Certifiable Software for the ATN

Download Report

Transcript Certifiable Software for the ATN

Level C CMU using Reusable ATN
Software
Example considerations from re-use of the ATNSI RRI
23 September 2003
1
Key RSC Considerations for
Reuse Planning
Definition of Requirements produced by the project


High and Low Level (for Level C) Software Requirements
How to tie integrator system to these requirements
Traceability of requirements/test within RSC
Tools Used and Qualified (if done so)
Software Lifecycle Documentation (or availability to Certification
Authorities)
Portable Test Procedures
Complete Description of External Interfaces
Information for Porting the RSC
23 September 2003
2
Requirements

ATNSI RRI High Level Requirements



ATNSI RRI Low Level Requirements


Software Requirements from ATNSI FRS, 9705 SARPS, ATNSI PICS
Performance Requirements
Software Design Document
Traceability



From High to Low Level Requirements
From Low Level Requirements to Code
From Low Level Requirements to Test Cases
A priori RSC system requirements are unknown unless
the operating system and host architecture are assumed
23 September 2003
3
Planning For RSC Use
CMU Development Plans
SDP
SDP
PSAC
PSAC
SCMP
SQAP
SCMP
SVP
SQAP
SVP
RSC Development Plans
Relationship of CMU to RSC Plans must be shown
23 September 2003
4
Tying an RSC into the CMU
CMU System Requirements
CMU ATN STACK Requirements
Other CMU
Requirements
CMU SRS
ATNSI FRS 9705 SARPS ATNSI PICS
RRI SwRS
RRI SDD
RRI Low Level Tests
23 September 2003
RRI Code
5
Porting
•RSCs must have well-defined interfaces
- validation of all inputs at the boundaries are required depending
upon placement of partitions
- timing requirements for I/O signals must be enforced by the system
• RSC tests are ported and rerun on the system
DSI
ULS
TPS
LMI
L
M
S
CLNP
IDRP
SNDCF
S
E
S
System Environment Exchange
(SEE)
PLP
DLPI
23 September 2003
6
ATN Application
Crew Interface
Fault
Handler
CM
CPDLC
CM ASE
CPDLC ASE
ULS
ACI Developed
TPS
ATN
Stack
Startup
L
M
S
CLNP
IDRP
S
E
S
SNDCF
PLP
SN-SME
VME
AVLC
23 September 2003
7
Level C ATN Development
for CMU
Honeywell plans to partition CPDLC + ATN Stack away
from the ACARS implementation
Honeywell Functional Hazard Assessment not yet
complete

ED 120 is not yet published, important information in Annex A
HMI Requirements which address issues from hazard
assessment are to be worked with the customer
Not needed until 2007, but beginning work now
23 September 2003
8
Level C Certification
- Best Case Partition
Crew Interface
Level C
Fault Handler
CM
CPDLC
CM ASE
CPDLC ASE
Existing
ULS
ACARS
TPS + TP4
ATN
Stack
Startup
L
M
S
CLNP
IDRP
S
E
S
SNDCF
PLP
SN-SME
VME
AVLC
Williamsburg v3
23 September 2003
9
Level C Certification
- Next Most Likely Partitioning
Crew Interface
Level C
Fault Handler
CM
CPDLC
CM ASE
CPDLC ASE
Existing
ULS
ACARS
TPS + TP4
ATN
Stack
Startup
L
M
S
CLNP
IDRP
S
E
S
SNDCF
PLP
SN-SME
VME
AVLC
Williamsburg v3
23 September 2003
10
CMU ATN Status
CMU Development in progress




VME/AVLC layers formal code complete
SN-SME requirements written
RRI ABIS Stack being ported to the CMU operating system
This will be the 6th Port of the RRI
Reviewing HMI and safety requirements
CMF function in Mark III (ACARS + ATN) will be ported



CMU Mark II
EPIC
VIA
23 September 2003
11