Software Development for Safety Critical Systems

Budapest University of Technology and EconomicsDepartment of Measurement and Information Systems

Software Development for Safety Critical Systems

Ákos Horváth

Dept. of Measurement and Information SystemsFault Tolerant Systems Research Group

FRENCH-HUNGARIAN WORKSHOP ON OUTER-SPACE

2

How to avoid?

Safety Critical Software Development

Specialities of safety critical systems Safety-critical systems

o Informal definition: Malfunction may cause injury of people Special solutions to achieve safe operation

o Design: Requirements, architecture, tools, …o Verification, validation, and independent assessmento Certification (by safety authorities)

Basis of certification: Standardso IEC 61508: Generic standard (for electrical, electronic or programmable

electronic systems)o DO178B/C: Software in airborne systems and equipmento EN50129: Railway (control systems)o EN50128: Railway (software)o ISO26262: Automotiveo Other sector-specific standards: Medical, process control, etc.

3

4

History of avionics SW complexity

MIPS LOC Mbyte/10 Digital links0

50

100

150

200

250

300

350

400A-310 (1983)

A-320 (1988)

A-340 (1993)

Exponential Growth

Both A380 and B 787 have 100’s of millions LOC

Ref: Subra de Salafa and Paquier

ARP-4754

Aeronautical Certification Bodies and Standards

5

ICAO

EASAEASA

EASANational Aviation

Authority

EASA CS-25

ARP-4754

define

supervise

supervise

EASAEASAStandardization

Body

harmonize with regulations

adopt

accepted mean

define

ARP-4754


6

ICAO

EASAEASA


Authority

EASA CS-25

ARP-4754

define

supervise

supervise


Body

harmonize with regulations

adopt

accepted mean

define

International Civil Aviation Organization (1944)

European Aviation Safety Agency (2006)

ARP-4754


7

ICAO

EASAEASA


Authorities

EASA CS-25

ARP-4754

define

supervise

supervise


Body

sarmonize with regulations

adopt

accepted mean

define

EASA CS 25.1309:The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that-1. Any catastrophic failure condition a) is extremely improbable; and b) does not result from a single failure; and2. Any hazardous failure condition is extremely remote; and3. Any major failure condition is remote.

8

Aeronautical System Certification

9

Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis

Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)

10

Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis

Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)

11


Provide guidelines for production of software for airborne systems.Objectives, activities and evidences

Certififcation aspects of hardware elements from concept to airworthy equipment development

12


13

Future and Related Fields

Automotive industryo Drive-by-wireo Automated parking/drivingo No strict authorities for SW

certification• EU pushing for standards• Safety related issues

UAVo In the same civil airspaceo Needs to take into

consideration the environment o Equipment can fail

Space and Satelliteo Uses avionics conceptso Similar certification processes by ESAo How advanced concepts will

appear?

Avionicso Modern development methods (DO-

178C annexes, 2013)o MDE, OO languages, formal methods,

tool certificationo Flightpath 2050

o Passengers/year from 2.5bn to 16bn

o 31000 new aircrafts

Software Development for Safety Critical Systems

Software

Transcript of Software Development for Safety Critical Systems