional, mission-critical software products ranging from small-footprint real-time embedded applications to large-scale information management systems. It has been ported to more platforms, both native and embedded, than any other Ada technology.

Benefits

With orders already received EADS CASA has had to develop the A330 MRTT to extremely tight deadlines. The tail boom project began in 2003 and a demonstration prototype is expected to be flying by the end of 2005. The first aircraft are scheduled to be delivered to the Royal Australian Air Force in 2008.

Technology is crucial to this speed - EADS CASA needed a high-quality and cost-effective solution that provided the flexibility to be tailored to differing needs. In all, the project contains 50,000 lines of code, developed by both EADS CASA and its subcontractors.

The combination of EADS CASA's experience using the tools, the close partnership between the two companies and the safety critical nature of the application meant that AdaCore and Wind River were the obvious choice for EADS CASA's needs.

"When we started the project we had free rein to choose the best solution to meet our demanding needs," concluded Carlos Fernāndez de la Hoz, EADS CASA. "The combination of AdaCore and Wind River has enabled us to deliver a high quality, flexible solution to control the refuelling system on time and on specification."

1 | 2

If you found this page useful, bookmark and share it on:

 
Embedded Star Newsletter
Don't have time to visit Embedded Star everyday? Then sign up for our free newsletter. We'll send you an email when we have something to share with you. Your email address will be kept confidential and we will not share, sell, or rent it to anyone. You can unsubscribe at any time by clicking a link in the email.

Enter your email address to sign up for our free newsletter:   

If you are familiar with RSS feeds, you can also sign up for our free blog feed. Our RSS feed is updated in real-time while our newsletter is updated daily.