simplify software development for functional...
TRANSCRIPT
© 2015 LDRA and Texas Instruments - CONFIDENTIAL and PROPRIETARY Slide 1
Simplify Software Development for Functional Safety Applications
Jay Thomas, Technical Development Manager, LDRA Siddharth Deshpande, Senior Software Engineer,
Texas Instruments
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Agenda
• Introduction to Functional Safety Software Development
• Elements of Risk Management
• System Partition Principles
• Introduction to SafeTI™ CSP • CSP Execution Process
• How this fits into the broader themes of Safety
Software?
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
What could go wrong?
How big
would the impact be?
3
Step 1: Risk Assessment
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Introduction to Functional Safety
• What makes systems safe? • What makes software safe?
4
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Functional Safety in Different Domains
IEC 61511 (First published 2003)
ISO 26262 (Published 2011)
IEC 62304 (First published 2006)
IEC 61513 (First published 2001)
EN 50128 (First published 2001)
DO-178B (First published 1992) / DO-178C
IEC 61508 (First published 1998, Updated 2010)
Avionics
Industrial
Railway
Nuclear
Automotive
Medical
Process
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Risk Management Throughout Lifecycle
6
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Cost*
Deployment Test Development Requirements & Design
Preferred Trend
Analysis
*Cost to Repair Software, Cost of Lost Opportunities, Cost of Lost Customers
Typical Trend
Analysis
Test Early and Often!
Risk Management in the Lifecycle
7
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Level E to Level A
SIL Level 0 to SIL Level 4
Class A to Class C
ASIL A to ASIL D
SIL Level 1 to 4
Safety Integrity Levels – How Safe?
IEC 61508 (Industrial)
ISO 26262 (Automotive)
IEC 62304 (Medical)
EN 50128 (Railway)
DO-178B / DO-178C (Avionics)
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Verification Activities
9
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Software System Partitioning
• Safety Classification Principles: - No adverse side effects
caused by X and W - No hazard contributing
effect by X and W - Z include all software
system contributions to hazards
- Software system inherits “worst” safety class.
Software System/ Software item
(Class C)
Software item Y
(Class C)
Software item Z
(Class C)
Software item X
(Class A)
Software item W
(Class B)
10
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Foundation for Safe Software
SafeTI™ Compliance Support Packages Available
10100011100010001000111011000100001110101000010010101 101001010100001110110100100110010110 1000101010010100101
Customer Application
Application Libraries
M a t h D S P F l a s h
SAFETY RTOS or AUTOSAR RTE
CAN FlexRay Ethernet USB
SafeTI™ Software Development Process Certified by TUEV NORD meeting ISO26262 and IEC61508 requirements
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
HALCoGen: Hardware Abstraction Layer Code Generator
HALCoGen Features
• User Input on High Abstraction Level
• Generates C Source Code for Hercules™ MCU
• Peripheral Drivers
• Device Initialization
• Native support for CCS, ARM, IAR and GHS IDEs
• Interactive Help System with example code
SafeTI™ HALCoGen Compliance Support Package: www.ti.com/tool/safeti-halcogen-csp
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
SafeTI™ Diagnostic Library
Application layer
Exception &
Error Handler
Initialization & startup diagnostics Periodic diagnostics
I/O diagnostics Internal/external watch dog
RTO
S
SafeTI™ Diagnostic Library
Hardware Abstraction Layer (HALCoGen)
SafeTI™ Hercules Diagnostic Library Compliance Support Package www.ti.com/tool/safeti-hercules-diag-lib-csp
Functions map directly to the
Hercules Safety Manual
Device Partition Unique Identifier Safety Feature or Diagnostic API Name
Cortex-R4F CPU
CPU1 Lockstep compare SL_SelfTest_CCMR4F
CPU2A Boot time execution of LBIST STC SL_SelfTest_STC
CPU2B Periodic execution of LBIST STC SL_SelfTest_STC
CPU7 Software readback of written configuration SL_Read_Compare
Error Signaling
ESM1 Periodic software readback of static configuration registers
SL_Read_Compare
ESM3 Use of status shadow registers SL_Init_ResetReason_XInfo
ESM4 Software readback of written configuration SL_Read_Compare
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Systemarray
System…
E/EComponents
Sensor
Hardware
HardwareComponents
HardwareParts
Software
SoftwareComponents
SoftwareUnits
Controller
Hardware
HardwareComponents
Software
SoftwareComponents
SoftwareUnits
Actuater
Hardware
HardwareComponents
HardwareParts
Software
SoftwareComponents
SoftwareUnits
Communication Other technologyComponents
Item
Element
HardwareParts
Compliance Support Package
Test Reports
Test Automation
Unit
Requirements &
Design CSP
• Test Automation Unit (TAU) • Allows customers to execute test cases
based on their configuration
• Software Safety Requirements Specification
• Software Architecture Document • Software Safety Manual
• Detailed Static Analysis Report
• Detailed Dynamic Analysis Report
• Test Results report
• Traceability Matrix
• Software User Guide
• Software release Notes
• Datasheet with performance details
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
15
ISO 26262 and IEC61508 Standards TI Work Products
ISO 26262 Clause IEC 61508 Clause ISO 26262 Work products IEC61508 Work products CSP Artifact
6 Specification of software safety requirements
7.2.2 Software safety requirements specification
6.5.1 Software safety requirements specification
Software safety requirements specification
Software Safety Requirements Specification
Bi-Directional Traceability Forward and Backward Traceability at all stages
Verification Reports Forward and backward traceability
Traceability matrix
7 Software architectural design 7.4.3 Requirements for SW Architecture Design development
7.5.1 Software architectural design specification
software architecture design;
Software Architecture Document
9 Software unit testing 7.4.5 Detailed design and development (individual software module design):
9.5.3 Software verification report (refined)
SW Module Test Report Test Results Report, Detailed Static analysis and Dynamic analysis report
10 Software integration and testing
7.4.8 Software integration testing:
10.5.3 Embedded software verified and tested integrated programmable electronics
SW User Guide, Software Safety Manual, Data sheet
11 Verification of software safety requirements
7.7.2 Software aspects of system safety validation
11.5.3 Software verification report (refined)
software safety validation results; validated software
Test Results Report
7.4.9- Safety Manual Safety Manual Software Safety Manual
CSP Work Products
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
CSP Execution Process
Bidirectional Traceability
Traceability Matrix
Static Analysis & Quality Metrics
CSP Test Reports
CSP Execution Process
Structural Coverage Metrics & Regression Reports
Dynamic Analysis
Static Analysis
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Test Automation Unit - Overview
Generates Dynamic Coverage Analysis Report and Regression Reports Run Unit Tests with user specific
• HALCoGen Configuration • Compiler Selection • Build Options • Target Configurations
Customized test cases • Selectively run test cases
relevant to their configuration • Easily add or modify test cases
Test cases in excel format • Easy to review, add or modify
test cases
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Test Automation Unit Functional Blocks
Script Engine
TAU GUI
TCF
Test Case File with selected
test cases
Test case selection
LDRA Unit
HALCoGen drivers/ SafeTI™ Diagnostic
Library
Dynamic & Regression Reports
TAU
JTAG
Report
Target Hardware
Test Vectors
Excel Based Test
Database
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
TAU Demo
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Dynamic Coverage Reports Dynamic Coverage Summary
Dynamic Coverage Report for CRC driver
Regression report for DCC Unit Test
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Regression Report
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Static Analysis Report
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Traceability Matrix Report
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Conclusion
24
Software Safety Requirements Specification
SafeTI CSP Artifact
Software Architecture Document
Detailed Static
Analysis Report & HIS Quality Metrics
Detailed Dynamic Analysis Report &
Test Results Report
Software Safety
Manual
Traceability Matrix
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Conclusion
• Developing functional safety compliant software is challenging
• Risk management throughout the software life cycle is key
• Software system partitioning can be used to classify safety requirements
• Starting with a strong foundation can reduce risk to comply with functional safety requirements
• SafeTI CSPs and the LDRA Tool Suite can help simplify the development of functional safety software
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
Questions & Answers
© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY
For more information contact:
[email protected] [email protected]
www.ldra.com www.ti.com
Contact Information