Home > Applications > Military, Aeronautic, & Space


More than in any other industry the volume of software in an airplane has dramatically increased in the last decades. Size of software went from a few kilobytes to a few megabytes nowadays. Real trials on the final system are not only costly but sometimes impossible because it does not exist yet. That explains the strong demand in that industry for modeling.

At the same time software in the air needs to be certified in order to guarantee safety. The DO-178 series is the reference for any flying software. In november 2011 the DO-178C has been approved by RTCA/EUROCAE joint committee gathering certification authorities and the avionic industry. It introduces two new complementary documents regarding the Model based Development and Verification (MBDV) in DO-331, and the Software Tool Qualification Consideration in DO-330.

DO178C software levels Effect of software malfunction
Level A Failure may cause multiple fatalities
Level B Failure has a large negative impact on safety or performance
Level C Failure significantly reduces the safety margin
Level D Failure slightly reduces the safety margin
Level E Failure has no impact on safety

Chapter 23 of EASA Certification Memorandum on Software Aspects of Certification by European Aviation Safety Agency, 11 August 2011 regarding the validation and verification of model based software requirements and designs namely quotes SDL (LDS in the text) as a modeling technology to design embedded software of aircraft equipment as well as Scade, Matlab and SAO.

PragmaDev Studio is perfect to model communicating avionic systems and even though PragmaDev Studio code generator is not qualified, our customers in the aeronautics did certify their model and the code generated out of the model.


Military equipments and systems are under a lot of constraints. They are complex, inter-connected, safety critical, at the cutting edge of technology, and are produced in little series. This requires a lot of R&D for a few produced equipments making them substantially expansive.

It is also a domain where several levels of sub-contractors from large key accounts to small SMEs work together. Communication between the different stakeholders is paramount since a slight misunderstanding might end up in a financial disaster.

Modeling is a well proven mean of communication. The more precise the model is, the less chance there is to misunderstand the needs. Because of the high degree of telecommunication in military systems an event driven approach is more suitable than any other. Not only the static interfaces should be adressed, but more importantly the sequence of events between the different equipments.

Because of the above PragmaDev Studio event driven executable modeling technology is a perfect match for defense systems and equipments.


PragmaDev has been collaborating with ESA/ESTEC (European Space Agency / European Space Research and Technology Centre) for nearly a decade now. The following is an excerpt of ESA web site:

Requirements engineering is currently identified as one of the weak points of the software development lifecycle. Many space project reviews identify weakness in the software requirements in the early development. This leads to an incomplete development, followed by difficulties in system integration and costly software reengineering.

The importance of having consolidated software requirements at avionics level [Requirement Baseline] makes desirable the use of modellisation techniques that help the specifiers to achieve complete and consistent requirements. At software level [Technical Specification], the modellisation assists with the verification of the requirements and, more and more, with the code design and generation.

The modellisation covers:

  • the data type, in XML or ASN.1
  • the data organisation in classes and objects, and the operations that transform them, in an object oriented way UML-based, for example with the HOORA method or a UML profile
  • the behaviour the behavioural modellisation languages allow formal representation of the sequence of states and events that the system experiences. These are quite often based on state machines that exchange sequences of events, based on a synchronous or asynchronous model. The most interesting ones in the space domain are:
    • SDL
    • Esterel
    • Lustre
    • MatLab/Simulink
In particular, SDL, a standardised language used for the formal modellisation of concurrent finite state machines, has been primarily used for telecommunication protocols. It has been proved useful for some space applications:
  • modellisation in SDL and Workbench of a data handling system (Data Management System (DMS) Design Validation - DDV)
  • modellisation of the Failure Detection, Isolation and Recovery (FDIR) of the Meteosat Second Generation spacecraft the on-board software requirements for the avionics reconfiguration were modelled and a feared system event has been proved to never occur
  • modellisation of the SpaceWire protocol to consolidate the English text of the standard

For the above reasons ESA has defined the TASTE framework, an open source tool for embedded software development. The main idea is to use the most appropriate language out of a selected list of mature and existing ones. The framework will then generate the glue between the different parts of the model. Some of the selected technologies are:

  • AADL
  • ASN.1
  • SDL
  • Simulink
  • Scade
  • Ada
  • C
PragmaDev Specifier is integrated in TASTE framework.