On the Exploration of Model-Based Support for

Size: px

Start display at page:

Download "On the Exploration of Model-Based Support for"

Austen Underwood
5 years ago
Views:

1 On the Exploration of Model-Based Support for DO-178C-COMPLIANT AIRBORNE SOFTWARE DEVELOPMENT AND CERTIFICATION Andres Paz and Ghizlane El Boussaidi École de Technologie Supérieure Université du Québec The 6th IEEE International Workshop on Software Certification

2 Outline Research context Related work Research objective Proposal and results Conclusions and future work 2

and verified for its airworthiness. Certification is evidence-based data items e.g.

3 DO-178C Most recent version of the Software Considerations in Airborne Systems and Equipment Certification Set of required practices to produce software that is validated and verified for its airworthiness. Certification is evidence-based data items e.g., plans, standards, software requirements data, design descriptions, verification cases and trace data. 3

4 New in DO-178C DO-178C now includes particular practices for contemporary technologies and techniques. Model-based development and verification Object oriented technologies and related techniques Formal methods 4

5 New in DO-178C DO-178C now includes particular practices for contemporary technologies and techniques. Model-based development and verification Object oriented technologies and related techniques Formal methods What is the level of for DO-178C-compliant software development and certification provided by existing model-based approaches? 5

6 Outline Research context Related work Research objective Proposal and results Conclusions and future work 6

7 Some Existing Literature Reviews Study Objective Pros Cons Huhn et al., 2007 Review UML profiles for ing software safety design and assurance. Takes into account norms and standards on software development for safety-critical systems. Only UML-based approaches. Zoughbi et al., 2011 Review UML-based solutions to modeling under DO-178B. Information requirements specification with 54 information modeling requirements extracted from DO-178B. Only UML-based approaches. Focus on DO-178B. Focus only on requirements and design. Nair et al., 2014 Review approaches for provision of evidence for safety certification. Taxonomy of evidence of compliance with safety standards. Identified techniques used for structuring evidence. Some evidences missing in the taxonomy (e.g., software standards, trace data). Model-based only for structuring evidence. De la Vara et al., 2016 Review (briefly) model-based approaches for the specification of safety-critical systems aimed at safety compliance. Classification based on modeling streams. Brief and only classifying approaches as regulation modeling, standard-specific modeling, standard-independent modeling. Biggs et al., 2016 Review existing approaches for modeling system safety properties. Classification based on purpose. Review for modeling safety hazards. Model-based only for modeling hazards. 7

8 Outline Research context Related work Research objective Proposal and results Conclusions and future work 8

9 Research Objective Assess the of model-based approaches for the production and certification aspects of software for airborne systems in compliance with DO-178C. Provide a comprehensive tool that allows the assessment of compliance with DO-178C. Compile a knowledge base of existing model-based approaches. 9

10 Outline Research context Related work Research objective Proposal and results Conclusions and future work 10

11 Characterization Framework Model-Based Approach for the Production and Certification of Airborne Software in compliance with DO-178C Legend: Feature Mandatory Philosophy DO-178C Coverage Information Handling Usage Optional Or-relationship Planning Development Verification Alternative 11

12 Reviewed Model-Based Approaches Architectural design and analysis: AADL, 2006; Wu et al., 2015; OMEGA-RT, 2006; MARTE, Testing: Stallbaum et al., 2010; RT-Tester, System specification: RDAL, 2011; Zoughbi et al., 2011; Nejati et al., 2012; Biggs et al., Meta-approaches: Panesar-Walawege et al., 2013; de la Vara et al.,

13 Analysis of Model-Based Approaches Planning Software life cycle Data items Legend: Provides Provides reduced Enables provisioning 13

14 Analysis of Model-Based Approaches Planning Software life cycle Data items subactivities * * successor ReferenceActivity * predecessor user * * producer inputartifact * * outputartifact Legend: Provides Provides reduced Enables provisioning ReferenceArtifact Fragment of de la Vara et al. s metamodel 14

15 Analysis of Model-Based Approaches Requirements Software functional requirements Derived requirements Legend: Provides Provides reduced LLR-Source Code HLR-LLR Enables provisioning 15

16 Analysis of Model-Based Approaches Requirements Software functional requirements Derived requirements Legend: Provides Provides reduced LLR-Source Code HLR-LLR Enables provisioning isrequirementof references Rationale * 1..* Requirement references 1..* Deviation Specification derivedfrom * references 1..* requirementgroups 0..* Partition RequirementsGroup requirements Requirement Fragment of Zoughbi et al. s UML profile Fragment of RDAL 16

17 Analysis of Model-Based Approaches Requirements Legend: Provides Provides reduced Enables provisioning Timing Failure detection Safety monitoring Quality attributes 17

18 Analysis of Model-Based Approaches Requirements Legend: Provides Provides reduced Enables provisioning Timing Failure detection Safety monitoring derivereqt Quality attributes Requirement reqdetection ContextDetector 0..* HarmContext 1..* detect Fragment of Biggs et al. s SysML profile 18

19 Analysis of Model-Based Approaches Requirements Precision and accuracy criteria Modes of operation Interfaces Legend: Provides Provides reduced Enables provisioning Deviations 19

20 Analysis of Model-Based Approaches Software architecture Software structure Data flow Legend: Provides Provides reduced Enables provisioning 20

21 Analysis of Model-Based Approaches Software architecture Software structure Data flow port SafetyPort 1..* 1..* interface SafetyInterface supplier * * client SafetyComponent * safetychannel SafetyChannel Component Legend: Provides Provides reduced Enables provisioning Fragment of Wu et al. s UML profile 21

22 Analysis of Model-Based Approaches Software architecture Control flow Partitioning Resource limitations Legend: Provides Provides reduced Enables provisioning 22

23 Analysis of Model-Based Approaches Software architecture Control flow Partitioning Resource limitations thread data_processing features raw_speed_in : in data port; speed_out : out data port; properties Period => 20 ms; end data_processing; 20 ms data_processing Legend: Provides Provides reduced Enables provisioning Fragment of an AADL example 23

24 Analysis of Model-Based Approaches Verification Test cases Legend: Provides Provides reduced Enables provisioning 24

25 Analysis of Model-Based Approaches Verification Expected Verification results Obtained Legend: Provides Provides reduced Enables provisioning 25

26 Analysis of Model-Based Approaches Verification Coverage Analyses Traceability Legend: Provides Provides reduced Enables provisioning 26

27 Analysis of Model-Based Approaches Verification SoftwareComponent Analyses Coverage Traceability SourceCodeStructure verification 0..* 0..* coverage 0..* Requirement satisfaction TestModelElement Interface reference 0..* SafetyRationale Legend: Provides Provides reduced Enables provisioning 0..* isrequirementof Fragment of Stallbaum et al. s UML profile 27

28 Analysis of Model-Based Approaches Verification Reqmts.-Test cases (TC) / TC-Test procedures (TP) / TP-Test results Traces Legend: Provides Provides reduced Enables provisioning 28

29 Philosophy dimension: Summary of Results The detailed analysis may be found at High attention to specification of requirements, architecture and tests. Various approaches integrate analysis capabilities for architecture. DO-178C coverage dimension: Planning: Only de la Vara et al. s approach offer some coverage. Development: Most approaches focus on functional requirements, data flow and software structure. Verification: Coverage and traceability analyses are not well ed. 29

30 Summary of Results Information handling dimension: Predominance of graphical notations for creating structural views. Most of the approaches are semi-formal. Generally, no inclusion or highlight of elements for traceability. Usage dimension: The detailed analysis may be found at Validations in academic and industrial contexts through case studies. Poor documentation to assist in deployment and use. 30

31 Outline Research context Related work Research objective Proposal and results Conclusions and future work 31

32 Conclusions Lack of for various DO-178C data items. Low for traceability. Crucial for DO-178C certification and to enable integration of approaches. Lack of integrated solutions covering the entire (or most of the) life cycle of airborne software development. No information of an approach s impact during a certification. 32

33 Future Work Extension and refinement of our characterization framework. Include criteria from DO-178C supplement DO-331 Model-Based Development and Verification Ensure criteria are mutually exclusive and collectively exhaustive. Review more model-based approaches. 33

34 Thank you Questions? Andres Paz Ghizlane El Boussaidi 34