DO-178C / ED-12C Model Based Supplement - It.mathworks
DO-178C / ED-12C Model Based Supplement Pierre Lionne, SC-205 / WG-71 SG-4 Co-Chairman 1 Nov. 2011
Summary Introduction Foundations Concepts Highlights Conclusion 2010 APSYS - All rights reserved
Introduction 2010 APSYS - All rights reserved
Introduction TOR Issues DO-178C ED-94C Supplement X ED-94B Supplement Y DO-178B 2010 APSYS - All rights reserved
Introduction CNS/ATM & Safety Document Integration SG 1 SG 7 Formal Methods Issues & Rationale SC 205 WG 71 SG 2 SG 6 Tools SG 3 SG 5 SG 4 Object Oriented Model Based Development & Verification 2010 APSYS - All rights reserved
Foundation Concepts 2010 APSYS - All rights reserved
Foundation Concepts Models to express requirements Scope of supplement Modeling Technique Model “Parent” Requirements Simulation 2010 APSYS - All rights reserved
Concept #1 Model is an acceptable means to express completely software requirements or architecture action boolean 1 u1 action enable elseif(u2 1) uint16 2 nb ticks Req 001: The XX module shall Wait 10ms before entering in blabl state if(u1 0) Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter Goto [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status WHC DFS 38/39 raise confirmation flag Merge Merge Status Derived Req 003: 2010 APSYS - All rights reserved [counter] Merge Counter elseif { } Req 002: The XX module . uint16 boolean boolean 1 Status
Concept #2 The supplement applies to any model that is used to define software artifacts whatever the process that produced it action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status WHC DFS 38/39 raise confirmation flag 2010 APSYS - All rights reserved Merge Merge Status boolean boolean 1 Status
Concept #3 Modeling Technique – A Modeling Language AND – A manner of using this language Modeling Technique has to be suitable to the type and to the level of abstraction of the information to be expressed Modeling Technique have to be described in Model Standards 2010 APSYS - All rights reserved
Concept #4 Model should be developed from a complete set of requirements and constraints external to it Model Parent Requirements 2010 APSYS - All rights reserved
Concept #5 Simulation: appropriate means to support model verification Model Parent Requirements 2010 APSYS - All rights reserved
Concept #6 Simulation may be used to support the testing effort Model Parent Requirements action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Executable Object Code 2010 APSYS - All rights reserved
Highlights 2010 APSYS - All rights reserved
Highlights System / Software Planning Process Development Process Verification Process Tools 2010 APSYS - All rights reserved
System / Software Interfaces between System and Software processes updated to address the case where system team produces a software model 2010 APSYS - All rights reserved
Planning Process Introduction of Model Standards – – – – – – Syntax & Semantic of the language Constraint on complexity Means to identify Requirements Derived requirements identification Means to establish traceability 2010 APSYS - All rights reserved
Development Process Same guidance apply for requirements expressed in a model Model elements which do not represent requirements should be identified 2010 APSYS - All rights reserved
Verification Process Guidance from DO-178C / ED-12C Core Document remains applicable 2010 APSYS - All rights reserved
Verification Process Simulation & model verification: New means New artifacts: – Simulation Cases & Procedures – Simulation Results Simulation Cases based on Model Parent Requirements 2010 APSYS - All rights reserved
Verification Process Model Parent Requirements Simulation Cases Development Simulation Procedures Verification Simulation Results action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status WHC DFS 38/39 raise confirmation flag 2010 APSYS - All rights reserved Merge Merge Status boolean boolean 1 Status
Verification Process Test: Same guidance than in DO-178B / ED-12B: – Compliance & Robustness with LLR – Compliance & Robustness with HLR 2010 APSYS - All rights reserved
Verification Process Test (classical) High Level Requirements Low Level Requirements Executable Object Code 2010 APSYS - All rights reserved
Verification Process Test (example #1) action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator Model HLR if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Low Level Requirements Executable Object Code 2010 APSYS - All rights reserved
Verification Process Test (example #2) High Level Requirements action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter Model LLR uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Executable Object Code 2010 APSYS - All rights reserved
Verification Process Test (example #3) action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter Model HLR LLR elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Executable Object Code 2010 APSYS - All rights reserved
Verification Process Test (example 3) Model Parent Requirements action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] uint16 From 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter Model HLR LLR else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Executable Object Code 2010 APSYS - All rights reserved
Verification Process Test (example 3) When model express both LLR and HLR, it is required to show: – Compliance & Robustness of EOC with Model – Compliance & Robustness of EOC with Model Parent Requirements (whatever the process that produced it) 2010 APSYS - All rights reserved
Verification Process Model Coverage Analysis: Detect unintended functions in a model Model Parents Requirements action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter else { } Conf Status Merge boolean 1 Status Unintended function Merge Status boolean WHC DFS 38/39 raise confirmation flag Executable 2010 APSYS - All rights reserved
Verification Process Simulation & Test: Some testing objectives can be achieved by a combination of simulation and other traditional means. HW/SW Integration test objectives cannot be achieved by simulation. 2010 APSYS - All rights reserved
Tools Code Verification & Validation Code Coverage Model Parent Requirements Model Conformance Model Standards action boolean 1 u1 if(u1 0) Test Model Coverage action enable elseif(u2 1) uint16 2 nb ticks if { } boolean boolean Conf Status action u2 uint16 else Relational Operator If Counter Merge reset counter uint16 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean Merge increment counter Trace Tool else { } Conf Status boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Code Conformance Code Inspector Source Code Trace Tool 2010 APSYS - All rights reserved Executable Object Code Code Verification & Validation Code Coverage
Conclusion 2010 APSYS - All rights reserved
Highlights Concept #4 Model Parent Requirements Model Standards action boolean 1 u1 if(u1 0) action enable elseif(u2 1) uint16 2 nb ticks Relational Operator if { } boolean boolean Conf Status action u2 uint16 else If Counter Merge reset counter uint16 Concept #5 [counter] Goto Merge Counter elseif { } [counter] From uint16 1/z Counter uint16 uint16 counter N 1 Conf Status Unit Delay boolean increment counter Concept #3 else { } Conf Status Merge boolean 1 Status Merge Status boolean WHC DFS 38/39 raise confirmation flag Concept #1 #2 Source Code Concept #6 2010 APSYS - All rights reserved Executable Object Code
Conclusion In the continuity of existing rules Consistent with current practices Try to anticipate future trends 2010 APSYS - All rights reserved
Thank you for your attention! The reproduction, distribution and utilization of this document as well as the communication of its contents to others without express authorization is prohibited. Offenders will be held liable for the payment of damages. All rights reserved in the event of the grant of a patent, utility model or design. Title 2010 APSYS - All rights reserved Date 35
DO - 178C / ED - 12C Model Based Supplement Author: pierre.lionne Subject: Adopting Model-Based Design within Aerospace and Defense Symposium \(Nov 2011\) Pierre Lionne, APSYS Created Date: 5/10/2016 9:13:43 AM
DO-178C overview continued supplements that may be used in conjunction with the DO-178C. These supplements are used to avoid the need to update or expand the text inside the main DO-178C document. For example, the software tool qualification has been deleted in the main DO-178C and has been replaced with Section DO-330. In
OEM 12c Upgrade - Two System (Different Hardware) em.cisco.com. OEM DB. 10g RAC. 10g repository. Targets 10g. Targets 12c. em12c.cisco.com. OEM DB. 11g RAC. 12c repository. Deploy 12c agents. Clone and upgrade repository DB to 11g. Install 12c OMS & upgrade EM repository to 12c. Start 12c OMS & Deferred Data Migration Job. Incremental .
Oracle SOA Suite 12c Oracle Cloud Control 12c Oracle OSB 12c y Consulting Architecture Analysis and Development Testing and Production Support Infrastructure and Tuning Application Maintenance Technology Oracle BPM 12c Oracle SOA 12c OAG 12c OER 12c Oracle Virtual Directory Oracle Identity Manager
Harshita Mruthinti Kamath 04C 14G, Hindu Nabil Ahmed Jaffar 12C, Islamic Ariel Wolpe 12C, Jewish Alma Mater Jacob Light 12C Rashon Murrill 10OX 12C Collin Shepard 14C Benjamin Sperling 12C Michael Tseng 12C Recessional Atlanta Symphony Brass Quintet Guests are asked to plea
subgroup during the DO-178C/ED-12C project. He was also a member of the EUROCAE/RTCA group that produced DO-248B/ED-94B, which provides supporting information for DO-178B/ED-12B. Mr. Pothon is based in Montpellier, France. Quentin Ochem Quentin Ochem is the Lead of Business Development and Technical
DO-178C. Some parts of the system are developed to design assurance level (DAL) B and other parts to DAL D. In many cases, the validation and verification requirements include rigorous testing and measurement of code coverage achieved during testing. DO-178C requires a suitable level of coverage. Recording test results and coverage are important
Welcome to your HP 12c Financial Calculator This booklet is intended to get you started quickly with the basic features of your 12c Financial Calculator. Use it for quick reference. For more detailed information about the 12c Financial Calculator, refer to the HP 12c Financial Calculator User’s Guide. Pages of the user’s guide are
Am I My Brother's Keeper? is a project by British artist Kate Daudy, who has transformed a large UNHCR tent; previously home to a Syrian refugee family in Jordan’s Za’atari camp into a participatory art installation focussing on the concepts of home and identity. During the year and a half she spent researching the project, Daudy visited refugee camps in Jordan. There and across Europe and .
