Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > T&M

Adopting aerospace verification standards (Part 2)

Posted: 23 Sep 2013 ?? ?Print Version ?Bookmark and Share

Keywords:DO-178C? avionics? MISRA? verification? Code coverage?

Object-code verification focuses on how much the control flow structure of the compiler-generated object (machine) code differs from that of the application source code from which it was derived. Such differences may occur for a number of reasons, but compiler interpretation and optimisation are primary causes. However, given that traditional structural coverage techniques are applied at the source code level, whereas it is actually the object code that executes on the processor, differences in control flow structure between the two can result in significant gaps in the testing process.

As an illustration, refer to the two flow graphs in the figure, which are generated from the same procedure. Note how the object code flow graph on the left shows a branch which doesn't appear in the source code flow graph on the right.

Figure: Flow graphs.

Visible, easy-to-use reports like these help engineers to quickly build test cases that achieve 100% unit coverage. Without such reports, the effort required to identify each path through the object code would be much higher, resulting in longer timescales and higher cost.

Safety-critical software components in aerospace systems that are DO-178C Level A must undergo object code verification. This is arguably the toughest testing discipline for non-aerospace projects to adopt but must now be considered as more and more safety-critical software components are deployed in modern automobiles, medical equipment, and transport control systems. Similarly, critical components in telecom and financial systems are seeing increased quality requirements due to the high monetary cost of failure.

Fortunately, safety-critical components are typically a subset of the application as a whole. However, the effort of testing at the object code level can be significant and requires considerable resources in terms of time and money. Using automated, compiler-independent processes helps reduce overall development costs by considerable margins and ensures delivery of high-quality software components where the chance for failure has been reduced as close to zero as possible.

Working under the constraints of the DO-178B standard was mandatory for companies such as BAE Systems and Lockheed Martin as they developed software for the F-35 Lightning II Joint Strike Fighter, the Orion CEV [7], and other safety-critical projects, and DO-178C is now recognised as the primary standard for similar aerospace development. However, as these processes and directives of DO-178 are adopted as best practices for safety-critical systems outside the aerospace industry, non-avionics industries are facing the challenge of evolving their development processes and standards.

With the right tools and facilities, the scope of these challenges may be greatly reduced, thus enabling projects to realise the full potential and benefits that rigorous quality analysis, testing, and verification may bring in terms of increased code quality, improved reliability, and cost savings. Lockheed Martin's ability to deliver the F-35 Lightning II for its first flight on-time and on-budget sends a message to other industries that software development and verification against rigorous and exacting standards is a discipline which may be confidently attempted and conquered.

1. RTCA Inc. (originally the Radio Technical Commission for Aeronautics) is a private, not-for-profit corporation that develops consensus-based recommendations regarding communications, navigation, surveillance, and air traffic management (CNS/ATM) system issues.
2. EUROCAE, the European Organisation for Civil Aviation Equipment, is a nonprofit organisation which provides a European forum for resolving technical problems with electronic equipment for air transport.
3. The Motor Industry Software Reliability Association (MISRA) is a collaboration between vehicle manufacturers, component suppliers and engineering consultants which seeks to promote best practice in developing safety-related electronic systems in road vehicles.
4. "Guidelines for the use of the C language in critical systems", published first by MISRA Limited in October 2004 and again in March 2013 after comprehensive revision. These standards are complete reworks of the original set published in 1998.
5. "Joint Strike Fighter (JSF) Air Vehicle (AV) C++ Coding Standards for the System Development and Demonstration Program", document number 2RDU00001 Rev D, June 2007. These standards build on relevant portions of the MISRA-C standards with an additional set of rules specific to the appropriate use C++ language features (e.g., inheritance, templates, namespaces) in safety-critical environments.
6. The Chaos Report from the Standish Group has been regularly published since 1994. The 2006 report revealed that 35% of software projects could be categorised as successful, meaning they were completed on time, on budget and met user requirements. This is a marked improvement over 1994 when only 16.2% of projects were labelled as successful.
7. The Orion Crew Exploration Vehicle (CEV) is a spacecraft currently under development by NASA, the contract for its design and construction was awarded to Lockheed Martin in August 2006.

About the authors
Mark Pitchford has over 25 years' experience in software development for engineering applications. He has worked on many significant industrial and commercial projects in development and management, both in the UK and internationally, including extended periods in Canada and Australia. Since 2001, he has specialised in software test, and works throughout Europe and beyond as a Field Applications Engineer with LDRA Ltd.

Bill St. Clair is currently Director, US Operations for LDRA Technology and LDRA Certification Services and has more than 25 years in embedded software development and management. He has worked in the avionics, defence, space, communications, industrial controls, and commercial industries as a developer, verification engineer, manager, and company founder. He holds a U.S. patent for a portable storage system and is inventor of a patent-pending embedded requirements verification system. Bill's leadership was instrumental in adapting requirements traceability into LDRA's verification process.

To download the PDF version of this article, click here.

?First Page?Previous Page 1???2

Article Comments - Adopting aerospace verification stan...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top