In the near future, we expect to see existing cockpit applications and new cockpit applications to rely on always-on connectivity via satellite. Introduction of any new process into the cockpit operation must be thoroughly tested to ensure adherence to the highest standards and safety protocols. However, while standards and guidelines set the overall safety requirements for software such as satellite enabled cockpit applications, it does not provide methodologies or any one way of attaining the desired requirements. So why should you, and how do you go about performing end-to-end testing of satcom-based applications in aircrafts?
Currently, the vast majority of cockpits are reliant on static information. Flights are planned prior to take-off and all needed information such as route plan, travel time and weather forecasts are brought into the cockpit before take-off. With satcom enabled connectivity such information will be online available including changes and updated information from both ground and aircraft side. For example, updated weather forecasts can lead to changed travel routes. From ground it will be possible to have a 4D representation of aircrafts – longitude, latitude, hight and time.
However, introduction of inflight cockpit connectivity is no trivial process. A satellite link is characterized by latency, fading and other impairments. And on top of that it is not possible to control or even reproduce a satellite connection by use of a real link (on-air) in the test setup.
A solution to this is using an emulated satellite connection like shown in the illustration where the application is connected to the server via a satellite terminal connected to a satellite network emulator. A network specific emulator can be fully controlled with regards to emulating different real-life satellite link behaviour. This is important to verify robustness and user experience of an application under different conditions.
This testbed will allow for end-to-end testing of an application under realistic link conditions. Certification for safety critical use recommends validating that all code has been executed during test and such inspection is best done using dynamic analysis tools. During execution of tests the tool measures coverage directly in the code to make sure that test execution covers critical code. Source code of the application is instrumented to provide data on the actual execution in a coverage report. This also implies suggestions for missing test cases to cover all code.
The last element of the concept illustrated below is a test manager for automatic running test cases. It interacts with application and server for the functional testing by simulating user interaction, observing data displayed and controlling server data. Robustness to environmental challenges like satellite link impairments, handovers or even satellite link drops are also controlled by the test manager using satellite link emulator.
In the illustration you see a concept for a test environment combining end-to-end testing and visibility into code coverage of your test. The vision is a fully automated environment executing exactly the tests needed to verify the application.
Aero safety experts such as Afuzion have many years of experience in this field and has written a very informative whitepaper on the subject. The ‘DO-178C Best Practices – For Engineers and Managers’ whitepaper guides application developers on how to develop compliant and safe aero solutions. Click here, to go to whitepaper. For more information about AFuzion click here.
For more information on end-to-end-testing of satcom enabled applications in aircrafts please contact our Product Manger Svend Holme Sørensen at firstname.lastname@example.org or telephone +45 3030 4648.