Professional Documents
Culture Documents
Flow chart:
Compute value y from x
according to the relationship:
Set Accumulator (A) to x Acc:=x
y Slope = m
Add c to Accumulator Acc:=mx+c
k Yes
Is Accumulator
y = mx + c <= k
c No
If Acc > k
Set Accumulator to k
Then Acc:=k
x
y:=mx+c
Store Accumulator in y
limited at k
Evaluation of the algorithm commences with the instruction register set to 100.
• Fetch instruction: ALU(A) is set to the function R = A + 0 and its output is routed through
the memory interface to address the memory at location 100 and the instruction ‘Load the
Accumulator with the contents of memory location 300’ is fetched from memory (memory
read cycle). The operand address, in this case 300, now appears on the B port of ALU(A).
• Fetch data: ALU(A) is now set to the function R = 0 + B and addresses the memory at
location 300. Variable x is fetched from memory (since memory location 300 contains the
value of variable x) and this now appears on the B port of ALU(D).
• Execute instruction: ALU(D) is now commanded to execute the ‘Load’ instruction and is
set to the function R = 0 + B, and variable x is loaded into the accumulator register.
This completes the first instruction and the CPU steps onto the next instruction by incrementing
the instruction register to the value 101, and the execution cycle commences again:
• Fetch instruction: Fetches the instruction at memory location 101, namely ‘Multiply the
Accumulator with the contents of memory location 200’. The operand address, in this case
200, now appears on the B port of ALU(A).
• Fetch data: Constant m at memory location 200 is fetched from memory and this now
appears on the B port of ALU(D).
• Execute instruction: ALU(D) is now commanded to execute the ‘Multiply’ function R =
A × B by a series of add and shift operations into the Accumulator register, resulting in it
taking the value of x multiplied by m.
R A
Addr Op Reg Op Addr Result 3. Read Memory
2. ALU(A) Set to
at location 100
R= A+0 = 100 R=A+0 100 Load
L Acc 300 Acc:= x
Address
A B 100 101 Multiply Acc 200 Acc:= mx
Fetch
Instruction 102 Add Acc 201 Acc:= mx + c
Read/
100 Write
Instruction 103 Skip if < = Acc 202 If Acc >k then Acc := k
IInstruction Execution Unit
Memory
Register 104 Load Acc 202
M Interface
300 105 Store Acc 301 y := Acc
D
Data 106 Loop back 6
1. Instruction
Register = 100 --------
200 Constant m
201 Constant c
Accumulator
A (A) 4. Operand 202 Constant k
Address = 300
--------
300 Variable x
A B 301 Variable y
ALU (D)
A
Memory
R
Memory
Interface
Register 100 Instruction 104 Load Acc 202
--------
200 Constant m
201 Constant c
Accumulator (A)
3. Operand = x 202 Constant k
--------
2. Read Memory
300 Variable x
at location 300
A B 301 Variable y
ALU (D)
Memory
R
Central
C entral Processing
Processing Unit
Unit
Memory Interface
Load Acc 105 Store Acc 301 y := Acc
cc
--------
200 Constant m
--------
300 Variable x
ALU (D)
Memory
1. ALU(D) Set to R
R=0+B
Central Processing Unit
The CPU steps onto the next instruction at memory location 102, and the execution cycle
repeats again, this time:
• Fetch instruction: ‘Add to the accumulator the contents of memory location 201’.
• Fetch data: Constant c is fetched from memory.
• Execute instruction: ALU(D) is now commanded to execute the ‘Add’ function R = A +
B and writes the answer back into the accumulator register resulting in it taking the value
of mx + c.
The CPU steps onto the next instruction at memory location 103, and the execution cycle
repeats again, this time:
• Fetch instruction: ‘Skip if the accumulator contents are less the value of memory location
202’.
• Fetch data: Constant k is fetched from memory.
• Execute instruction: ALU(D) is now commanded to execute the ‘subtract’ function R =
A − B, but this time it does not write the contents back into the accumulator register; instead
the instruction register is incremented if the answer is negative, that is, mx + c is less than
constant k, then the next instruction is skipped.
The CPU steps onto the next instruction. The instruction at memory location 104 will only be
executed if mx + c is greater than constant k. This instruction is a ‘Load’ instruction like the
first at location 103, and will overwrite the accumulator register with the constant k.
The instruction at memory location 105 is a little different to previous instructions.
The final instruction at memory location 106 changes the instruction sequence:
The above rather simple example serves to illustrate how a CPU fetches and executes
instructions contained in its memory and reads and writes data to and from memory. It can be
seen that the memory contains three classes of information:
• instructions;
• constants;
• variables.
42 Civil Avionics Systems
The memory characteristics required for these classes differs; the implications are explored
further in Section 2.9.
• Direct addressing: This is used to access data (generally constants) in the same segment
(page) as the instructions being executed. The resultant operand address is the current
instruction page concatenated (joined) with the short operand address in the instruction.
• Relative addressing: This is used to access data (generally constants) in the same block of
code as the instructions. The resultant operand address is the current instruction address plus
the short operand address in the instruction. This mode has the benefit that the instruction
code block with associated constants can be relocated in memory without revising the short
operand addresses, since each address is relative to the instruction that called it.
• Indexed addressing: This is used to access data (generally variables), data tables, first-in
first-out stacks and data arrays. The resultant operand address is the selected index register
plus the short operand address in the instruction.
Extended Op Address
ALU
2.7 Software
2.7.1 Software Introduction
Software is the heart of modern digital avionics. It gives the system a flexibility that is far
beyond that achievable from analogue equivalents. The software describes algorithms, logical
statements, data and control processes. Designing, coding and testing software requires unique
procedures to prove beyond reasonable doubt that the software is at least as reliable as its host
hardware. Separate, but similar procedures have been developed for military and civil avionics
systems, but with the same broad intent.
Investment in software is vast. The Airbus A320 avionics system has around 800,000 lines of
code. The Boeing 777 avionics system has in excess of 4,000,000 lines of code running on 50-
plus hardware platforms. The Airbus A380 and Boeing 787 will have many more lines of code.
As a rough order of magnitude it has been said that the number of lines of code for an avionics
system doubles every 10 years, with a commensurate increase in the man-hours/man-days
required to develop and certify the software to the appropriate design assurance level (DAL).
This section is intended only as an introduction to the subject. For further information the
reader is directed to other works on the subject [6].
• The compiler: Translates the application software (source code) into an intermediate form.
It performs syntax checking, (mis)use of types and generates warnings or errors.
• The assembler: Translates the intermediate code to machine code (object code), which is
the sequence of binary numeric values representing CPU-specific instructions plus data and
references to data.
44 Civil Avionics Systems
Application
(High -order language
Non -machine specific
e.g. Ada, C++
All designed and built to
appropriate levels of
assurance to meet
Compiler
integrity requirements.
Source Code
(Low -order language
Machine -specific
Using Computer Aided
Assembler) Software Engineering
(CASE) tools.
Assembler
Scheduler/
Object Code Object Code (e.g. I/O Drivers
Run -Time Executive/
Real -Time Operating System
Linker/Loader
To Program
Machine Code (executable binary)
Memory (ROM)
• The linker: Combines multiple machine code entities into a single executable entity and
resolves address references between entities.
• The loader: Writes the run-time executable code into the assigned CPU memory locations.
• Firmware: The Institute of Electrical and Electronics Engineers (IEEE) Standard Glossary
of Software Engineering Terminology, Std 610.12-1990, defines firmware as “The combi-
nation of a hardware device and computer instructions and data that reside as read-only
software on that device,” and adds that the confusion surrounding this term has led some to
suggest that it be avoided altogether.
• Effective: Uses the available resources to the best advantage. The limited resources are time
(available calculation power) and space (available memory and available I/O).
• Reliable: Eliminating design faults and taking recovery action if dysfunctions occur (tolerant
to failures).
• Intelligible: Readable (generally as a result of good coding style) and easily able to isolate
data and operations carried out on the data.
• Reusable: The desired analogy is the concept of software components being as widely
reusable as electronic components. In order for a library of components to be reusable, it is
essential that each is fully documented and characterised.
Airworthiness
Requirements
System
System Life-Cycle Processes
Operational
Requirements System Safety Assessment Process
System Requirements
Allocated to Software Fault Containment
Boundaries
Software Level(s)
Error Sources
Design Constraints Identified/Eliminated
Integral Processes
criteria are required to be specified for each phase. The philosophy is that correctness should
be achieved during development rather than by subsequent elimination.
Each step in the recommended design process has a set of prescribed objectives, and
activities or guidance for the process step, the rigor of which is moderated by the design
quality assurance level.