Live Traceability for Airborne Systems Development
Airborne systems are incorporating more cutting-edge technology and becoming more complex with advanced embedded computing technologies, electric propulsion systems, sensors and data, and airframes. A major percentage of this complexity is handled at the software level. Any error in the avionics software of safety-critical airborne electronics could be catastrophic to the aircraft, its occupants, or persons on the ground.
Airborne systems development requires developers to adhere to the most rigorous safety standards in the world. These extremely rigorous, plan-driven, development processes are unimaginable to developers who have not done it before. Certification is expensive. Delays in certification due to lack of evidence of following mandated guidelines could spell the demise of a new startup. Mistakes in design and development could cost lives. Manual documentation or the use of legacy tools introduce risk. Achieving certification for safety-critical airborne software is costly and time consuming. Once certification is achieved, the deployed software cannot be modified without recertification.
Airborne certification bodies such as the Federal Aviation Agency (FAA) and European Aviation Safety Agency (EASA) recognize international standards as “acceptable means, but not the only means, for showing compliance with the applicable airworthiness regulations for the software aspects of airborne systems and equipment certification.” The most common standards that are followed for airborne systems as a means of compliance are: RTC DO-178C (also published in Europe as EUROCAE ED-12C), DO-254 (also published in Europe as EUROCAE ED-80), and SAE 4754A (also published in Europe as EUROCAE ED-79) standards for Airborne systems.
Related Reading: Better Product Development: Five Tips to Achieve Live Traceability
Demonstration of traceability is fundamental to each of these standards as the evidence mechanism to demonstrate that safe design practices were followed. Jama Connect provides an efficient way to capture traceability in a “Live” manner as artifacts (requirements, tests, risks etc…) are being created. Manual document methods and legacy tools will require engineers to create the trace relationships after the development has been done. This could introduce risk as well as lengthen development times.
Traceability models assist users to create consistent traces between data, then query that data, and provide consistent trace nomenclature between different tools in the ecosystem. The standards are where to begin when defining a traceability model for airborne systems. For example, ARP4754A/ED-79 describes the identification of requirements at the aircraft level, system level, and at an item design level. These requirements interact and are “traced” to various safety related data as well as verification tests. In Jama Connect data artifacts called item types are defined to capture this data and a relationship ruleset is put in place to govern the traces and provide the facility to analyze and report on the traces.
In Jama Connect data artifacts called item types are defined to capture this data and a relationship model is put in place to govern the traces and provide the facility to analyze and report on the traces. In the figure below the relationship model that Jama Connect automatically draws for you, the item types are: Function, Failure Analysis, System Architecture, System Requirement etc. The traces relationships are depicted as the lines between the items types.
The airborne systems software standard DO-178C/ED-12C requires a “documented connection” (called a trace) between the certification artifacts. In the figure below from DO-178C, users must document traces between system requirements and high level software requirements (HLR). HLRs must be traced to software low level requirements (LLR) as well as test cases and software architecture. LLRs must be traced to test cases and source code.
For example, a Low Level Requirement (LLR) traces up to a High Level Requirement (HLR). A traceability analysis is then used to ensure that each requirement is fulfilled by the source code, that each requirement is tested, that each line of source code has a purpose (is connected to a requirement), and so forth. Traceability ensures the system is complete. The rigor and detail of the certification artifacts is related to the software level.
DO-178 mandates requirements-based testing. Each requirement must have associated tests exercising both normal processing and error handling, to demonstrate that the requirement is met and that the invalid inputs are properly handled. The testing is focused on what the system is supposed to do, not the overall functionality of each module. In figure X the Jama Connect traceability model demonstrates this end to end traces from aircraft functions, to system level, and lower level software as well as the verifications covered in all of the standards
In addition to requirements to test coverage demonstration, the airborne systems standards call for bi-directional traceability between code and requirements. The source code must also be completely covered by the requirements-based tests. “Dead code” (code that is not executed by tests and does not correspond to a requirement) is not permitted. Jama Connect’s Live Traceability allows for connections to other tools in the ecosystem that engineers are using to perform these activities such as testing tools such as LDRA Tool Suite and SW configuration management tools such as Git. The LDRA tool suite is a flexible platform for producing safety, security, and mission-critical software in an accelerated, cost effective and requirements driven process. The tool suite’s open and extensible architecture integrates software life-cycle traceability, static and dynamic analysis, unit test and system-level testing on virtually any host or target platform. Finding the dead code using LDRA makes this an easy task. The figure below describes an example of a best of breed tool ecosystem facilitated by Live Traceability.
Jama Connect’s Live Traceability supports capabilities to both continuously sync data between tools in the ecosystem or display the live linked data within the UI. Organizations may require one or both use cases to support their digital transformation efforts. Tools like Syndeia from Intercax can easily make use of Jama’s Live Traceability to perform synchronizations as well as provide services to author, query, visualize, and curate open digital threads.
Live Traceability performs a crucial role when it comes to review. DO –178 calls for, and is required for the higher DAL levels, what is called “transition criteria.” Essentially this means that reviews of the traceability itself must be demonstrated. Jama’s Review Center streamlines this by displaying the up and downstream traces right in the context of the review.
Airborne systems have far more onerous governance and compliance hurdles than other industries such as automotive, finance, or medical. The standards require evidence that traceability evaluations were performed. Traceability evaluations must also be independently assessed by four successive levels of traceability assessments: 1) engineering author, 2) an independent engineering reviewer, 3) a software quality assurance auditor, and lastly, 4) a certification liaison reviewer from FAA or EASA.
Related Reading: [Webinar Recap] Lessons Learned for Reducing Risk in Product Development
At the end of the day, Airborne Systems developers must provide evidence of compliance to the certifiers. Live Traceability provides the ability, for the first time, to manage by exception the end-to-end airborne design assurance process across all engineering disciplines. The traceability model defines required data traces called for by the standards that can be compared to actual activity to generate exceptions. These exceptions are the early warning indicators of issues that most often lead to delays, cost overruns, rework, defects, and certification deficiencies.
The benefits of using Live Traceability in airborne systems development within Jama Connect and across a tool ecosystem are as follows:
- Proves Airborne Systems compliance articulated in the industry standards in real time without the need to create traces after the fact and enhances the visibility that the defined process is being followed.
- Provides simplified project estimates, reduces the risk of delays, cost overruns, rework, defects, and recalls with early detection of issues through exception management, and saves 40 to 110 times the cost of issues identified late in the process.
- No disruption to engineering teams that continue working in their chosen best-of-breed tools with no need to change tools, fields, values, or processes.
- Increase productivity and satisfaction of engineers with the confidence that they are always working on the latest version, reflective of all changes and comments.