Aerospace & Defense Technology - June 2021 - 23

Digital Design
RTCA/DO-178C " Software Considerations
in Airborne Systems and Equipment
Certification, " is of increasing relevance
for military applications, as is
adherence to ISO 26262 " Road Vehicles -
Functional Safety " for automotive vehicles.
Each lays down a development lifecycle
that is managed to ensure rigor in
terms of quality assurance, configuration
management, change management and
verification/validation:
* Quality Management: At the heart of
any critical system is a robust quality
management process. As a generalization,
quality management within an
open-source software development
environment tends to be less rigid.
Even so, compliance with a standard
such as ISO 9001 ensures only that the
quality of product is repeatable, not
necessarily high.
* Change Management: The downside
of anyone being able to fix bugs as
they are found in open-source developments
is that it bypasses formal
change control processes.
* Configuration Management: Typically,
both open-source projects and
more traditional developments use a
repository (e.g. Git, SVN) that provides
a controlled environment for the latest
development version and for builds,
candidates and actual releases.
* Verification and Validation (V&V):
A key problem area for mission-critical
software is in the V&V activities. The
safety case requires evidence to support
the argument that the software is
fit for purpose; that is, it meets the
documented requirements.
In common with many sector specific
functional safety standards, ISO 26262,
for example, describes a V-model for automotive
developments (Figure 1).
This requires traceability of the requirements
through the full lifecycle,
verification and validation of the design,
and verification and validation of
the implementation. These stages are all
difficult to achieve when adopting
open-source solutions.
In addition, functional safety standards
typically recommend adopting
coding standards such as the popular
guidelines described by MISRA. Empirical
evidence suggests that adoption of such
guidelines is rare within the open-source
Aerospace & Defense Technology, June 2021
Cov
... and the tool suite uses that data within
a test harness, which is compiled and
executed on the target hardware
Requirements traceability
TBmanager®
IBM® Engineering Requirements Management
DOORS® Family
Intland codeBeamer® ALM
Jama Connect™
Atlassian® Jira®
SIEMENS PLM Polarion® ALM™
PTC® Windchill®
Systemite SystemWeaver®
ReqIF™
Microsoft® Word & Excel
ISO 26262-6:2018
section 6
Specification of
software safety
requirements
Model based development
IBM® Engineering Systems Design Rhapsody®
MathWorks Simulink®
Ansys SCADE
Sparx Enterprise Architect
ISO 26262-6:2018
section 7
Software
architectural
design
Static analysis
Quality metrics
Coding standards compliance
TBvision®
LDRArules®
LDRAcover®
ISO 26262-4:2018
section 6
ISO 26262-4:2018
section 7
Technical safety
concept
System and
item Integration
Testing
Compliance
management
ISO 26262-6:2018
section 11
Testing of the
embedded
software
ISO 26262-6:2018
section 10
Software
Integration
and
verification
ISO 26262-6:2018
section 8
Software unit
design and
implementation
ISO 26262-6:2018
section 9
Software unit
verification
Programing standards
checking and metrication
TBvision®
LDRArules®
Figure 1. Traditional sequence for the application of an automated tool chain to the ISO 26262 process
guidelines.
Automated unit testing
TBrun®
LDRAunit®
TBextreme®
Test verification
TBvision®
TBrun®
Integrated and model
driven testing
TBvision®
Software interface is exposed at function scope...
... allowing user to enter inputs and expected outputs...
Figure 2. Performing unit test with the LDRA tool suite.
community, perhaps because the guidelines
themselves are not open source.
The net result is that you can develop
application software of exemplary quality
in line with the functional standard
of choice. However, if your operating system
doesn't also achieve that level of
quality-and just as importantly, doesn't
provide evidence of that quality-then
your system cannot be compliant.
Introducing ELISA, a Future Solution
Long faced with this conundrum, the
Linux foundation in 2019 launched the
Enabling Linux in Safety Applications
www.aerodefensetech.com
ToC
(ELISA) open-source project to help
companies " build and certify Linuxbased
safety-critical applications and
systems whose failure could result in
loss of human life, significant property
damage or environmental damage. "
While the project is backed by significant
supporters such as Arm, BMW and
Toyota, it's still in its early stages, so unfortunately
not immediately helpful for
any current development projects.
One-Shot Adoption
Right now, an open-source operating
system cannot be used, uncontrolled
23

http://www.aerodefensetech.com http://www.abpi.net/ntbpdfclicks/l.php?202106ADTNAV

Aerospace & Defense Technology - June 2021

Table of Contents for the Digital Edition of Aerospace & Defense Technology - June 2021