DO-178C / ED-12C Model Based Supplement. Pierre Lionne, SC-205 / WG-71 SG-4 Co-Chairman 1 Nov. 2011

Similar documents
Certification Authorities Software Team (CAST) Position Paper CAST-25

DO-330/ED-215 Benefits of the new Tool Qualification

An incremental and multi-supplement compliant process for Autopilot development to make drones safer

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

S1000D and Wiring Data - Successfully in Operation

automatisiertensoftwaretests

Test Engineering Services UK. Terry Coles, Principle Consultant IEEE 1641 Validation An Overview of Tools Developed for DE&S 31 st May 2012

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Certification of Model Transformations

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Changing the way the world does software

Automating Best Practices to Improve Design Quality

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits

BUILDING GOOD-QUALITY FUNCTIONAL SPECIFICATION MODEL

Oscar Slotosch, Validas AG. Proposal for a Roadmap towards Development of Qualifyable Eclipse Tools

A unified tool to fulfill semi formal and formal requirements for CC evaluations

ISO INTERNATIONAL STANDARD. Ergonomics of human-system interaction Part 110: Dialogue principles

Verification and Validation of High-Integrity Systems

IBM Rational Rhapsody

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Automating Best Practices to Improve Design Quality

eproc strategic procurement

Part 5. Verification and Validation

Standardkonforme Absicherung mit Model-Based Design

Automated Cloud Compliance. GxP and 21 CFR Part 11 Compliance

Volume II, Section 5 Table of Contents

DATA ITEM DESCRIPTION

Using Model-Based Design in conformance with safety standards

ATNP Configuration Control Board (CCB) Procedures Document

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

One 32-bit counter that can be free running or generate periodic interrupts

Verification and Validation

Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer

Control Structures II. Repetition (Loops)

An ontology for Systems Engineering based on ISO Semantic encoding of Systems Engineering information

Software Requirements Specification. <Project> for. Version 1.0 approved. Prepared by <author(s)> <Organization> <Date created>

This document is a preview generated by EVS

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

AADL Requirements Annex Review

Test Planning Guide. Summary: The purpose of this document is to define and document requirements in order to create and execute a test plan.

Supplement 207 Conformity Assessment

ISO/IEC TS Conformity assessment Guidelines for determining the duration of management system certification audits

Enterprise - Control System Integration Part 2: Object Model Attributes

Verification and Validation

Checklist for Requirements Specification Reviews

Conformance Assertions, Test Scenarios, Test Cases, Conformity Assessment Report,

Part I: Preliminaries 24

Certification Description of Malaysia Sustainable Palm Oil (MSPO) Standard

ISO/IEC INTERNATIONAL STANDARD. Software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 2: Framework and taxonomy

ISO INTERNATIONAL STANDARD. Ergonomics of human-system interaction Part 110: Dialogue principles

BEETLE Systems. IRTOUCH driver for Wincor Nixdorf BA82/BA83 with infrared touch. Version 1.0 (2011/08/31)

ISO/IEC JTC 1/SC 35 N 1664

INTERNATIONAL STANDARD

ISO/IEC JTC 1/SC 32 N 1257

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Development Guidance and Certification Considerations

Formal Verification in Aeronautics: Current Practice and Upcoming Standard. Yannick Moy, AdaCore ACSL Workshop, Fraunhofer FIRST

NC Solutions. Description of NC program 2135

FUNCTIONAL SAFETY CERTIFICATE

ANSI/CEA Standard. Modular Communications Interface for Thermostat Message Set ANSI/CEA

AN1369 APPLICATION NOTE

ISO INTERNATIONAL STANDARD. Ergonomics of human system interaction Part 210: Human-centred design for interactive systems

Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics

IEEE Broadband Wireless Access Working Group <

ISO INTERNATIONAL STANDARD. Ergonomics of human system interaction Part 210: Human-centred design for interactive systems

I-Care Online mobile Manual

Security Standardization

Open Source Software Quality Certification

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

Framework for building information modelling (BIM) guidance

IVI. Interchangeable Virtual Instruments. IVI-3.10: Measurement and Stimulus Subsystems (IVI-MSS) Specification. Page 1

Circulated to P- and O-members, and to technical committees and organizations in liaison for voting (P-members only) by:

INTERNATIONAL STANDARD

Payment Card Industry - Data Security Standard (PCI-DSS)

3D Visualization. Requirements Document. LOTAR International, Visualization Working Group ABSTRACT

OPEN BASE STATION ARCHITECTURE INITIATIVE

Remote Configuration Software DMS NetConfig 2

Software architecture in ASPICE and Even-André Karlsson

Operation. English. Viewer. Rev /

Configuration and Operation. English. DMVC App. Client Software for Dallmeier Recording Systems and DMVC Server

Audit Report. City & Guilds

Information technology Security techniques Blind digital signatures. Part 1: General

Model-Based Design for Large High-Integrity Systems: A Discussion on Logic-Intensive Algorithms

Manual. PLC Lib: Tc2_DataExchange. TwinCAT 3. Version: Date:

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

(Cat. No L26B, -L46B, and -L86B) Supplement

Abu Dhabi Certification Scheme for Assistant Engineer Assessment and Surveillance Plan for Assistant Engineer

Request for Quotation (RfQ)

An Initiative of Agricultural Industry to foster Electronic Standards

[Document reference] COMMITTEE DRAFT (CD)

ISO/IEC INTERNATIONAL STANDARD. Information technology Open distributed processing Reference model: Foundations

Proposed Revisions to ebxml Technical. Architecture Specification v1.04

Manual. PLC Lib: Tc2_DataExchange. TwinCAT 3. Version: Date:

Ada's approach to Software Vulnerabilities

SURGE PROTECTION USER MANUAL. Surge Protection Device PORTABLE POWER DISTRIBUTION SURGE PROTECTION DEVICE (SPD) B

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

COMPUTER/INFORMATION FLOOD STANDARDS

Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011

Transcription:

DO-78C / ED-2C Model Based Supplement Pierre Lionne, SC-205 / WG-7 SG-4 Co-Chairman Nov. 20

Summary Introduction Foundations Concepts Highlights Conclusion

Introduction

Introduction Issues TOR DO-78C ED-94C ED-94B Supplement X Supplement Y DO-78B

Introduction CNS/ATM & Safety Document Integration SG SG 7 Formal Methods Issues & Rationale SG 2 SC 205 WG 7 SG 6 Tools SG 3 SG 4 SG 5 Object Oriented Model Based Development & Verification

Foundation Concepts

Foundation Concepts Models to express requirements Scope of supplement Modeling Technique Model Parent Requirements Simulation

Concept # Model is an acceptable means to express completely software requirements or architecture Req_00: The XX module shall Wait 0ms before entering in blabl state Req_002: The XX module. Derived Req_003: enable 2 > nb_ticks Relational Operator /z From Unit Delay u u2 if(u == 0) elseif(u2 == ) else If if { } reset counter elseif { } counter_n_ increment counter Goto Status Status else { } WHC_DFS_38/39 raise confirmation flag

Concept #2 The supplement applies to any model that is used to define software artifacts whatever the process that produced it u if(u == 0) enable 2 nb_ticks elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag u if(u == 0) enable 2 nb_ticks elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag

Concept #3 Modeling Technique = A Modeling Language AND A manner of using this language Modeling Technique has to be suitable to the type and to the level of abstr of the information to be expressed Modeling Technique have to be described in Model Standards

Concept #4 Model should be developed from a complete set of requirements and constraints external to it Model Parent Requirements

Concept #5 Simulation: appropriate means to support model verification Model Parent Requirements

Concept #6 Simulation may be used to support the testing effort Model Parent Requirements enable 2 nb_ticks > Relational Operator u u2 if(u == 0) elseif(u2 == ) If else if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag Executable Object Code

Highlights

Highlights System / Software Planning Process Development Process Verification Process Tools

System / Software Interfaces between System and Software processes updated to address the case where system team produces a software model

Planning Process Introduction of Model Standards Syntax & Semantic of the language Constraint on complexity Means to identify Requirements Derived requirements identification Means to establish traceability

Development Process Same guidance apply for requirements expressed in a model Model elements which do not represent requirements should be identified

Verification Process Guidance from DO-78C / ED-2C Core Document remains applicable

Verification Process Simulation & model verification: New means => New artifacts: Simulation Cases & Procedures Simulation Results Simulation Cases based on Model Parent Requirements

Verification Process Model Parent Requirements Simulation Cases Development Simulation Procedures Verification enable 2 nb_ticks if(u == 0) u elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto Simulation Results From /z Unit Delay elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag

Verification Process Test: Same guidance than in DO-78B / ED-2B: Compliance & Robustness with LLR Compliance & Robustness with HLR

Verification Process Test (classical) High Level Requirements Low Level Requirements Executable Object Code

Verification Process Test (example #) u if(u == 0) Model = HLR enable 2 nb_ticks elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag Low Level Requirements Executable Object Code

Verification Process Test (example #2) High Level Requirements u if(u == 0) Model = LLR enable elseif(u2 == ) 2 > u2 nb_ticks else Relational If Operator /z From Unit Delay if { } reset counter Goto elseif { } counter_n_ increment counter Status Status else { } WHC_DFS_38/39 raise confirmation flag Executable Object Code

Verification Process Test (example #3) Model = HLR + LLR enable 2 > nb_ticks Relational Operator /z From Unit Delay u u2 if(u == 0) elseif(u2 == ) else If if { } reset counter elseif { } counter_n_ increment counter Goto Status Status else { } WHC_DFS_38/39 raise confirmation flag Executable Object Code

Verification Process Test (example 3) Model Parent Requirements enable 2 nb_ticks if(u == 0) u elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status Model = HLR + LLR else { } WHC_DFS_38/39 raise confirmation flag Executable Object Code

Verification Process Test (example 3) When model express both LLR and HLR, it is required to show: Compliance & Robustness of EOC with Model Compliance & Robustness of EOC with Model Parent Requirements (whatever the process that produced it)

Verification Process Model Coverage Analysis: Detect unintended functions in a model Model Parents Requirements u if(u == 0) enable 2 nb_ticks elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto From /z Unit Delay elseif { } counter_n_ increment counter Status Status Unintended function else { } WHC_DFS_38/39 raise confirmation flag Executable

Verification Process Simulation & Test: Some testing objectives can be achieved by a combination of simulation and other traditional means. HW/SW Integration test objectives cannot be achieved by simulation.

Tools Model Parent Requirements Code Verification & Validation Code Coverage Model Standards Model Conformance enable 2 nb_ticks if(u == 0) u elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto Test Model Coverage Trace Tool From /z Unit Delay elseif { } counter_n_ increment counter else { } Status Status WHC_DFS_38/39 raise confirmation flag Code Conformance Code Inspector Source Code Code Verification & Validation Code Coverage Trace Tool Executable Object Code

Conclusion

Highlights Model Parent Requirements Concept #4 Model Standards u if(u == 0) enable 2 nb_ticks elseif(u2 == ) > u2 else Relational If Operator if { } reset counter Goto Concept #5 From /z Unit Delay elseif { } counter_n_ increment counter Status Status Concept #3 else { } WHC_DFS_38/39 raise confirmation flag Concept # #2 Source Code Concept #6 Executable Object Code

Conclusion In the continuity of existing rules Consistent with current practices Try to anticipate future trends

Thank you for your attention! The reproduction, distribution and utilization of this document as well as the communication of its contents to others without express authorization is prohibited. Offenders will be held liable for the payment of damages. All rights reserved in the event of the grant of a patent, utility model or design. Title Date 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback