Software Development for Safety Critical Systems
-
Upload
akos-horvath -
Category
Software
-
view
491 -
download
0
Transcript of Software Development for Safety Critical Systems
Budapest University of Technology and EconomicsDepartment of Measurement and Information Systems
Software Development for Safety Critical Systems
Ákos Horváth
Dept. of Measurement and Information SystemsFault Tolerant Systems Research Group
FRENCH-HUNGARIAN WORKSHOP ON OUTER-SPACE
2
How to avoid?
Safety Critical Software Development
Specialities of safety critical systems Safety-critical systems
o Informal definition: Malfunction may cause injury of people Special solutions to achieve safe operation
o Design: Requirements, architecture, tools, …o Verification, validation, and independent assessmento Certification (by safety authorities)
Basis of certification: Standardso IEC 61508: Generic standard (for electrical, electronic or programmable
electronic systems)o DO178B/C: Software in airborne systems and equipmento EN50129: Railway (control systems)o EN50128: Railway (software)o ISO26262: Automotiveo Other sector-specific standards: Medical, process control, etc.
3
4
History of avionics SW complexity
MIPS LOC Mbyte/10 Digital links0
50
100
150
200
250
300
350
400A-310 (1983)
A-320 (1988)
A-340 (1993)
Exponential Growth
Both A380 and B 787 have 100’s of millions LOC
Ref: Subra de Salafa and Paquier
ARP-4754
Aeronautical Certification Bodies and Standards
5
ICAO
EASAEASA
EASANational Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
harmonize with regulations
adopt
accepted mean
define
ARP-4754
Aeronautical Certification Bodies and Standards
6
ICAO
EASAEASA
EASANational Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
harmonize with regulations
adopt
accepted mean
define
International Civil Aviation Organization (1944)
European Aviation Safety Agency (2006)
ARP-4754
Aeronautical Certification Bodies and Standards
7
ICAO
EASAEASA
EASANational Aviation
Authorities
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
sarmonize with regulations
adopt
accepted mean
define
EASA CS 25.1309:The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that-1. Any catastrophic failure condition a) is extremely improbable; and b) does not result from a single failure; and2. Any hazardous failure condition is extremely remote; and3. Any major failure condition is remote.
8
Aeronautical System Certification
9
Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis
Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)
10
Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis
Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)
11
Aeronautical System Certification
Provide guidelines for production of software for airborne systems.Objectives, activities and evidences
Certififcation aspects of hardware elements from concept to airworthy equipment development
12
Aeronautical System Certification
13
Future and Related Fields
Automotive industryo Drive-by-wireo Automated parking/drivingo No strict authorities for SW
certification• EU pushing for standards• Safety related issues
UAVo In the same civil airspaceo Needs to take into
consideration the environment o Equipment can fail
Space and Satelliteo Uses avionics conceptso Similar certification processes by ESAo How advanced concepts will
appear?
Avionicso Modern development methods (DO-
178C annexes, 2013)o MDE, OO languages, formal methods,
tool certificationo Flightpath 2050
o Passengers/year from 2.5bn to 16bn
o 31000 new aircrafts