SCADE 6: Requirements Driven, Model Based, Safety Focused

Avionic, railway, and high-end automotive systems have become too complex to develop and coordinate without the assistance of a design environment that connects all of the developers through their participation in the execution of the engineering process. The more efficient solution in this case is to use a model-based design tool. The adoption of Model-Based Design brings several benefits such as:

  • Addressing the complexity inherent in control system designs
  • Starting software design before physical systems are available
  • Verifying the system prior to implementation, thus facilitating the detection and elimination of errors in requirements specification significantly earlier in the development cycle
  • Creating a structure for software reuse that permits a reliable and cost effective upgrade path for established designs

SCADE(TM) enables a rigorous and cost effective Model-Based Design process
SCADE is a Model-Based Design tool chain dedicated to the development of safety-critical embedded systems that must be submitted for certification to DO-178B, IEC 61508, EN 50128 or ISO 26262 standards.

SCADE modeling capabilities cover design, verification and optimization of complex algorithms, control intensive applications, and graphic interfaces. Furthermore, several SCADE modules, such as the SCADE automatic Code Generator, have been qualified to produce the evidence mandated by certification authorities, thus supporting a safety-critical process in a cost effective manner.

Esterel Technologies’ architects have created SCADE to broaden the creativity of system and software engineers, whilst removing a significant part of the certification process burden. All the code of the software application is designed and validated at model level; all the code generated from the model is certifiable.

The SCADE Model-Based Development work flow enables:

  • Capturing the system requirements allocated to software
  • Designing the software architecture and describing precisely and without ambiguity the system behavior (algorithms, state machines, etc.)
  • Incorporating timing, data typing and interconnection considerations in the design
  • Verifying the design against system requirements:
    • Automatically generating the C code
    • Managing traceability links between requirements, model, and code

SCADE Certified Software Factory enables the process and gathers the technologies and tools to take on the new challenges of safety-critical embedded software development
The SCADE 6 Certified Software Factory (CSF) is a software engineering environment that delivers certifiable software by way of an architecture that is specifically tailored for the design of safety critical software applications.

SCADE 6 Certified Software Factory (CSF)
SCADE 6 Certified Software Factory (CSF)
[click to enlarge]

SCADE CSF is equipped with a set of tools to verify and validate the software throughout the engineering flow. Using test scenarios that are independently created from the system requirements, simulations are executed on the model, recorded and rerun as required.

Concurrently, the SCADE Model Test Coverage (MTC) module assesses how thoroughly a model has been explored by simulation. MTC quickly reveals shortcomings in test procedures and inadequacies in the requirements. Furthermore, it automates the identification of unintended functionalities that have no traceable place in the specification and which are otherwise extremely difficult, and hence costly, to locate. The functional verification activity is complete as soon as MTC analysis shows that all the model elements have been covered with respect to the requirements.

Formal verification techniques complement human testing abilities very well. SCADE Design Verifier* empowers the efficient validation of safety requirements and identification of malicious bugs, which would otherwise escape conventional testing but would show up in the lifetime of production systems.

The SCADE Requirements Management Gateway facilitates the synchronization of design artifacts; the system requirements, the design, the test plan and all the project documentation will be aligned thought the project. SCADE RM Gateway can generate reports that facilitate certification process such as traceability matrix, coverage analysis, and impact analysis.

SCADE generated code can be integrated in a great variety of hardware targets or certified partitioned Real-Time OS, using the C code cross-compiler you selected.

Adopting SCADE allows the automation of high cost/low value tasks
Finally, you can take benefit from the qualification of the SCADE KCG Code Generator. SCADE KCG has been audited and tested by industrial certification authorities (including EASA & FAA for the DO-178B standard, and TÜV Süd for the IEC 61508 & EN 50128 standards) such that it is trusted for the most vital safety critical applications. The qualification credits eliminate the need for a major part of the effort that must otherwise be expended on low-level test and verification; there is no need to verify the generated code against the specification, nor to perform code reviews or code coverage structural analysis.

The focus of testing is lifted up to the model level in order to ensure the functional relevance of the specification rather than the fidelity of the hand coded implementation. The benefits of this approach are endorsed by the worldwide engineering community; recently, SCADE KCG Code Generator and SCADE MTC have been qualified by the FAA for the development of the Boeing 787 Landing Gear System.

SCADE 6 Unified Modeling Style consistently covers complex algorithms and complex control software

SCADE 6 Unified Modeling Style
SCADE 6 Unified Modeling Style
[click to enlarge]

SCADE 6 supports the Unified Modeling Style, which interleaves data flow and state machine styles at any level in the design hierarchy; both styles can be combined as defined by the modeling task, whilst continuously supporting design modularity. Furthermore, this is a commutative relationship such that a data flow diagram can contain state machines, and a state machine diagram can contain data flows.

SCADE Model-Based Design, the efficient solution for complex systems
Only lean processes are able to cope with the challenges of Safety-Critical systems and software development process. User and application specific tools and methods are unaffordable; the benefits always fail to justify the cost of ownership. Meanwhile, pressure on schedule and cost is ever increasing.

Based on this ease of integration, the SCADE Certified Software Factory can automate many tedious tasks. Thanks to this technology, challenges such as safety, integrity, repeatability, developments of variants and parameterization can be integrated in a well-defined and reproducible manner into existing environments.

* SCADE Design Verifier is based on Prover Plug-in(TM), a trademark of Prover Technology AB in Sweden, the United States and other countries.

This contributed article was submitted by Esterel Technologies.

About Esterel Technologies
Esterel Technologies is a worldwide supplier of model-based design, validation, and code generation tools for safety-critical software and hardware applications. The product offering is based on two-product line: SCADE Certified Software Factory and Esterel Studio(TM). SCADE Suite and SCADE Display combined in the SCADE Certified Software Factory form the only integrated and industrialized tool suite spanning algorithm, logic and displays design, merging formal verification and certified code generation. Esterel Studio(TM) is the market leading front-end design and verification suite for control-intensive hardware IP. Esterel Studio delivers the full benefits of ESL synthesis with automated RTL/C/SystemC code production from a single and formally verified Esterel Studio IP executable specification. Esterel Technologies is a privately held company with headquarters in Elancourt, France and Mountain View, California, USA, and with direct sales offices in Germany, the United Kingdom, and China.