Escolar Documentos
Profissional Documentos
Cultura Documentos
SUPRIEURE
MGA-855
Certification des systmes embarqus
daronefs
Matrise en gnie : Concentration en gnie arospatial
COLE DE TECHNOLOGIE
SUPRIEURE
MGA-855
Certification des systmes embarqus
daronefs
Matrise en gnie : Concentration en gnie arospatial
Maxence Vandevivere
cellmaxence@gmail.com
Professeur responsable : Ren Jr. Landry
Poste : 8506
Porte : 2950
Email : rlandry@ele.etsmtl.ca
MGA-855: Chapitre 3
Overview
MGA-855: Chapitre 3
3.4.1 V&V
Recap:
Verification means ensuring that what was done in a
process was correct (meetings requirements, matches
process, etc.)
Validation means ensuring that the assumptions,
requirements are actually correct and complete
Verification takes place throughout the entire life cycle
Validation takes place at the requirements level
MGA-855: Chapitre 3
MGA-855: Chapitre 3
MGA-855: Chapitre 3
MGA-855: Chapitre 3
MGA-855: Chapitre 3
3.4.2 Traceability
MGA-855: Chapitre 3
10
MGA-855: Chapitre 3
11
MGA-855: Chapitre 3
12
Requirements
Design
Code
Test & test results
MGA-855: Chapitre 3
13
Code
Test
Test results
MGA-855: Chapitre 3
14
MGA-855: Chapitre 3
15
MGA-855: Chapitre 3
16
MGA-855: Chapitre 3
17
MGA-855: Chapitre 3
18
MGA-855: Chapitre 3
19
MGA-855: Chapitre 3
20
How?
Base our test cases on the requirements
Requirements coverage analysis to verify all requirements tested
Structural coverage analysis to verify all code was tested/exercised
MGA-855: Chapitre 3
21
Invalid input
Abnormal conditions
Failure modes
Timing/scheduling issues
Etc.
MGA-855: Chapitre 3
22
Robustness?
MGA-855: Chapitre 3
23
MGA-855: Chapitre 3
24
MGA-855: Chapitre 3
25
MGA-855: Chapitre 3
26
MGA-855: Chapitre 3
27
MGA-855: Chapitre 3
28
3.4.5 Testing
MGA-855: Chapitre 3
29
MGA-855: Chapitre 3
30
MGA-855: Chapitre 3
31
MGA-855: Chapitre 3
32
MGA-855: Chapitre 3
33
MGA-855: Chapitre 3
34
All plans, process activities for certification credit have been completed
That all life-cycle data has been retained, and under CM
That all life-cycle data complies with the plans & standards
Traceability has been completed (especially up to the system and safety
requirements)
All problem reports have been closed, or have been dealt with according
to the CMP
Any deviations are recorded and approved
All executable object code can be re-created from what is stored under
CM using the instructions created
MGA-855: Chapitre 3
35
MGA-855: Chapitre 3
36
3.4.7 Delivery
Now what?
Deliver to the regulatory authority concerned (TCCA or FAA) part of
your certification liasion process
Deliver to your customer (if any)
Take a nap
MGA-855: Chapitre 3
37
3.5.1 Tools
MGA-855: Chapitre 3
38
Code complexity:
SourceMonitor
Klockwork
Code coverage:
Bcov, gcc/g++,
lots of compiler-specific tools
Certification des systmes embarqus daronefs
MGA-855: Chapitre 3
39
Tool qualification
Previously developed software (PDS)
Alternative methods
Exhaustive testing
Multi-version dissimilar software
Product service history equivalent level of safety
MGA-855: Chapitre 3
40
For the former, we need to make sure the tool is fit for the
purpose
MGA-855: Chapitre 3
41
MGA-855: Chapitre 3
42
MGA-855: Chapitre 3
43
MGA-855: Chapitre 3
44
MGA-855: Chapitre 3
45
MGA-855: Chapitre 3
46
MGA-855: Chapitre 3
47
MGA-855: Chapitre 3
48
MGA-855: Chapitre 3
49
3.6.1 DO-254
What is DO-254?
Hardware certification guideline
Also known as EUROCAE ED-80
Released in 2000 (was not really in use required by the FAA until
about 2005)
Provides guidance for the design assurance of complex electronic
hardware (CEH) for airborne use in aircraft equipment and systems.
Structure of the document is based on DO-178B
MGA-855: Chapitre 3
50
Or put another way, hardware is classified as simple if you can fully test
it
If the hardware is not simple, its complex
Simple, right?
Not quite: this distinction is still subject to heated debates on a fairly
regular basis
MGA-855: Chapitre 3
51
A simple example:
If we have a 4-bit controller with discrete I/O (two input, two output)
This could easily be exhaustively (completely) tested
Another example:
A 16-bit controller with discrete I/O (8 input, 8 output)
Again, we can exhaustively test all inputs and outputs
Not so simple:
A 1000 gate FPGA with 100 pins
We can no longer easily (and deterministically) exhaustively test all
inputs and outputs
MGA-855: Chapitre 3
52
MGA-855: Chapitre 3
53
MGA-855: Chapitre 3
54
Design Assurance
Level
Failure Conditions
Probability
Level E
No Effect
< 1 x10-5
Level D
Minor
> 1 x10-5
Level C
Major
Level B
Level A
Catastrophic
< 1 x 10-9
MGA-855: Chapitre 3
55
MGA-855: Chapitre 3
56
MGA-855: Chapitre 3
57
COTS hardware
DO-254 is interested in their pedigree, and service history
Can use COTS chips as long as can show:
Wide use (the wider, the better)
Manufacturer is known to have good engineering processes
At least some documentation (technical, specs, etc.)
Look for quality control, mil spec, etc.
Dont reinvent the wheel if you dont need to
Examples:
ARINC429 bus controller
MIL-STD 1553 bus controller
MGA-855: Chapitre 3
58
3.6.3 AC20-152
AC20-152 - a typical AC
Released in 2005
A lengthy document 2 pages long!
Purpose: Defines more specific scope and details about
the application of DO-254
MGA-855: Chapitre 3
59
AC20-152 highlights:
Typical scope is for application specific integrated circuits (ASIC),
programmable logic devices (PLD), field programmable gate arrays
(FPGA) (1.a)
When designing level D devices, manufacturers may choose to use
RTCA, Inc. document RTCA/DO-254, Design Assurance Guidance For
Airborne Electronic Hardware, dated April 19, 2000, or continue to use
their existing design assurance practices. (1.b, emphasis added)
We dont intend that you apply RTCA DO-254 to every type of electronic
hardware (section 2)
we dont intend that you apply RTCA/DO-254 to COTS microprocessors.
There are alternative methods or processes to ensure that COTS
microprocessors perform their intended functions and meet airworthiness
requirements. Coordinate your plans for alternative methods or processes
with us early in the certification project. (3.b, emphasis added)
MGA-855: Chapitre 3
60
Summary
MGA-855: Chapitre 3
61
2.3.6 Summary
MGA-855: Chapitre 3
62
Questions?
MGA-855: Chapitre 3
63
References
RTCA/DO178B
RTCA/DO-254
AC 20-152
MGA-855: Chapitre 3
64
Images References
MGA-855: Chapitre 3
65