Software Considerations in Airborne Systems Koray İnçki Spring 2009.

Software Considerations Software Considerations in Airborne Systemsin Airborne Systems

Koray İnçkiKoray İnçkiSpring 2009Spring 2009

Safety-critical?Safety-critical?

Safety:Safety: Safety is a property of a system that it will Safety is a property of a system that it will

not endanger human life or the not endanger human life or the environment.environment.

Safety-Critical System: Safety-Critical System: A system that is intended to achieve, on its A system that is intended to achieve, on its

own, the necessary level of safety integrity own, the necessary level of safety integrity for the implementation of the required for the implementation of the required safety functions.safety functions.

Koray Koray İNÇKİ, CmpE Spring 2009İNÇKİ, CmpE Spring 200919.04.2319.04.23 22/2/233

19.04.2319.04.23 Koray Koray İNÇKİ, CmpE Spring 2009İNÇKİ, CmpE Spring 2009 33/2/233

What is DO-178B?What is DO-178B?

OverviewOverview RTCARTCA Software use in Airborne SystemsSoftware use in Airborne Systems

Not a “Process” document; instead a Not a “Process” document; instead a discussion of the certification process and discussion of the certification process and relationship to system and software lifecycle relationship to system and software lifecycle for commercial avionicsfor commercial avionics

A guideline of best practices for safety critical A guideline of best practices for safety critical software development on airborne systemssoftware development on airborne systems

DO-178B OverviewDO-178B Overview

In 1985, revisions and updates were made In 1985, revisions and updates were made to produce DO-178A / ED-12A.to produce DO-178A / ED-12A.

The documents became a worldwide basis The documents became a worldwide basis for software certification in the aviation for software certification in the aviation industryindustry

Three basic Software Lifecycle Processes Three basic Software Lifecycle Processes Software Planning ProcessSoftware Planning Process Software Development ProcessSoftware Development Process Correctness, Confidence & Control ProcessCorrectness, Confidence & Control Process


GuidelinesGuidelines

The guidelines in DO-178B impose The guidelines in DO-178B impose constraints on the software development constraints on the software development process so that the resulting system is safe.process so that the resulting system is safe.

The FAA’s DO-178B offers guidelines for the The FAA’s DO-178B offers guidelines for the development of airborne systems equipment development of airborne systems equipment software.software.

Most RTOS tool vendors have accepted the Most RTOS tool vendors have accepted the guidelines in DO-178B and begun to offer guidelines in DO-178B and begun to offer tool supporttool support..


What are we dealing with?What are we dealing with?

Koray Koray İNÇKİ, CmpE Spring 2009İNÇKİ, CmpE Spring 200919.04.2319.04.23 66//2323

DO-178B Document DO-178B Document LayoutLayout


DO-178B Software LevelsDO-178B Software Levels


DO-178B Processes and DO-178B Processes and OutputsOutputs

DO-178B is divided into six main processes:DO-178B is divided into six main processes: Software Planning ProcessesSoftware Planning Processes Software Development ProcessesSoftware Development Processes Software Verification ProcessesSoftware Verification Processes Software Configuration Management ProcessesSoftware Configuration Management Processes Software Quality Assurance ProcessesSoftware Quality Assurance Processes Certification Liaison ProcessesCertification Liaison Processes

Each process has a set of expected Each process has a set of expected documented outputs.documented outputs.


Software Planning ProcessSoftware Planning Process

Activities addressing system requirements and Activities addressing system requirements and certification levelscertification levels

Inter-relationships between processes, sequencing, Inter-relationships between processes, sequencing, feedback, and transition criteriafeedback, and transition criteria

Lifecycle environment, including methods and toolsLifecycle environment, including methods and tools Software development standardsSoftware development standards Software plans that comply with DO178BSoftware plans that comply with DO178B Coordination of development and revisions to plansCoordination of development and revisions to plans


Software Planning Process Software Planning Process OutputsOutputs

Plan for software aspects of certification (PSAC)Plan for software aspects of certification (PSAC) Software development plan (SDP)Software development plan (SDP) Software verification plan (SVP)Software verification plan (SVP) Software configuration management plan (SCMP)Software configuration management plan (SCMP) Software quality assurance plan (SQAP)Software quality assurance plan (SQAP) System requirementsSystem requirements Software requirements Specifications(SRS)Software requirements Specifications(SRS) Software design standard (SDS)Software design standard (SDS) Software code standard (SCS)Software code standard (SCS)


Software Development Software Development ProcessProcess

The software development process is broken The software development process is broken into four sub-processes:into four sub-processes: Software Requirements ProcessSoftware Requirements Process

• High-level requirements in relation to function, performance, High-level requirements in relation to function, performance, interface and safety.interface and safety.

Software Design ProcessSoftware Design Process• Low-level requirements used to implement the source code.Low-level requirements used to implement the source code.

Software Coding ProcessSoftware Coding Process• Production of source-code from the design process.Production of source-code from the design process.

Integration ProcessIntegration Process• Integration of code into a real-time environment.Integration of code into a real-time environment.


Software Development Software Development Process OutputsProcess Outputs

The following tangible outputs are the The following tangible outputs are the result of the combined four sub-processes:result of the combined four sub-processes: Software requirements data (SRD) Software requirements data (SRD) Software design description (SDD) Software design description (SDD) Source code Source code Executable object codeExecutable object code


Software Verification Software Verification ProcessProcess

The purpose is to identify and report any errors resulting The purpose is to identify and report any errors resulting from the development process.from the development process.

The verification process objectives can be met with The verification process objectives can be met with reviews, walkthroughs, unit testing, integration testing, reviews, walkthroughs, unit testing, integration testing, and more.and more.

Proof of objectives is within the execution of the testing Proof of objectives is within the execution of the testing procedures.procedures.

Outputs include:Outputs include: Software verification cases and procedures (SVCP)Software verification cases and procedures (SVCP) Software verification results (SVR): Software verification results (SVR):

• Review of all requirements, design and codeReview of all requirements, design and code• Testing of executable object codeTesting of executable object code• Code coverage analysisCode coverage analysis


Software Verification Software Verification Process..Process..


Software Configuration Software Configuration Management ProcessManagement Process

The purpose is to establish secure and effective The purpose is to establish secure and effective configuration control for all artifacts.configuration control for all artifacts.

The following activities are done within the The following activities are done within the process:process: Configuration IdentificationConfiguration Identification Change ControlChange Control Baseline establishmentBaseline establishment Archiving of the softwareArchiving of the software

Outputs include: Outputs include: Software configuration index (SCI)Software configuration index (SCI) Software life cycle environment configuration index Software life cycle environment configuration index

(SECI)(SECI)


Software Quality Software Quality Assurance ProcessAssurance Process

The purpose is to provide assurance that The purpose is to provide assurance that the software life cycle process is going to the software life cycle process is going to yield quality software.yield quality software.

Each process is analyzed to show that Each process is analyzed to show that each process is producing the expected each process is producing the expected outputs.outputs.

Any changes from originally proposed Any changes from originally proposed plans are reported, evaluated, and plans are reported, evaluated, and resolved to ensure process integrity.resolved to ensure process integrity.


Software Quality Software Quality Assurance ProcessAssurance Process

Outputs:Outputs: Software quality assurance records (SQAR)Software quality assurance records (SQAR) Software conformity review (SCR)Software conformity review (SCR) Software accomplishment summary (SAS)Software accomplishment summary (SAS)


DO-178B CertificationDO-178B Certification Typically a Designated Engineering Representative Typically a Designated Engineering Representative

(DER) working for e.g. FAA in an airplane manufacturing (DER) working for e.g. FAA in an airplane manufacturing company.company.

D0-178B very specifically addresses the following which D0-178B very specifically addresses the following which directly affects product development.directly affects product development.

Certification of a product applies only to it's finished result.Certification of a product applies only to it's finished result. Certification includes approval of all systems and subsystems, Certification includes approval of all systems and subsystems,

hardware, software, firmware, development tools, production, hardware, software, firmware, development tools, production, and testing of the product.and testing of the product.

Certification is done on the individual application of the productCertification is done on the individual application of the product Coding practices must be certified to ensure things like "dead Coding practices must be certified to ensure things like "dead

code" are not allowed.code" are not allowed. Certification requires that 'full testing' of the system and all of it's Certification requires that 'full testing' of the system and all of it's

components (including firmware) be done on the target platform components (including firmware) be done on the target platform in the target environment.in the target environment.

Certification requires code testing at the MCDC level.Certification requires code testing at the MCDC level.


A RTOS Perspective of A RTOS Perspective of DO-178BDO-178B


Development ToolsDevelopment Tools


ReferencesReferences ““DO-178B, Software Considerations in Airborne Systems and Equipment DO-178B, Software Considerations in Airborne Systems and Equipment

Certification.” Certification.” Wikipedia The Free EncyclopediaWikipedia The Free Encyclopedia. 13.May.2009. Wikimedia . 13.May.2009. Wikimedia Foundation, Inc. June 2003. http://en.wikipedia.org/wiki/DO178B Foundation, Inc. June 2003. http://en.wikipedia.org/wiki/DO178B

Johnson, Leslie A. (Schad). Johnson, Leslie A. (Schad). DO-178B, “Software Considerations in Airborne DO-178B, “Software Considerations in Airborne Systems and Equipment Certification.”Systems and Equipment Certification.” Flight Systems. 4 March 2007. Flight Systems. 4 March 2007. Boeing Commercial Airplane Group. 4 March 2007. Boeing Commercial Airplane Group. 4 March 2007. http://www.stsc.hill.af.mil/crosstalk/1998/10/schad.asphttp://www.stsc.hill.af.mil/crosstalk/1998/10/schad.asp

RTCA/DO-178B, "Software Considerations in Airborne Systems and RTCA/DO-178B, "Software Considerations in Airborne Systems and Equipment Certification," December 1, 1992Equipment Certification," December 1, 1992

http://www.highrely.comhttp://www.highrely.com


Have a safe flight!Have a safe flight!


Software Considerations in Airborne Systems Koray İnçki Spring 2009.

Documents

Transcript of Software Considerations in Airborne Systems Koray İnçki Spring 2009.