a practitioner's guide to do-178b, certification and the emerging do-178c standard shinto...
Post on 24-Dec-2015
222 Views
Preview:
TRANSCRIPT
A Practitioner's Guide to DO-178B, Certification and the Emerging DO-178C
Standard
Shinto JosephOperations Director,
LDRA Technology Pvt. LtdBangalore
Software TechnologySoftware Technology
Click to edit Master title style
• Introduction• DO-178B Overview• Verification Activities
– Review– Testing– Analysis
• What’s Coming with DO-178C?– DO-178C Structure– Software Development Landscape– Traceability
• Indian Scenario• Summary
Agenda
Click to edit Master title style Agenda
DO-178B Overview
Click to edit Master title styleDO-178’s Timeline
• DO-178, November 1981– Basic guidance
• DO-178A, March 1985– 3 failure conditions / software levels
• critical/1, essential/2, non-essential/3– Development/verification steps
• DO-178B, December 1992– 5 failure conditions / software levels
• Catastrophic/A, Hazardous/B, Major/C, Minor/D, no effect/E
– Objectives-based• DO-178C, 2011?
– A modest update to DO-178B (If C based development)
– Adds guidance on model-based development, formal methods, object-oriented technology & tool
qualification
Click to edit Master title styleF-16 Falcon
Unstable airframe
Click to edit Master title styleF-16 Falcon
Unstable airframeFlipped crossing 0o
Click to edit Master title style
?• What failures
can occur
Result - System level Safety Integrity Level (SIL)
Hazard Analysis
• Severity
• Probability
Click to edit Master title style
Software Level
Impact of Failure
Probability of Failure(per operating hour)*
A Catastrophic 10-9
B Hazardous 10-7
C Major 10-5
D Minor 10-3
E No effect N/A
*FAA System Safety Handbook, Chapter 3: Principles of System Safety; December 30, 2000
DO-178B Safety Integrity Levels
Click to edit Master title style
Safety Assessment Process Guidelines & Methods (ARP 4761)
Aircraft and System Development Processes(ARP 4754)
Guidance for Integrated Modular Avionics (DO-297)
Electronics Hardware Development Lifecycle
(DO-254)
Software Development Lifecycle (DO-178B)
System Design InformationSafety InformationIntendedAircraftFunctions
Electronics Hardware Development Lifecycle
(DO-254)
Electronics Hardware Development Lifecycle
(DO-254)
DO-178B process
Click to edit Master title style…..DO-178B process
• Intended to ensure that avionics software performs its intended function with an appropriate level of confidence in safety.• Defines 5 processes:
– Planning, development, verification, configuration management and quality assurance
• Defines 5 levels of design assurance and 66 objectives:– Level A: 66 objectives (25 with independence)– Level B: 65 objectives (14 with independence)– Level C: 57 objectives – Level D: 28 objectives– Level E: no objectives
• Provides guidelines for implementing these processes and meeting these objectives.
Click to edit Master title styleDO-178B (cont.)
• Certifiable Software became central goal – Deterministic Verification Techniques
Software Level
Impact of Failure
Structural Coverage Technique
A Catastrophic MC/DC
B Hazardous Decision
C Major Statement
• MC/DC code coverage ensures that all conditions that independently affect a programmatic result have been tested
Click to edit Master title styleVerification Process
• Purpose: Detect and report errors that have been introduced during the software development process.
• Objectives: SystemRequirements
SoftwareRequirements
SoftwareArchitecture
SourceCode
ExecutableObject Code
satisfies
satisfies satisfiessatisfies
satisfies
Click to edit Master title styleVerification Activities
• Review− A qualitative assessment of accuracy,
completeness consistency and correctness.• Testing
− Demonstrate that the software satisfies its requirements.
− Demonstrate, to an appropriate degree of confidence, that errors that could lead to unacceptable failure conditions have been removed.
• Analysis− A quantitative assessment of accuracy,
completeness consistency and correctness.
Click to edit Master title styleReview
• A review provides a qualitative assessment of accuracy, completeness consistency and correctness.
if (x < 0) then z = y – 2;else z = y + 2;
- IP boilerplate- Comments- Indentation- Complexity- …
ReviewResult
- Compliance with requirements- Compliance with architecture- Verifiability- Accuracy and consistency- …
sourcecode
standards checklist
Click to edit Master title styleTesting
• Testing demonstrates, to an appropriate degree of confidence, that software satisfies its requirements and that errors that could lead to unacceptable failure conditions have been removed.
− Requirements-based tests: verify implementation of requirements.
− HW/SW integration tests: verify correct operation in the target computer environment.
− SW/SW integration tests: verify software interfaces and interrelationships.
Click to edit Master title style
• Test success− Proceed
• Test failure− Incorrect software behavior− Incorrect requirement− Incorrect test case/procedure− Incorrect test environment/setup
Test Result Analysis
Click to edit Master title styleTraceability Analysis
• Objectives− Verify that every requirement is implemented.− Verify that every requirement is tested.− Verify that every line of code has “a reason to be”.
• Common gaps− Requirement has no associated tests:
o Missing trace information, missing tests.− Requirement has no associated source code:
o Missing trace information, missing code, extraneous requirement.
− Source code doesn’t trace to requirements:o Missing trace information, extraneous code.
Requirements
Code Tests
Click to edit Master title style
Moving from DO-178B to C: The Essentials
Click to edit Master title style
Core DocumentIncluding DO-178B &Revised Processes
DO-178C
Click to edit Master title style
Core DocumentIncluding DO-178B &Revised Processes
Formal Methods
Supplement
Model-Based Development Supplement
Object- Oriented
Technologies Supplement
DO-178C
Click to edit Master title style
Core DocumentIncluding DO-178B &Revised Processes
Formal Methods
Supplement
Model-Based Development Supplement
Object- Oriented
Technologies Supplement
Tools Supplement
DO-178C
Click to edit Master title style
Software Development Landscape
DO-178C
Click to edit Master title styleTier 1Tier 1 High Level
Requirements
Click to edit Master title style
Software SpecsHand Code
Formal MethodsModelling Tools
High LevelRequirements
Tier 2
Tier 1
Click to edit Master title style
Implementation(Source Code / Assembly )
Software SpecsHand Code
Formal MethodsModelling Tools
High LevelRequirements
Tier 3
Tier 2
Tier 1
Click to edit Master title style
Host Tier(Node 1 – n)
Implementation(Source Code / Assembly )
Software SpecsHand Code
Formal MethodsModelling Tools
High LevelRequirements
Tier 4
Tier 3
Tier 2
Tier 1
Click to edit Master title style
Target Tier(Node 1 – n)
Host Tier(Node 1 – n)
Implementation(Source Code / Assembly )
Software SpecsHand Code
Formal MethodsModelling Tools
High LevelRequirements
Tier 5
Tier 4
Tier 3
Tier 2
Tier 1Tier 1
Click to edit Master title style
Test Results& Defects
Target Tier(Node 1 – n)
Host Tier(Node 1 – n)
Implementation(Source Code / Assembly )
Software SpecsHand Code
Formal Methods
High LevelRequirements
Test Results& Defects
Test Casesto LL Reqs
Test Casesto LL Reqs
LL Reqsto HL Reqs
Code to LL Reqs
Code &QualityReviewdefects
DesignReviewdefects
Requirements Traceability Matrix
Requirements Traceability Matrix
Requirements Traceability Matrix
Requirements Traceability Matrix
Tier 5
Tier 4
Tier 3
Tier 2
Tier 1
Modelling Tools
Click to edit Master title style
Traceability:Complex
Click to edit Master title styleComplexity: Sources
Dynamic aspects:Coverage must be performed on target
& combined with static traces to assure completeness
Formal Methods
Model-Based Development
Object- Oriented
Technologies
Low Level Requirements, or design?
Click to edit Master title style
System requirements allocated to Software
High-Level Requirements
Low-Level Requirements
Source Code
Executable Object Code
Test Cases
Test Procedures
Test ResultsReview and
Analysis Results
SW Architecture
DO-178C Traces
Level A, B,C and D
Click to edit Master title style
Source Code
Executable Object Code
Test Cases
Test Procedures
Test Results
Level A, B and CLevel A, B,C and D
Review and Analysis Results
SW Architecture
DO-178C Traces
System requirements allocated to Software
High-Level Requirements
Low-Level Requirements
Click to edit Master title style
Source Code
Executable Object Code
Test Cases
Test Procedures
Test Results
Level A Level A, B and CLevel A, B,C and D
Review and Analysis Results
SW Architecture
DO-178C Traces
System requirements allocated to Software
High-Level Requirements
Low-Level Requirements
Click to edit Master title style
Target Tier(Node 1 – n)
Host Tier(Node 1 – n)
Implementation(Source Code / Assembly)
Software SpecsHand Code
Formal MethodsModelling Tools
High LevelRequirements
Requirements Traceability Matrix
Requirements Traceability Matrix
Requirements Traceability Matrix
Requirements Traceability Matrix
TBreq®
RequirementsTraceability
TBmanager®
System TestManagement
TBmanager®
Unit TestManagement
TBvision®
Code ReviewDefects
LDRA Testbed®
Design ReviewDefects
TBrun®
HostTesting
TBrun®
TargetTesting
IBM® Rational® DOORS®
& Visure IRQA...
Click to edit Master title style Indian Scenario
-Lack of safety awareness -Gap between local and global practices -Sudden demand for aerospace skills -Need for a healthy ecosystem, backed by long term govt. policies -Committed engineers ready to work on Indian projects -Role of technology vendors -Regulatory framework- Defense and Civilian
Click to edit Master title styleSummary Summary
• Verification is an important component of DO-178− Review− Testing− Analysis
• Bottom line− Detect and report errors that have been
introduced during the software development process.
− Ensure that the software performs its intended function to an appropriate degree of confidence.
Click to edit Master title style ......Summary
…Requirements management / traceability paradigm no longer adequate
• Future:− Should accommodate emerging technologies,
methodologies − Requires distributed, collaborative, bidirectional
traceability mechanism− Security− India- an aerospace powerhouse…..
Click to edit Master title style
www.ldra.com
india@ldra.com
shinto.joseph@ldra.com
Software TechnologySoftware Technology
Copyright © 2011 Liverpool Data Research Associates Limited
top related