SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B

Transcription

1 SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-78B LEVEL A & B

2 TABLE OF CONTENTS. INTRODUCTION..... PURPOSE..... RELATED DOCUMENTS..... GLOSSARY CONVENTIONS..... RELATION WITH OTHER PLANS MODIFICATION OF THIS PLAN.... VERIFICATION ORGANIZATION..... VERIFICATION ROLES..... INDEPENDENCE..... VERIFICATION STATUS REPORTING.... VERIFICATION ENVIRONMENT..... HARDWARE AND SOFTWARE ENVIRONMENT..... VERIFICATION TOOLS.... VERIFICATION METHODS OVERVIEW DO-78B TABLE A-: VERIFICATION OF OUTPUTS OF THE SOFTWARE DESIGN PROCESS DO-78B TABLE A-: VERIFICATION OF OUTPUTS OF THE SOFTWARE CODING AND INTEGRATION PROCESSES DO-78B TABLE A-6: VERIFICATION OF OUTPUTS OF THE INTEGRATION PROCESS DO-78B TABLE A-7: VERIFICATION OF VERIFICATION PROCESS RESULTS REVIEW AND ANALYSIS METHODS..... REVIEW AND ANALYSIS PROCEDURE..... INPUT DATA REVIEW..... PLANNING DATA REVIEW..... SOFTWARE REQUIREMENTS REVIEW & ANALYSIS..... SCADE GLOBAL ARCHITECTURE REVIEW AND ANALYSIS SCADE DESIGN REVIEW & ANALYSIS TEXTUAL LLRS REVIEW SCADE CODE GENERATION VERIFICATION MANUAL C CODE REVIEW AND ANALYSIS SOFTWARE BUILD VERIFICATION SOFTWARE TEST STRATEGY REVIEW TEST CASES AND PROCEDURES REVIEW AND ANALYSIS TEST RESULTS REVIEW AND ANALYSIS..... SCADE MODEL TEST COVERAGE ANALYSIS AND RESOLUTION..... SSKCG GENERATED C SUBSET - STRUCTURAL COVERAGE ANALYSIS AND RESOLUTION MANUAL C CODE - STRUCTURAL COVERAGE ANALYSIS AND RESOLUTION SCADE CODE - DATA AND CONTROL COUPLING ANALYSIS SCADE CODE / MANUAL C CODE - DATA AND CONTROL COUPLING ANALYSIS MANUAL C CODE DATA AND CONTROL COUPLING ANALYSIS TESTING METHODS COMBINED TESTING METHOD TESTING APPROACH TEST METHODS ORGANIZATION OF TEST DATA SCADE INTEGRATION TESTING SCADE DERIVED LLR TESTING SCADE CODE MANUAL C CODE SW INTEGRATION TESTS...

3 6.8. MANUAL C CODE LOW LEVEL TESTING SSKCG C SAMPLE LOW LEVEL TESTING TRANSITION CRITERIA TO VERIFICATION PROCESS ADDITIONAL CONSIDERATIONS FOR SOFTWARE VERICATION PARTITIONING CONSIDERATIONS COMPILER ASSUMPTIONS REVERIFICATION GUIDELINES PREVIOUSLY DEVELOPED SOFTWARE MULTIPLE VERSION DISSIMILAR SOFTWARE... 9 APPENDIX : COMPLIANCE WITH DO-78B APPENDIX : TECHNICAL CHECKLISTS... APPENDIX : TEMPLATE OF TEST SUMMARY REPORT... LIST OF FIGURES Figure : Plans Relationship... Figure : SCADE Testing Approach... Figure : Organization of Test Data... LIST OF TABLES Table : Test Levels... Table : Comparison of Bottom-Up and Top-Down Testing approaches...

4 . INTRODUCTION.. PURPOSE This document is the Software Verification Plan for the SCADE-based software <SCADE-SW> that shall be certified DO-78B Software Level A. It is a complement to the User Software Verification Plan ([U-SVP]) that describes the verification activities for software developed in Manual C. Hypothesis is made that a development with SCADE contains manual C code for imported operators. This document focuses on the specific verification activities required for a development with SCADE Suite and refers to [U-SVP] for verification activities of manual C code. Adaptation Note for Level B Replace Level A by Level B.. RELATED DOCUMENTS <<To be completed with FAA, EASA, other certification authority, or User standards.>>... Norms and Standards [DO-78B] Software Considerations in Airborne Systems and Equipment Certification DO-78B/ED-B RTCA/EUROCAE December 99 - Edition including amendment No of October 9th, 999 [DO-8B] Final report for clarification of DO-78B Software Considerations in Airborne Systems and Equipment Certification DO-8B, RTCA Inc October 00 [FAA 80.9] Software Approval Guidelines FAA Notice February CAST [CAST-] Guidelines for Approving Source Code to Object Code Traceability CAST- Position Paper December 00 [CAST-9] Clarification of Structural Coverage Analyses of Data Coupling and Control Coupling CAST-9 Position Paper January 00

5 . VERIFICATION METHODS OVERVIEW This section summarizes how the objectives of DO-78B tables A- to A-7 are satisfied. Verification methods are focused on SCADE design. For verification of manual development, refer to [U-SVP]. These activities are only highlighted in this document. Implementation of these methods is presented in the following sections... DO-78B TABLE A-: VERIFICATION OF OUTPUTS OF THE SOFTWARE DESIGN PROCESS N DO-78B Objective Ref Verification Method Verification Results A-- A-- A-- Low level requirements comply with high level requirements Low level requirements are accurate and consistent Low level requirements are compatible with target computer 6..a 6..b 6..c Review of SCADE LLRs from the SCADE Components Design Document (Simulation with SSMTC ) Refer to [U-SVP] SSKCG qualification + Analysis of SSKCG semantic checker results Refer to [U-SVP] SSKCG qualification + Analysis of complexity on SSKCG generated code metrics Review of SCADE LLRs Refer to [U-SVP] SCADE Design (Simulation Test Summary Report) Textual Low level Requirements SCADE Design Textual Low level Requirements SCADE Design Textual Low level Requirements Simulation test cases shall be HLR based and verified, and the test results shall be verified. 6

6 Appendix : Compliance with DO-78B. Section. item a Organization. b Independence. c () Verification methods Review methods, c () Verification methods Analysis methods, c () Verification methods Testing methods, 6 d Verification environment e Transition criteria 7 f Partitioning Considerations 8. g Compiler Assumptions 8. h Reverification Guidelines 8. i Previously developed software 8. j Multiple-version dissimilar software 8. Reference in this document 0

7 SCADE DESIGN VERIFICATION REPORT Project: Verifier: Verification Date: Report ID:. BASELINE IDENTIFICATION <<This section shall reference the baseline of documents and data that are examined, including the upstream documents and the process documents.>>. SCADE SUITE KCG SEMANTIC CHECK REPORT <<The confirmation that no warning or error is raised with SSKCG semantic checker ensures that (A--) (A--) (A--) are fully satisfied and (A--9) (A--) (A--) are partially satisfied.>>.. SCADE Suite KCG Semantic Check Results.. SCADE Suite KCG Semantic Check Results Evaluation N Model/Library Status Comment N. SCADE COMPONENTS ARCHITECTURE VERIFICATION REPORT Refer to SCADE_Global_Architecture_Verification_Report.docx. SCADE DIAGRAMS CATEGORIZATION VERIFICATION REPORT (A--, A--) <<The check of correct categorization of the SCADE diagrams is necessary before detailed review.>> N SCADE Diagram Category Category Correct Comment N SCADE_Design_Verification_Report.docx

8 . SCADE DESIGN RULES VERIFICATION REPORT (A--, A--) <<The granularity of the SCADE Item shall be adapted to the evaluated rule.>> N SCADE Item Rule Rule Rule Rule n Comment N 6. SCADE SUITE CVK BOUNDS (A--) VERIFICATION REPORT <<This checklist is used to ensure that the generated code, with specific options, is in the SSCVK bounds and then that it is compatible with target computer, subject the SSCVK is used to verify that the target C compiler correctly compiles the C subset generated by SSKCG. The following limits should be adapted if a variant of the standard CVK product is used>> Reference to C code generation options: Metric (C code level) Limit covered by SSCVK Limit to be verified? (Y/N) Verification Method Verification Status Comment N Structures Number of levels of nested structure or union definitions in a single structdeclaration-list Number of members in a single structure or union Data Structures 6 Y Manual 0 Y kcg_metrics.txt Arrays Number of dimensions for an array 0 Y kcg_metrics.txt Maximum size for a dimension 09 Y kcg_metrics.txt Enumeration Number of enumeration constants in a single enumeration Y kcg_metrics.txt Number of Case labels for a switch statement Number of nesting levels of compound statements (blocks), iteration control structures and selection control structures Control Structures Y kcg_metrics.txt Y kcg_metrics.txt Expressions Number of nesting levels of parenthesized expressions within a full expression Program Size 6 Y kcg_metrics.txt SCADE_Design_Verification_Report.docx

9 Identifiers Metric (C code level) Limit covered by SSCVK Limit to be verified? (Y/N) Verification Method Verification Status Comment N Number of external identifiers in one translation unit Number of identifiers with block scope declared in one block Number of macro identifiers simultaneously defined in one preprocessing translation unit 09 Y kcg_metrics.txt 07 Y kcg_metrics.txt 09 Y kcg_metrics.txt Functions Number of parameters in one function definition Y kcg_metrics.txt Number of arguments in one function call Y kcg_metrics.txt Preprocessing directives Number of nesting levels for #included files 6 Y Manual Misc. Number of characters in a logical source line 78 Y Manual 7. SCADE LLRS VERIFICATION REPORT Following SCADE LLRs list is complete Yes No. N LLR ID HLR ID LLR Author LLR Reviewer (A--) LLR Complies with HLR (A--) LLR compatible with target (A--6) LLR traceability to HLR Correct (A--7) Algorithms are accurate (numerical computation, complex decision) Comment N LLR HL, HLR SCADE_Design_Verification_Report.docx

10 8. HLR/LLR TRACEABILITY (A--6) VERIFICATION REPORT Following HLRs list is complete Yes No. N HLR ID LLR ID HLR fully covered by the LLRs Comment N 9. DERIVED REQUIREMENTS ANALYSIS (A--) Following derived LLRs list is complete Yes No. N Derived LLR ID No conflict with other LLRs No conflict with HLRs Justification for Derived LLR Comment N 0. COMMENTS N Comment PR Reference Status (Open/ Closed) SCADE_Design_Verification_Report.docx