DO-178B and DO-178C Software Considerations in Airborne ...

goodyearmiaowΜηχανική

18 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

113 εμφανίσεις

RTCA DO
-
178C

“Software Considerations in Airborne Systems and
Equipment Certification”

Brock Greenhow

March 21, 2013

Software mishaps in
Aerospace Engineering


Ariane

Five rocket explosion


Southern Airways 242


Gimli

Glider


Patriot Missile


Future of Safety Critical
Software


Increased lines of code


Increased complexity


Increased criticality


Technology changes


More with less


Increased outsourcing and
offshoring


Attrition of experienced engineers


Lack of available training

Background of DO
-
178


1982


DO
-
178


1985


DO
-
178A


1992


DO
-
178B


2001


DO
-
248B


2011


DO
-
178C and supplemental material


2011


DO
-
248C

Differences from DO
-
178B to
C


Added examples and explanations


Used clearer language and terminology


Added more objectives


Bi
-
directional tracing


Parameter Data Item Files


Technology Supplements



ARP4754A System
Development


System Requirements


Allocate requirements to software


Validate requirements


Communication


Plan for changes to come from software

ARP4761 Aircraft and System
Safety


Safety Program Plan


FHA and
SFHA’s


PASA and
PSSA’s


Software Safety


Improves with time


Errors are not as obvious


Need specific requirements


Involve safety and systems in software requirement
reviews

Safety continued

Severity
Classification

Potential Failure Condition Effect

Assurance
Level

Catastrophic

Failures would result in multiple fatalities and possible complete
loss of the airplane.

A

Hazardous/Severe
major

Failures would reduce the abilities of airplane or crewmembers
to deal with conditions that could result in reduction of safety
margins, distress and excessive workload, or even serious or
fatal injuries to a small number of people.

B

Major

Failures would cause similar to issues to the Hazardous/Severe
major, but not as severe and likely only injuries and not
casualties.

C

Minor

Failures would not significantly reduce airplane safety, and only
slight increase of workload and minimal discomfort.

D

No safety effect

Failures have no effect on the safety of the aircraft.

E

Safety Continued

Level

Objective Count

Objectives with independence

E

0

0

D

26

2

C

62

5

B

69

18

A

71

30

Overview of DO
-
178C


Software Planning


Software Requirements


Software Design


Software Integration


Software Verification


Software Configuration Management


Software Quality Assurance


Software Certification

Software Planning


Five Plans


PSAC


SDP


SVP


SCMP


SQAP


Three Standards


Software Requirement Standards


Software Design Standards


Software Coding Standards


Software Requirements


Foundation to good software


Refine Systems Requirements


Allocate enough time


Software Requirement Cycle


Bi
-
Directional Tracing


Baseline SWRD

Software Design


Architecture


Structural
-
based


Object
-
oriented


Low
-
level Requirements


Bi
-
Directional Tracing


SWDD


Software Implementation


Coding


Languages and compilers


Good programming


Standards


Traceability


Integration


Build process


Load process


Analyze memory and addresses

Software Verification


Reviews


Plans, requirements, design, test data


Analyses


Code and integration


Coverage


Other


Tests


RBTs
, integration


Cases, procedures, results


Tracing

Software Verification
Continued


Verification of Verification


SCA, MC/DC


Test data reviews


Problem Reporting


Failures become PR or CR


PR or CR process


CIA


SVCP

Software Configuration
Management


Beginning to End


All life cycle data


CC1 or CC2


SCI


Life cycle data and versions


SLECI and Problem Reporting


Software Quality Assurance


Customer’s needs


Review plans and write SQAP


Life cycle data audits and approval


Reviews


Witness tests, builds, and loads


Problem reporting


Conformity review


Document activities for records

Software Certification


Develop and submit PSAC


PSAC approval


Submittal and approval of SCI and SAS


SOIs



Supplemental Materials


DO
-
330 Software Tool Qualification


DO
-
331 Model
-
Based Development and Verification


DO
-
332 Object
-
Oriented Technology


DO
-
333 Formal Methods

Software Tool Qualification


Separate Document compared to DO
-
178B


Three criteria


TQL


Life Cycle similar to whole software


Tool verification


Reviews


RBTs

Model
-
Based Development
and Verification


2 types of Models


Specification


Design


Benefits


Potential Risks


Object
-
Oriented Technology


Most popular


Additional/Modified objectives


Plans


Development


Verification


Vulnerability guidance

Formal Methods


Changes


Plans


Verification objectives


Benefits


Challenges

Sources


Pictures


http://blog.copdfoundation.org/wp
-
content/uploads/2012/09/C
-
Users
-
sschlegel
-
Pictures
-
Question
-
Mark
-
Man.jpg


Information


Rierson
, L. (2013).
Developing safety
-
critical software
. Boca Raton, FL: CRC Press
.


Jacklin
, S. A. NASA, (2012).
Certification of safety
-
critical software under do
-
178c and do
-
278a
. Retrieved from Ames Research Center website:
http://
ntrs.nasa.gov/search.jsp?R=20120016835


Arnold, D. (2000, August 23).
The explosion of the
ariane

5
. Retrieved from
http://www.ima.unm.edu/~
arnold/disasters/ariane.html


Arnold, D. (2000, August 23).
The patriot missile failure
. Retrieved from
http://www.ima.unm.edu/~
arnold/disasters/patriot.html


Nelson, W. H. (1997).
The
gimli

glider
. Retrieved from
http://
www.wadenelson.com/gimli.html


Fleury
, M. K. (2009, April 29).
Crash of southern airways flight 242,
georgia
. Retrieved from
http://suite101/article/crash
-
of
-
southern
-
airways
-
flight
-
242
-
a113420


Questions?