Your Account Logout. Developing Safety-Critical Software. By Leanna Rierson. Edition 1st Edition. First Published Imprint CRC Press. Pages pages.
Shop with confidence
FLEX development flexibility : Indicates the level of software flexibility according to the development process, interface constraints, requirement, and schedule. Each scale factor has six levels, from very low to extremely high, and each level has an associated weight suggested by the method Boehm et al. In addition to the scale factors, the method also presents 17 multiplicative cost factors. They are organized into four categories:.
Project factors: In this category, there are the project factors that influence the effort, such as the use of modern tools, location of the team, level of interaction, etc. Each of these attributes determines a multiplication factor that estimates their effect on the software development effort. Summarizing the COCOMO method, it can be considered a framework, which groups 17 multiplicative cost factors in four different categories, as described in Fig.
To situate the reader in applying this method in a critical software development project, the next section details the concepts of this type of software and its definition. In general, such applications are embedded and considered real-time applications, which means that they operate at an extremely high frequency and have strict response requirements in which a single fault can generate catastrophic events McCormick et al.
Romani et al. A software for such applications is generally developed following rigorous process standards. Because it is a case study of an aeronautical sector project, the concepts of DOC will be further described. To avoid repetition of references, this entire section is based on the standard itself, unless otherwise specified. The DOC classifies the criticality of the effect of failures on the crew or plane into five categories.
Due to the effects of each failure, the DOC then classifies the software in five different levels A, B, C, D, and E , according to its contribution to the potential system failures, where the level A is the most rigorous.
The Verification Company. Software Development and Verification compliance to DO-178C/ED-12C
For each software level, the standard presents a set of objectives that must be achieved in order to certify such an embedded application. The software level determination is done by a system safety assessment process, identification of potential failures, loss of function or malfunction, and their impacts.
According to DOC, the software level implies that the level of effort required to show compliance with certification requirements varies with the failure condition category. The necessary effort to approve the software increases as the number of objectives increases according to its level.
The Table 1 describes the system failure condition associated with the software level and the number of objectives. The case study described in this paper addresses all the concepts presented to the reader up to this moment, being a critical software, following the processes established by the DOC, and applying the COCOMO II method as a development effort estimation. Since it is a project that was concluded in , it is possible to present not only the estimated data, but also the actual values demanded by the project.
It begins with the contextualization of the company Harpia, environment in where the case study was based, following the description of the project and the software development process adopted. Harpia is the fantasy name of the company responsible for the project and was created especially for this article in order to protect the real name of the company being portrayed in this section for commercial and intellectual property reasons.
Library Resource Finder: Location & Availability for: Developing safety-critical software : a
Harpia has more than 20 years in the software development market in Brazil and it is specialized in software embedded in mission systems for defense aircraft and real-time applications for critical systems. Since its founding, it has grown exponentially and has about software engineers currently. Its main clients are aviation companies from all over the world, which subcontract their services in the defense projects carried out by the Navy, the Army, and the Air force, as well as the development of applications for systems of flight control, called Fly-By-Wire.
The project in this case study refers to the software development of the FBW system of the Harpia-H2 program. The complete project development cycle was from June to December , totaling 4. A US vendor was hired to develop low-level hardware and platform software, which was responsible for basic hardware interface functions and management of data inputs and outputs through digital communication channels.
Developing Safety-Critical Software
Harpia was then responsible for developing the control law application, the testability functions, and the failures management. During the project-planning phase, at the beginning of development, the COCOMO II method was adopted to assist in the estimating effort and development time required to complete the software development.
The method was then applied in its essence, without performing a dedicated calibration for the company, and with the factors of scale and multiplicative factors of cost being answered considering the complete software application developed by both companies, Harpia and its supplier. Once the level for each scale factor was identified, its respective value was then automatically obtained as presented by the method itself. In this way, it is necessary to detail the premises and considerations taken into account by the project team during the selection.
The PREC parameter, which indicates the level of similarity of the current project to previous projects, was selected as nominal, since the company has only one similar previously developed project; however, it has conducted a long-term research project in this area. This balancing between years of research, but only one previous project, led the team to select the nominal option. The FLEX parameter, which indicates the level of flexibility of the software in terms of the development process, the interface constraints, requirements, and deadline, was selected as very low, since the need for certification of such software, as well as compliance with the standard DOC, made the process less flexible.
In addition, the project was born with a tight schedule, little flexibility to adjust the deadline due to the required date of launching the product on the market, and the fact that it involved the development by an external supplier, which limited the changes of interface. The RESL parameter, which reflects the result of the risk analysis, was selected as nominal, since the company had a good risk management, but the low precedence index and previous experience, identified by the PREC factor, could introduce hidden and not mapped risks, as well as the involvement of a third-party company as a supplier.
The TEAM parameter, which indicates the level of team integration and human factors, was also selected as very low, since in the project planning phase the team was not yet fully formed, people did not know each other, or they were new to the company, which made it difficult to analyze this parameter.
On top of that, the development team includes the supplier personnel, which was based in a different country, with a different culture and background. Therefore, not only technical aspects, but also human factors and culture should be considered in this parameter. Following the method steps, the same group of engineers then dedicated themselves to identify the multiplicative factors of project effort.
They were all analyzed and answered according to Table 3. Similar to scale factors, once the level for each multiplicative effort factor was identified, its respective value was then automatically obtained as presented by the method itself. The values for each selection of the multiplicative stress factors are presented by the method itself Boehm et al.
As with scale factors, the selection of multiplicative cost factors for the project is also subjective. In this context, it is again necessary to detail the assumptions and considerations taken into account by the project team during the selection. The RELY parameter, which measures the effect of a software failure on the function which it must run over a period, has been selected as very high; because it was a flight control software, the requirements and reliability and safety of the product are the highest.
This was certainly one of the factors that contributed to the multiplication of project costs. The DATA parameter, which relates to the effect of testing large amounts of data on product development, was selected as nominal to not influence the estimation, since little was known about the amount of test data that would be needed.
The CPLX parameter measures the complexity of the product divided into five areas: 1 operation control; 2 computational operations; 3 devices operations; 4 data management; and 5 user interface operations; it was selected as very high. Although the application is extremely complex, following the method of the project in question did not present the characteristics that would qualify it to be selected as extremely high, since there was no distributed processing or graphical interface.
The RUSE parameter, which relates to the additional effort that will be required to develop the software with the intention of being reused by future projects, was selected as nominal to not interfere with the estimation, since no development was planned to be reused in the future. The DOCU parameter, which is evaluated in terms of the need for documentation throughout the life cycle of the project under development, was selected as very high, depending on the amount of documents required throughout the life cycle of a software development project level A, according to DOC.
The STOR parameter, which represents the degree of restriction of the main data storage medium of the system, was selected as nominal to not influence the estimation, as little was known about the amount of data that would be needed. The PVOL parameter, which is measured from the point of view of the number of platform changes, was selected as nominal to not influence the estimation, since platform software is the responsibility of the vendor.
The APEX parameter, which measures the level of applications experience of the project team developing the software system, was selected as low for the same reasons previously mentioned, the team was still under construction and with several newly hired members. The PLEX and LTEX parameters, which consider the influence on productivity of the development team experience level in the platform in question, were selected as nominal to not influence the estimation, since platform software was the responsibility of the supplier.
The TOOL parameter, which considers the use of sophisticated tools in software development, was selected as very high, since the project used sophisticated tools qualified by the DO, such as generated automatic code.
- Stories from the Crusades.
- Account Options?
- Bruschetta et crostini.
- Advances in Berthing and Mooring of Ships and Offshore Structures.
The the right, we value the items on the left more. According to Rierson , there are five reasons Figure 1. The Manifesto for Agile Software for the importance of good requirements: Development  x Reason 1 - Requirements are the According to Stober and Hansmann , agile foundation for software development; thinking is "an attempt to simplify things by reducing x Reason 2 - Good requirements save time complexity of planning, by focusing on costumer value, and by shaping a fruitful climate of and money; participation and collaboration.
At this section, the designed and then broken down to a set of individual authors of this paper want to give an overview of tasks. The list of tasks is recorded in an artifact called some of then. According to Vuori  there is a tendency for After the Sprint ends, there is a Sprint companies to transform their software and product Retrospective, where the Scrum Team and the development practice into more incremental form, by Stakeholders inspect what was done during the using special agile software development.
Although Sprint, discuss it, and figure out what to do next. There are the following key motivations for agile methods : x Early partial product; Extreme Programming XP x Better predictability; According to Beck , Extreme Programming x Final product better matching true client XP is a software development methodology which is intended to improve software quality and desires; x Manageable complexity; and responsiveness to changing customer requirements.
As a type of agile software development, it advocates x Early mitigation and discovery. Specific efforts involving balancing agility and discipline have been generated stories will be defined; x Planning phase - where stories for the next and described in related works, Section 5. The Scrum structures the development in cycles of work, also defined as Sprints. One Sprint usually takes place one after the At the iteration phase, the user stories defined at other and it has fixed duration, typically weeks.
It the exploration phase and prioritized at the planning ends on a specific date, whether the work has been phase will be analyzed to translate stories to software completed or not, and is never extended. Hence, they requirements. After the software requirements for the are time boxed. At the beginning of each Sprint, a Sprint Planning Meeting takes place.
The Product Owner At the first book written about XP, Beck  and Scrum Team review the Product Backlog, includes hand-drawn sketches of diagrams and discuss the goals and context for the items, and the models. According to Ambler , the design using Scrum Team selects the items from the Product extreme programming may be based in modeling, Backlog to commit to complete by the end of the founded in the following principles: i. The creation Sprint, starting at the top of the Product Backlog. The interaction with models, iii. The use the simplest tools, and iv.
The modeling of small increments. This practice states that software The 71 DOC objectives are presented in 10 requirements with more complexity or higher risk tables, published in annex A of the standard. DO should be prioritized earlier. In July 19, , the AC involvement in the entire project, developer C  has recognized DOC and its autonomy to take decisions without need to consult supplements.
- Refine your editions:.
- The Reflective Life: Living Wisely With Our Limits.
- The Psychology Majors Handbook. Third Edition.
- (PDF) A reference method for airborne software requirements | Adilson Cunha - olagynulehyb.gq.
- The Verification Company. Software Development and Verification compliance to DOC/EDC - PDF!
- Chinese Economy in the 1990s (Studies in the Chinese Economy).
Space specification language. Standards This standard also applies to the development or As part of the complete doctoral research reuse of non-deliverable software, which affects the mentioned in this paper, the following standards are quality of the deliverable product or service provided used: i. A variety of software industries are applying agile methods or DOC and DO agile principles that are compatible with the specific needs of an organization.
Inside of the Agile Methods Domain, the authors According to McMahon , it is possible to of this paper have selected three Agile Methods to integrate agile software development with CMMI provide inputs to this doctoral research. The selected . However, due to reduction of fully compatible agile practices, easily compatible scope of this research, they were not considered. The other selected standards are C. All the selected standards were updated in time frame lower than 5 The research strategy for the mentioned doctoral years. However, due to reduction of scope of this research, Domain, which includes all the available they were not considered.
Figure 2 presents the flow Software Safety Standards. Figure 2. For comprising such preliminary details.
Although Coding and reference method for the requirements process. Testing are benefited from the use of models, these Figure 5. The System Requirements Analysis and method is a "set of steps that must be accomplished Selection to complete an activity". Typically, system requirements define the 2 Identify the System Requirements applied functionality of the system that has been developed. A system is not simply composed of software. Several systems are comprised of software, 3 Prioritize the specific SRATS for the next electronic hardware, and other parts mechanical, Sprint.
- The Name of this Book Is Secret (The Secret Series, Book 1);
- About for Book Developing Safety-Critical Software: A Practical Guide for Aviation Software and?
- Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance?
- 1st Edition?
- Account Options.
- Venus and Mercury, and How to Observe Them (Astronomers Observing Guides).
Not all system Inputs Outputs requirements are directly applied to the software.