Programming languages for use in safety-related applications

Programmable electronic systems are being used in almost all application sectors to perform non-safety and increasingly to perform safety functions as well. Although software-based solutions are usually superior to hardwired ones for reasons of efficiency and flexibility, there is a certain reluctance of the certification authorities when it comes to licensing computer-based systems which are classified as safety critical. Despite many attempts to overcome problems of software safety (IEC 61508, IEC 880, VDE 0801, IDS 00-55, RTCA/DO-178), up to now neither precise guidelines supporting the software development process are available, nor are there serious efforts being made to develop programming languages dedicated to the implementation of safety critical functions. To improve this unsatisfactory situation, i.e. to meet both economic and safety requirements, it is necessary to design appropriate language concepts with consequent regard to safety aspects. Accordingly, four subsets of a real time language suitable for the implementation of safety-related systems are proposed, whose definitions fulfil the respective requirements of the four safety integrity levels.     

Software and hardware certification of safety-critical avionic systems: A comparison study

To ensure the safety of avionic systems, civil avionic software and hardware regulated by certification authorities must be certified based on applicable standards (e.g., DO-178B and DO-254). The overall safety integrity of an avionic system, comprising software and hardware, should be considered at the system level. Thus, software and hardware components should be planned, developed and certified in a unified, harmonized manner to ensure the integral safety of the entire avionic system. One of the reasons for the high development costs of avionic systems complying with standards may be a lack of sufficient understanding of how to employ these standards efficiently. Therefore, it is important to understand the similarities and differences between DO-178B and DO-254 to effectively manage the processes required by these standards, to minimize cost, and to ultimately ensure the safety of the entire avionic system. Thus, the goal of this paper is to compare various aspects of DO-178B and DO-254 comprehensively. The paper may serve as a useful supplementary material for the practitioner to understand the rationales behind and the differences between two main standards used in avionic industries.     

Aviation software guidelines

Regulatory authorities in the US and Europe have received two documents crucial to aviation software developers. The first one, DO-248B, clarifies existing software guidelines for airborne systems and equipment certification, and the other, CNS/ATM (a counterpart to DO-178B) provides new guidance for non-airborne communication and navigation systems.     

Certification of software for real-time safety-critical systems: state of the art

This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software, and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B “Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented.     

面向DO-178C的襟缝翼控制系统需求的形式化描述

DO-178C是对机载软件适航认证标准DO-178B的改进和补充,用于对民用飞机机载系统和设备软件质量控制提供指导。SCR(Software Cost Reduction)方法作为一种形式化方法,基于四变量模型,可以对复杂和大型的嵌入式系统进行需求描述。文中基于DO-178C,使用SCR方法对原飞机系统中的襟缝翼控制系统的需求文档进行形式化的需求描述,针对襟缝翼控制系统中的襟翼电机转速控制模块进行详细的案例分析,判断其是否满足DO-178C的相关验证指标。通过分析和验证,提出了SCR方法中的一些应用技巧。该工作可为SCR方法在机载软件系统中的应用提供依据。     

Use of Bayesian Belief Networks when combining disparate sources of information in the safety assessment of software-based systems

The paper discusses how disparate sources of information can be combined in the safety assessment of software-based systems. The emphasis is put on an emerging methodology, relevant for intelligent product-support systems, to combine information about disparate evidences systematically based on Bayesian Belief Networks. The objective is to show the link between basic information and the confidence one can have in a system. How one combines the Bayesian Belief Net (BBN) method with a software safety standard (RTCA/DO-178B) for safety assessment of software-based systems is also discussed. Finally, the applicability of the BBN methodology and experiences from cooperative research work together with Kongsberg Defence & Aerospace and Det Norske Veritas, and ongoing research with VTT Automation are presented.     

民用机载软件集成过程的技术研究

民用机载软件的研制以DO-178B标准为指导.与传统的软件工程相比,DO-178B标准更面向目标和过程.该标准为各个等级的软件提出了相对应的目标,申请者需要向局方提供证据以表明研制的软件满足适航目标.软件的编码和集成过程,该标准要求集成过程的输出是正确和完整的.但该标准中并没有提出如何满足这个目标.本文通过无线电调谐软件对软件编码和集成过程以及对软件编译和链接过程的研究,提出一种方式来满足DO-178B标准的这一目标.     

A comparison of standards for software engineering based on DO-178B for certification of avionics systems

Certification of avionics software is an increasingly important subject, since more and more avionics systems in future aircraft will be software equipped. The DO-17813 standard provides guidelines for software certification. Re-use of software is emerging, partly enabled by the integrated modular avionics concept, and imposed by a reduction of life-cycle costs. Re-use, however, requires re-certification or certification of software that was not developed according to DO-17813.

The DO-178B standard is specially developed to provide a certification basis for avionics software, without going into details of the software development process. Other standards focus on software engineering aspects. We have used the DO-178B standard as a common basis for comparison with DOD-STD2167A (military), ESA PSS-05-0 (space), and IEC65A(Secretariat)122 (industry). Comparison topics include:

• • life cycles;

• • prescribed documentation;

• • configuration management;

• • verification and validation;

• • quality assurance.

All standards prescribe the software development process, emphasizing specific aspects in a certain area of interest. The results of our investigation will assist in understanding the rationale behind several standards, and can be used for:

• • certification according to DO-17813 of software that was developed using another standard;

• • certification of software using DO-17813, in concert with another standard.

     

机载软件适航认证标准新进展及展望

为了满足机载软件适航认证的迫切需求,对机载软件适航认证标准进行分析研究.阐述了DO-178B的发展动因及过程,总结了随着软件开发技术的快速更新DO-178B所表现的不足.说明了对DO-178B进行更新的必要性,并将即将发布的新版本DO-178C与DO-178B进行了对比.根据对比结果重点分析了DO-178C的4个新增特性.对DO-178C所带来的影响以及未来应用进行了展望.     

Satisfying DO-178C Structural Coverage Objectives

Structural coverage analysis is an important task for the development of safety-critical systems. In particular, structural coverage analysis is one of the objectives specified in RTCA DO-178C for the airborne software verification process. Structural coverage analysis is normally supported by the tools that collect coverage information in the course of test execution. This paper concerns with the problems and methods of structural coverage collecting in order to specify the required functionality of structural coverage collecting tools, which is necessary to provide their compliance with the DO-178C objectives.     

基于MDA与UML扩展的安全软件开发方法

为提高软件安全性,提出一种基于模型驱动架构(MDA)与统一建模语言(UML)扩展机制的安全软件开发方法。采用UML扩展机制建立系统安全相关的平台无关模型,将软件的安全性分析提前到设计的早期;利用MDA方法进行软件安全属性的建模,降低后期开发的风险与成本。图书管理系统实例验证了该方法的有效性。     

面向适航标准的机载软件测试验证方法综述

机载软件测试是指机载系统中嵌入式软件执行的测试验证过程,目的是为了挖掘出软件缺陷从而提高机载系统的可靠性。随着机载嵌入式系统功能的多样化需求,软件的规模和复杂程度不断增加,同时因为其实时性、嵌入性、高可靠性等特殊性,因此对机载软件进行充分测试成为当前的一个挑战。为了满足要求,机载系统的测试需要遵循最新的适航标准DO-178C,针对机载软件生命周期过程提出了一系列目标要求和设计考虑。为此,简介了机载软件适航认证标准的发展及其测试环境;根据DO-178C对机载软件测试的各个过程从基于需求、基于模型、基于安全性分析以及软件验证的测试研究机载软件的测试验证方法,并进行小结;对相关领域的发展进行总结和展望。     

Schedulability and sensitivity analysis of multiple criticality tasks with fixed-priorities

Safety-critical real-time standards define several criticality levels for the tasks. In this paper we consider the real-time systems designed under the DO-178B safety assessment process (i.e., Software Considerations in Airborne Systems and Equipment Certification). Vestal introduced a new multiple criticality task model to efficiently take into account criticality levels in the schedulability analysis of such systems. Such a task model represents a potentially very significant advance in the modeling of safety-critical real-time softwares. Baruah and Vestal continue this investigation, with a new scheduling algorithm combining fixed and dynamic priority policies. Another major design issue is to allow a system developer to determine how sensitive is the schedulability analysis to changes in execution time of various software components.     

软件适航审定时如何鉴定软件重用

越来越来多机载软件应用于航空工业,软件重用技术在近年来发展迅速.民用航空旨在保证飞行的安全性可靠性,机载软件适航审定的依据标准主要是DO-178.本文介绍了适航审定对软件重用的考虑方面,详细介绍了申请人需要做的更改影响分析（CIA）供中国民用航空局（CAAC）审核.     

A generic framework for modeling heterogeneous real-time systems

Complex real-time systems usually consist of heterogeneous components. These components interact with different semantics. Modeling these systems normally need integrating several domain-specific tools such as UML, Simulink. But interchanging data between these tools is very difficult. UML is a standard modeling language for object-oriented software development, used more and more in real-time domain. It provides several extensibility mechanisms to allow modeling special domains. This paper presents a generic framework, which is based on UML notations and metamodels, for heterogeneous modeling real-time systems. So engineers from different domains can work together on a unified platform.     

基于DO-178B的机载软件可靠性设计

本文从软件可靠性工程角度,对DO-178B的研制流程进行解读,分析DO-178B中所包含的避错、消错和容错的机载软件可靠性设计技术。分析表明,DO-178B既是机载软件满足适航安全性要求的符合性方法,也是保证机载软件可靠性的一种软件设计方法。     

FAME: A UML-based framework for modeling fuzzy self-adaptive software

Context: Software Fuzzy Self-Adaptation (SFSA) is a fuzzy control-based software self-adaptation paradigm proposed to deal with the fuzzy uncertainty existing in self-adaptive software. However, as many software engineers lack fuzzy control knowledge, it is difficult for them to design and model this kind of fuzzy self-adaptive software (F-SAS). Therefore, efficient and effective modeling technologies and tools are needed for the SFSA framework.Objective: This paper aims to identify modeling requirements of F-SAS and to provide a modeling framework to specify, design and model F-SAS systems. Such a framework can simplify modeling process of F-SAS and improve the accessibility of software engineers to the SFSA paradigm.Method: This study proposes a modeling framework called Fuzzy self-Adaptation ModEling (FAME). By extending UML, FAME creates three types of modeling views. An analysis view called Fuzzy Case Diagram is created to specify the fuzzy self-adaptation goal and the realization processes of this goal. A structure view called Fuzzy Class Diagram is created to describe the fuzzy concepts and structural characteristics of F-SAS. A behavior view called Fuzzy Sequence Diagram is created to depict the dynamic behaviors of the F-SAS systems. The framework is implemented as a plug-in of Enterprise Architect.Results: We demonstrate the effectiveness and efficiency of the proposed approach by carrying out a subject-based empirical evaluation. The results show that FAME framework can improve modeling quality of F-SAS systems by 44.38% and shorten modeling time of F-SAS systems by 38.41% in comparison with traditional UML. Thus, FAME can considerably ease the modeling process of F-SAS systems.Conclusion: FAME framework incorporates the SFSA concepts into standard UML. Therefore, it provides a direct support to model SFSA characteristics and improves the accessibility of software engineers to the SFSA paradigm. Furthermore, it behaves a good example and provides good references for modeling domain-specific software systems.     

Supporting the verification of compliance to safety standards via model-driven engineering: Approach,tool-support and empirical validation

ContextMany safety–critical systems are subject to safety certification as a way to provide assurance that these systems cannot unduly harm people, property or the environment. Creating the requisite evidence for certification can be a challenging task due to the sheer size of the textual standards based on which certification is performed and the amenability of these standards to subjective interpretation.ObjectiveThis paper proposes a novel approach to aid suppliers in creating the evidence necessary for certification according to standards. The approach is based on Model-Driven Engineering (MDE) and addresses the challenges of using certification standards while providing assistance with compliance.MethodGiven a safety standard, a conceptual model is built that provides a succinct and explicit interpretation of the standard. This model is then used to create a UML profile that helps system suppliers in relating the concepts of the safety standard to those of the application domain, in turn enabling the suppliers to demonstrate how their system development artifacts comply with the standard.ResultsWe provide a generalizable and tool-supported solution to support the verification of compliance to safety standards. Empirical validation of the work is presented via an industrial case study that shows how the concepts of a sub-sea production control system can be aligned with the evidence requirements of the IEC61508 standard. A subsequent survey examines the perceptions of practitioners about the solution.ConclusionThe case study indicates that the supplier company where the study was performed found the approach useful in helping them prepare for certification of their software. The survey indicates that practitioners found our approach easy to understand and that they would be willing to adopt it in practice. Since the IEC61508 standard applies to multiple domains, these results suggest wider applicability and usefulness of our work.     

UML语言的建模应用

统一建模语言（UML）是一个通用的可视化建模语言,用于对软件进行描述、可视化处理、构造和建立软件系统。UML适用于各种软件开发方法、软件生命周期的各个阶段、各种应用领域以及各种开发工具。UML标准并没有定义一种标准的开发过程,但它适用于迭代式的开发过程。它是为支持大部分现存的面向对象开发过程而设计的。