SOFTWARE QUALITY. MADE IN GERMANY.

Similar documents
LATEST ISO UPDATE Focusing on Concurrency. Heiko Doerr MGI Group, 06. December 2016

SOFTWARE QUALITY. MADE IN GERMANY.

Software architecture in ASPICE and Even-André Karlsson

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

A Model-Based Reference Workflow for the Development of Safety-Related Software

ISO compliant verification of functional requirements in the model-based software development process

Automating Best Practices to Improve Design Quality

Automated Requirements-Based Testing

ISO Compliant Automatic Requirements-Based Testing for TargetLink

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

IBM Rational Rhapsody

Verification and Validation of High-Integrity Systems

automatisiertensoftwaretests

UBL Library Content Methodology

Fundamentals to Creating Architectures using ISO/IEC/IEEE Standards

Automating Best Practices to Improve Design Quality

Semantics-Based Integration of Embedded Systems Models

Software Architecture in Action. Flavio Oquendo, Jair C Leite, Thais Batista

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Formal Verification for safety critical requirements From Unit-Test to HIL

DRYING CONTROL LOGIC DEVELOPMENT USING MODEL BASED DESIGN

Hardware Design and Simulation for Verification

GAIO. Solution. Corporate Profile / Product Catalog. Contact Information

An Information Model for High-Integrity Real Time Systems

Automated Freedom from Interference Analysis for Automotive Software

IBM Rational Rhapsody. IBM Rational Rhapsody Kit for ISO 26262, IEC 61508, IEC and EN Overview. Version 1.9

Guido Sandmann MathWorks GmbH. Michael Seibt Mentor Graphics GmbH ABSTRACT INTRODUCTION - WORKFLOW OVERVIEW

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

This is a preview - click here to buy the full publication PUBLICLY AVAILABLE SPECIFICATION. Pre-Standard

Indexing Field Descriptions Recommended Practice

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Pre-Standard PUBLICLY AVAILABLE SPECIFICATION IEC PAS Batch control. Part 3: General and site recipe models and representation

City, University of London Institutional Repository

ISO TC46/SC11 Archives/records management

ICT Object Oriented Design Standards

TCL. ASIL Level. Software. Automotive ISO Tool-Qualification. Safety Manual. Software for Safety-Related Automotive Systems

Understanding SW Test Libraries (STL) for safetyrelated integrated circuits and the value of white-box SIL2(3) ASILB(D) YOGITECH faultrobust STL

IFPUG 4.3 What You Need to Know!

Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process

Applications of Program analysis in Model-Based Design

Model-Based Design for Safety-Critical and Mission-Critical Applications Bill Potter Technical Marketing April 17, 2008

Requirements Specifications & Standards

UK EPR GDA PROJECT. Name/Initials Date 30/06/2011 Name/Initials Date 30/06/2011. Resolution Plan Revision History

Pattern-Based Architectural Design Process Model

IBM Rational Rhapsody

XIV. The Requirements Specification Document (RSD)

Report. Certificate Z

Simulink Verification and Validation

A Model-Based Development Method for Device Drivers

Certification Authorities Software Team (CAST) Position Paper CAST-25

Architectural Design

Architectural Design

What s New in Simulink in R2015b and R2016a

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

What s New with the MATLAB and Simulink Product Families. Marta Wilczkowiak & Coorous Mohtadi Application Engineering Group

SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR

DIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models. Diane Bahrami, Alain Faivre, Arnault Lapitre

Safety Argument based on GSN for Automotive Control Systems. Yutaka Matsubara Nagoya University

Conceptual Model for a Software Maintenance Environment

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

primary Control Center, for the exchange of Real-time data with its Balancing

PLEASE NOTE: This ballot contains a proposal for a revision to an existing standard.

INTEGRATING SYSTEM AND SOFTWARE ENGINEERING FOR CERTIFIABLE AVIONICS APPLICATIONS

Test System Validation Guideline

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Workpackage WP2.5 Platform System Architecture. Frank Badstübner Ralf Ködel Wilhelm Maurer Martin Kunert F. Giesemann, G. Paya Vaya, H.

PUBLICLY AVAILABLE SPECIFICATION PRE-STANDARD

Coverage Metrics for Functional Validation of Hardware Designs

Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL

New developments about PL and SIL. Present harmonised versions, background and changes.

From Design to Production

Government of Ontario IT Standard (GO ITS)

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

TINA-CAT WorkGroup Request For Proposals

Data Objectives. The same process can be applied to determine how much simplification is appropriate when describing a geochemical system.

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

Tool Qualification Plan for Testwell CTC++

OMG Systems Modeling Language Tutorial May, 2012

Business Process Modeling. Version 25/10/2012

INTERNATIONAL STANDARD

Business Process Modeling. Version /10/2017

DATA ITEM DESCRIPTION

Considerations in automotive embedded development Global Automotive Director Kiyo Uemura

A Model-based, Single-Source approach to Design-Space Exploration and Synthesis of Mixed-Criticality Systems

Architecture Viewpoint Template for ISO/IEC/IEEE 42010

ISO INTERNATIONAL STANDARD. Information and documentation Managing metadata for records Part 2: Conceptual and implementation issues

Safety and Reliability of Software-Controlled Systems Part 14: Fault mitigation

ISO INTERNATIONAL STANDARD

Using Model-Based Design in conformance with safety standards

Recommended Practice for Software Requirements Specifications (IEEE)

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

MAENAD Analysis Workbench

AADL Requirements Annex Review

Zero Defect Zero Effect (ZED) Certification Scheme Rating Process

Complex Signal Processing Verification under DO-254 Constraints by François Cerisier, AEDVICES Consulting

Geographic information Portrayal (ISO 19117:2005, IDT)

Component Design. Systems Engineering BSc Course. Budapest University of Technology and Economics Department of Measurement and Information Systems

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Transcription:

UPCOMING IMPACT OF THE SECOND EDITION OF THE ISO 26262 MGIGroup, 11.07.2017 SOFTWARE QUALITY. MADE IN GERMANY. SOLUTIONS FOR INTEGRATED QUALITY ASSURANCE OF EMBEDDED SOFTWARE

MOTIVATION Release ISO 26262:2011 Major milestone for safeguarding safety-related systems ISO 26262 applies to model-based SW development, too Second edition of ISO 26262 Distributed for review end of 2016 Final publication scheduled for 2018 Captures experiences from the last few years Analysis of the impact on model-based software development Main questions for gap analysis Major differences in general requirements Changes to model-based software development Gain: prepare mandatory changes in advance of second edition 2

OUTLINE Use cases of model-based development Generic process for model-based software development General findings Changes in individual phases From Specification of software safety requirements to Verification of the software Summary and conclusions 3

USE CASES OF MODEL-BASED DEVELOPMENT Significant change in Annex B (informative) on model-based development Five use cases for model-based software development Specification of software safety requirements Representation of software architectural design Design and implementation of software units Integration of software components Verification of the software Benefit Unified reference for communication Clarification: e.g. models for SW safety requirements might not be used for integration of software components 4

USE CASES OF MODEL-BASED DEVELOPMENT Models capture required functionality serve as representation of requirements capture static & dynamic aspects of SW interfaces, run-time, & scheduling aspects represent implementation of functionality source for code generation 1 2 3 5

USE CASES OF MODEL-BASED DEVELOPMENT Models are used in specific ways, e.g. for - reference implementation in order to use back-to-back-tests - generating test cases - executing safety analyses serve the integration of software units are used for quality assurance 4 5 6

USE CASES OF MODEL-BASED DEVELOPMENT Models as source for code generation are of utmost importance. are used in specific ways, e.g. for - reference implementation in order to use back-to-back-tests - generating test cases - executing safety analyses serve the integration of software units are used for quality assurance 4 represent implementation of of functionality source for for code generation 5 3 7

GENERAL FINDINGS: SOFTWARE DEVELOPMENT FOR MULTI-CORE HW PLATFORMS New methods are listed that address typical issues arising from concurrent software execution on multi-core systems Extensions by methods: Table 1 Modelling and Coding guidelines asks for guidelines on the Representation of concurrency aspects Table 4 Mechanisms for error detection generalizes Control flow monitoring to Temporal monitoring of program execution Table 4 asks for active access permission control mechanisms Table 6 Methods for the verification of the software architectural design asks for scheduling analysis 8

GENERAL FINDINGS: EVOLUTION OF TECHNOLOGY AND BEST PRACTICES (1 / 2) Table 5 Mechanisms for error handling : more detailed mechanisms for redundancy Independent parallel redundancy split into recommendations on a) homogeneous and b) diverse redundancy in the design Table 9 Methods for software unit verification : added verification techniques Pair-programming Static analyses based on abstract interpretation Table 12 Methods for verification of software integration added verification techniques No longer just applicable to software units but also to software integration E.g. analyses on control or data flow, static code analysis, as well as static analyses based on abstract interpretation 9

GENERAL FINDINGS: EVOLUTION OF TECHNOLOGY AND BEST PRACTICES (2 / 2) New table 16 Methods for deriving test cases for testing embedded software Recommended methods partially drawn from verification of software integration Added analysis of functional dependencies and operational use cases The method recommendation level has been adopted in various tables Reflects the evolved state-of-the-art nature Several techniques have been proven to be more powerful Promotion from a simple recommendation, i.e. +, to highly recommended 7 Notations for software unit design 8 Design principles for software unit design For full details see the proceedings 2011 2018 1c) Semi-formal notations ASIL B: ++ ASIL B: + 1d) No multiple use of variable names ASIL A: + ASIL A: ++ 1e) Avoid global variables or else justify ASIL A, B: + ASIL A, B: ++ their usage 10

GENERIC PROCESS FOR MODEL-BASED SW DEVELOPMENT A generic process for model-based software development has been defined Compliant with ISO 26262 Part 6 6.6 Specification of SW safety requirements 6.11 Testing of the embedded SW 6.10 Software integration and verification 6.7 Software architectural design 6.8 Software unit design and implementation 6.9 Software unit verification 6.9 Software unit testing 11

CHANGES TO PHASE: SPECIFICATION OF SOFTWARE SAFETY REQUIREMENTS Minor change Safety plan and software verification plan: still input into the specification of software safety requirements anymore, as part of the overall safety management Note: Models for requirements specification No dedicated recommendations for use case Specification of software safety requirements from Annex B No requirements on how models shall be used for requirements specification Particular refinement and interpretation of standard needed when using models for the specification of safety requirements 12

CHANGES TO PHASE: DEVELOPING THE SOFTWARE ARCHITECTURAL DESIGN Minor change: Table 3 Principles for software architectural design Extended to cope with multi-core systems Safety-related software components shall use only priority-based interrupts Rationale: interrupt structure that is easier to understand and analyze For software components rated ASIL D this principle is even listed with ++ Software architectural design shall also represent concurrency aspects As processes or tasks Option in Simulink: use central state chart scheduling subsystem tasks by function calls or based on a fixed and periodic rate as we have discussed in the last MGIG 13

CHANGES TO PHASE: DEVELOPING THE SOFTWARE ARCHITECTURAL DESIGN New principle for all ASILs required Appropriate management of shared resources Software architectural design shall consider access to shared resources Counter example: Use of global data store memory blocks Data store blocks shall not span over different levels of a model See misra_slsf_0005_c Further instances of shared resources? 14

CHANGES TO PHASE: DESIGN AND IMPLEMENTATION OF SOFTWARE UNITS Semi-formal notation for SW unit design refined (see footnote of Table 7) Pseudo code UML or SysML Simulink / Stateflow Structured sentences or requirement patterns with controlled vocabulary Model-based development with subsequent code generation is the standard use case Manual coding from models not recommended Strengthened recommendations for specific design principles no multiple use of variable names (see misra_slsf_027_j) avoid global variables (see misra_slsf_018_a) 15

CHANGES TO PHASE: SOFTWARE UNIT VERIFICATION Notion verification extends test through other measures like analyses and reviews See also merge of tables 9 Methods for the verification of software unit design and implementation and 10 Methods for software unit testing into new table 9 Methods for software unit verification Static analyses explicitly include MISRA rule checks When evidence is given that model coverage represents code coverage properly, measurement of structural coverage at model level can replace the measurement at code level 16

CHANGES TO PHASE: SOFTWARE INTEGRATION AND VERIFICATION Again, notion verification extends test through other measures like analyses and reviews Following the evolution of technology, static analyses known from unit verification shall be applied to integration level Analyses of control or data flow Static code analysis Static analyses based on abstract interpretation Static code analyses include modeling or coding rule checks (e.g. MISRA) Additionally, software architecture testing can be performed at model level using analogue structural coverage metrics Your best practices for integration test of applications: Integration at model level with model referencing or libraries? Integration at c-code level 17

CHANGES TO PHASE: TESTING OF THE EMBEDDED SOFTWARE Renamed Verification of Software Safety Requirements Change: Methods for deriving test cases recommended Copied from methods for integration testing Additional test methods: analysis of functional dependencies and operational use cases 18

SUMMARY Model-based development use cases have been refined Design and implementation of software units explicitly mentioned Four further use cases for models in SW development General findings Recommendations extended to software development for multi-core HW platforms Evolution of technology and best practices reflected by extension of methods and change of degree of recommendations Changes in individual phases Model-based development with subsequent code generation is the standard use case; manual coding from models not recommended Verification methods lifted from unit to integration level, and testing extended by analyses 19

RECENT POST ON MGI-GROUP Michael Burke: The history junction block in Stateflow is a simple, powerful, and often misunderstood entity. In this blog post, I will try to explain the use of the history junction, through a, hopefully, humorous example. see https://www.linkedin.com/groups/8414520/8414520-6281161112935231492 20

MGIGROUP NEXT ONLINE MEETING Tuesday, October 17, 2017 3:00 pm CET (Berlin) 9:00 am EST (Detroit) 9:00 pm CST (Beijing) 6:30 pm IST (Bangalore) 10:00 pm JST (Tokyo) Link to Event: https://model-engineers-event-en.webex.com/model-engineers-eventen/onstage/g.php?mtid=e0fd2ed73fd321ca8396228357045aa0e 21

MODEL ENGINEERING SOLUTIONS GMBH Waldenserstraße 2-4 10551 Berlin Germany T: +49 30 2091 6463-0 F: +49 30 2091 6463-33 info@model-engineers.com www.model-engineers.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback