Beruflich Dokumente
Kultur Dokumente
Supplements :
–May provide alternate means to satisfy DO-178C/ED-12C objectives
–Possible supplements : Tool qualification, Model-based development,
Object-oriented technology, Formal methods,…
–On this basis, RTCA and EUROCAE agreed to commence new
committees
Structure of the Special
Committee/Working Group
Joint between
EUROCAE and RTCA
WG-71/SC-205 Structure
Joint committee WG71/ SC205 Joint Chair: Gerard Ladier [Airbus]
Executive Committee Joint Chair: Jim Krodel [P&W]
Joint Sec: Ross Hannan [Sigma]
SG1: Sub Group Joint Sec: Mike DeWalt [CSI]
Coordination FAA Rep: Barbara Lingberg [FAA]
SG2: Issue Review
& Rationale
SG3: Tools Membership from Airframers,
avionics suppliers, certification
SG4: Model authorities, engine manufacturers,
Based Design CNS/ATM specialists, Space
SG5: Object Oriented community, consultants
Technology
SG6: Formal Methods
SG7: Safety CNS/ATM
Progress to date
Joint between
EUROCAE and RTCA
Sub Group 1 – Document Integration
Chairs Tom Ferrell (Ferrell and Associates Consulting) and
Ron Ashpole (Bewicks Consulting)
Split in agendas
– Some wish to do things because they have a technology
– Others wish to go back to first principles (as advised by Exec)
Opportunity is being lost as nothing abstract in what needs
to be demonstrated by any MBD is being discussed
– Not addressing syntax/semantics
– Nothing said about relationship to existing objectives
– Diving into low level issues
Biggest discussion topics to date have been
– What is the difference between High-Level and Low-Level
requirements?
– What is source code?
Sub Group 5 – OO Technologies
Chairs Jim Chelini (Verocel Inc)
Peter Heller (Airbus)
A-4.1 Compliance
A-4. 8 Architecture Compatibility
A-4.6 Traceability
(A-2: 3, 4, 5)
A-5.3 Verifiability
A-6.3 Compliance
A-5.4 Conformance
A-6.4 Robustness
A-5.6 Accuracy & Consistency Source Code
Executable
Object Code
The Verification Process – Level A
System
Requirements A-3.1 Compliance
A-3.6 Traceability
A-3.2 Accuracy & Consistency
(A-2: 1, 2)
A-3.3 HW Compatibility
A-3.4 Verifiability
A-3.5 Conformance
A-3.7 Algorithm Accuracy High-Level A-6.1 Compliance
Requirements A-6.2 Robustness
A-4.1 Compliance
A-4.8 Architecture Compatibility
A-4.6 Traceability
(A-2: 3, 4, 5)
A-5.3 Verifiability
A-6.3 Compliance
A-5.4 Conformance
A-6.4 Robustness
A-5.6 Accuracy & Consistency Source Code
Executable
Object Code
The Verification Process – Level B
System
Requirements A-3.1 Compliance
A-3.6 Traceability
A-3.2 Accuracy & Consistency
(A-2: 1, 2)
A-3.3 HW Compatibility
A-3.4 Verifiability
A-3.5 Conformance
A-3.7 Algorithm Accuracy High-Level A-6.1 Compliance
Requirements A-6.2 Robustness
A-4.1 Compliance
A-4.8 Architecture Compatibility
A-4.6 Traceability
(A-2: 3, 4, 5)
A-5.3 Verifiability
A-6.3 Compliance
A-5.4 Conformance
A-6.4 Robustness
A-5.6 Accuracy & Consistency Source Code
Executable
Object Code
The Verification Process – Level C
System
Requirements A-3.1 Compliance
A-3.6 Traceability
A-3.2 Accuracy & Consistency
(A-2: 1, 2)
A-3.3 HW Compatibility
A-3.4 Verifiability
A-3.5 Conformance
A-3.7 Algorithm Accuracy High-Level A-6.1 Compliance
Requirements A-6.2 Robustness
A-4.1 Compliance
A-4.8 Architecture Compatibility
A-4.6 Traceability
(A-2: 3, 4, 5)
A-5.3 Verifiability
A-6.3 Compliance
A-5.4 Conformance
A-6.4 Robustness
A-5.6 Accuracy & Consistency Source Code
Executable
Object Code
The Verification Process – Level D
System
Requirements A-3.1 Compliance
A-3.6 Traceability
A-3.2 Accuracy & Consistency
(A-2: 1, 2)
A-3.3 HW Compatibility
A-3.4 Verifiability
A-3.5 Conformance
A-3.7 Algorithm Accuracy High-Level A-6.1 Compliance
Requirements A-6.2 Robustness
A-4.1 Compliance
A-4.8 Architecture Compatibility
A-4.6 Traceability
(A-2: 3, 4, 5)
A-5.3 Verifiability
A-6.3 Compliance
A-5.4 Conformance
A-6.4 Robustness
A-5.6 Accuracy & Consistency Source Code
Executable
Object Code
The Verification Process – Level E
Executable
Object Code
Comparison of Old -> New
6.0 SOFTWARE VERIFICATION PROCESS 6.0 SOFTWARE VERIFICATION PROCESS
6.1 Software Verification Process Objectives 6.1 Software Verification Process Objectives
6.2 Software Verification Process Activities 6.2 Software Verification Process Activities
6.3 Software Reviews and Analyses 6.3 Detailed Guidance for Verification Activities
6.3.1 Reviews and Analyses of the 6.3.1 Verification Activities for the
High-Level Requirements High-Level Requirements
a. Compliance with system requirements a. Compliance with system requirements
b. Accuracy and consistency b. Accuracy and consistency
c. Compatibility with the target computer c. Compatibility with the target computer
d. Verifiability d. Verifiability
e. Conformance to standards e. Conformance to standards
f. Traceability f. Traceability
g. Algorithm aspects g. Algorithm aspects
6.3.2 Reviews and Analyses of the 6.3.2 Verification Activities for the
Low-Level Requirements Low-Level Requirements
a. Compliance with high-level requirements a. Compliance with high-level requirements
b. Accuracy and consistency b. Accuracy and consistency
c. Compatibility with the target computer c. Compatibility with the target computer
d. Verifiability d. Verifiability
e. Conformance to standards e. Conformance to standards
f. Traceability f. Traceability
g. Algorithm aspects g. Algorithm aspects
Comparison of Old -> New
6.3.3 Reviews and Analyses of the 6.3.3Verification Activities for the
Software Architecture Software Architecture
a. Compliance with high-level requirements a. Compliance with high-level requirements
b. Consistency b. Consistency
c. Compatibility with the target computer c. Compatibility with the target computer
d. Verifiability d. Verifiability
e. Conformance to standards e. Conformance to standards
f. Partitioning integrity f. Partitioning integrity
6.3.4 Reviews and Analyses of the 6.3.4 Verification Activities for the
Source Code Source Code
a. Compliance with low-level requirements a. Compliance with low-level requirements
b. Compliance with the software architecture b. Compliance with the software architecture
c. Verifiability c. Verifiability
d. Conformance to standards d. Conformance to standards
e. Traceability e. Traceability
f. Accuracy and consistency f. Accuracy and consistency
6.3.5 Reviews and Analysis of the Outputs of the 6.3.5 Verification Activities for the Executable Object
Integration Process Code
a. Completeness and correctness
b. Compliance with the high-level requirements
c. Robustness for high and low-level requirements
d. Compliance with the low-level requirements
e. Compatibility with the target computer
6.3.5.1 Software Testing
6.3.5.2 Test Environment
Comparison of Old -> New
6.3.6 Reviews and Analyses of the Test Cases, 6.3.6 Verification Activities for the Analyses, Test Cases,
Procedures, and Results Procedures and Results
a. Analysis and Test cases
b. Analysis and Test procedures
c. Analysis and Test results
The paper lowers the bar for testing significantly (To zero!)
Review and analysis are the only applicable methods for
verification of higher level life cycle data.
Testing is the only applicable method for meeting the
verification of the executable object code.
Summary
Latest Revision of Paper emphasises the reliance on
testing where there are no other accepted means for
verification.
DO-178C used alone needs to be as forceful in the need
for testing as DO-178B
It now says that “…testing is necessary to ensure that the
executable object code is compatible with the target
computer”
Only the use of approved guidance in conjunction with DO-
178C could alter the amount of testing required.
Paper to be agreed by SG6 at interim meeting mid-year.
Plenary consensus to be sought in Vienna in the Autumn.
There is “significant” backing for this paper.
This provides a way to use Formal Methods as part of
certification – The technology supplement will provide the
“How”
IP 601 Rev B (Draft)