software development for safety critical systems
TRANSCRIPT
![Page 1: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/1.jpg)
Budapest University of Technology and EconomicsDepartment of Measurement and Information Systems
Software Development for Safety Critical Systems
Ákos Horváth
Dept. of Measurement and Information SystemsFault Tolerant Systems Research Group
FRENCH-HUNGARIAN WORKSHOP ON OUTER-SPACE
![Page 2: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/2.jpg)
2
How to avoid?
Safety Critical Software Development
![Page 3: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/3.jpg)
Specialities of safety critical systems Safety-critical systems
o Informal definition: Malfunction may cause injury of people Special solutions to achieve safe operation
o Design: Requirements, architecture, tools, …o Verification, validation, and independent assessmento Certification (by safety authorities)
Basis of certification: Standardso IEC 61508: Generic standard (for electrical, electronic or programmable
electronic systems)o DO178B/C: Software in airborne systems and equipmento EN50129: Railway (control systems)o EN50128: Railway (software)o ISO26262: Automotiveo Other sector-specific standards: Medical, process control, etc.
3
![Page 4: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/4.jpg)
4
History of avionics SW complexity
MIPS LOC Mbyte/10 Digital links0
50
100
150
200
250
300
350
400A-310 (1983)
A-320 (1988)
A-340 (1993)
Exponential Growth
Both A380 and B 787 have 100’s of millions LOC
Ref: Subra de Salafa and Paquier
![Page 5: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/5.jpg)
ARP-4754
Aeronautical Certification Bodies and Standards
5
ICAO
EASAEASA
EASANational Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
harmonize with regulations
adopt
accepted mean
define
![Page 6: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/6.jpg)
ARP-4754
Aeronautical Certification Bodies and Standards
6
ICAO
EASAEASA
EASANational Aviation
Authority
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
harmonize with regulations
adopt
accepted mean
define
International Civil Aviation Organization (1944)
European Aviation Safety Agency (2006)
![Page 7: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/7.jpg)
ARP-4754
Aeronautical Certification Bodies and Standards
7
ICAO
EASAEASA
EASANational Aviation
Authorities
EASA CS-25
ARP-4754
define
supervise
supervise
EASAEASAStandardization
Body
sarmonize with regulations
adopt
accepted mean
define
EASA CS 25.1309:The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that-1. Any catastrophic failure condition a) is extremely improbable; and b) does not result from a single failure; and2. Any hazardous failure condition is extremely remote; and3. Any major failure condition is remote.
![Page 8: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/8.jpg)
8
Aeronautical System Certification
![Page 9: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/9.jpg)
9
Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis
Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)
![Page 10: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/10.jpg)
10
Aeronautical System CertificationMethodologies for safety assessment processes are guidelinesE.g., fault tree analysis, common cause analysis
Certififcation aspects of complex aircraft system cannot be shown by test only.Design Assurance Level (DAL)
![Page 11: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/11.jpg)
11
Aeronautical System Certification
Provide guidelines for production of software for airborne systems.Objectives, activities and evidences
Certififcation aspects of hardware elements from concept to airworthy equipment development
![Page 12: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/12.jpg)
12
Aeronautical System Certification
![Page 13: Software Development for Safety Critical Systems](https://reader035.vdocument.in/reader035/viewer/2022070509/58a3be541a28ab62218b6377/html5/thumbnails/13.jpg)
13
Future and Related Fields
Automotive industryo Drive-by-wireo Automated parking/drivingo No strict authorities for SW
certification• EU pushing for standards• Safety related issues
UAVo In the same civil airspaceo Needs to take into
consideration the environment o Equipment can fail
Space and Satelliteo Uses avionics conceptso Similar certification processes by ESAo How advanced concepts will
appear?
Avionicso Modern development methods (DO-
178C annexes, 2013)o MDE, OO languages, formal methods,
tool certificationo Flightpath 2050
o Passengers/year from 2.5bn to 16bn
o 31000 new aircrafts