Software Quality Assurance for
Embedded SystemsEmbedded SystemsRajiv Bhargava
Associate Director (SQA), NPCIL
Presentation on 29 October 2009 at SACET-09, VECC, Kolkata, ,
29 October 2009 VECC 1
Embedded SystemsEmbedded Systems
• Electronic programmable sub-systems
functionally integrated in a larger systemfunctionally integrated in a larger system
• May not be apparent to the user
• Should be safe, reliable, self-checking, low /
no maintenanceno maintenance
29 October 2009 VECC 2
Embedded Systems Embedded Systems -- ExamplesExamples
Aviation – flight control
Automobiles – suspension braking steeringAutomobiles suspension, braking, steering
Railways - signaling
M di l di i h iMedical – diagnostic, therapeutic
Defense – control & guidance
NPP – protection & control
29 October 2009 VECC 3
Safety ClassificationSafety Classification
Railway Control EN50128(*) SIL 4 to SIL0
Automobiles MISRA (*) SIL 4 to SIL0
Aviation (civil) RTCA-DO 178-B Cat A to Cat E
Aerospace ESA None
Medical PEMS IEC 601 1 4 Catastrophic/ critical/Medical-PEMS IEC 601-1-4 Catastrophic/ critical/ marginal/ negligible
Defense DoD2187/DoD882B Cat I to cat V
Nuclear IEC 1226 IA / IB/ IC
29 October 2009 VECC 4
Life Cycle ProcessesLife Cycle Processes
Development of requirements
Allocation of requirementsq
Realization of System
Development processp p
Support Processes– Planning
– QA (HQA/SQA)
– Configuration Management
– Verification and ValidationVerification and Validation
29 October 2009 VECC 5
Quality ObjectivesQuality Objectives
• Completeness
• Correctness• Correctness
• Safety
• Reliability
• Operability
• Maintainability
• Upgradability• Upgradability
29 October 2009 VECC 6
The CBS Life CycleThe CBS Life Cycle
•Requirements Definition
/ l•Procurement/Development
•Deployment
Types of CBS
•Custom Built•Custom Built
•Commercial Off The Shelf (COTS)
P D l d S•Pre-Developed Systems
29 October 2009 VECC 7
Verification:Verification:
The process of determining whether or not theThe process of determining whether or not theproduct of each phase of Computer based System(CBS) development process fulfils all therequirements imposed by the previous phase (IEC880)
29 October 2009 VECC 8
Validation:
The test and evaluation of the integrated Computer based System (hardware and software) to ensure compliance with the functional, performance and interface requirements (IEC 880).
Independent V&V:Independent V&V:
V&V carried out by an Independent agency.
29 October 2009 VECC 9
Why IV&V?Why IV&V?
Ensure dependability of CBSs– Completeness (Functionality/Performance)
– Freedom from defects
– Robustness
– Safety
– Reliability
Operability– Operability
– Maintainability
Provide support for Safety Case (as necessary)
29 October 2009 VECC 10
Provide support for Safety Case (as necessary)
Role of IV&V in NPCILRole of IV&V in NPCILRole of IV&V in NPCILRole of IV&V in NPCIL
NPCIL’s internal processA li bl CBS d i i l fApplicable to CBSs and critical softwareInitially applied to safety and safety related systems for new projectsBeing applied to replacement systemsBeing used for assessment of CBSs in older plants during periodic safety reviewSpecific IV&V reports used as part of safety case submissions to AERB for regulatory clearancesIV&V procedures being developed for critical software, p g p ,initial applications in OSPI, DMS and CFD softwareOnly IV&V for Custom-Built CBSs being discussed here
29 October 2009 VECC 11
The IV&V Process for CBSsThe IV&V Process for CBSsThe IV&V Process for CBSsThe IV&V Process for CBSs
Different procedures for– Custom-Built Systems– COTS systems– Pre-Developed Systems (PDS)
Includes verification of design documents starting from System Requirements to User Documentation and review of test reports at various levels of integrationp gIncludes multi-stage validationEnvisaged as concurrent activity with design, development manufacture and deploymentdevelopment, manufacture and deploymentAERB-SG-D-25 compliant, accepted by AERB
29 October 2009 VECC 12
Projects/Stations covered till nowProjects/Stations covered till now
TAPS-3&4 – All systems
KG-3&4/RAPP-5&6 – Safety related systemsy y
KG-1&2/RAPS-3&4 – SR systems
KKNPP-1&2 – SR systemsy
TAPS-1&2 EMTR
KAPS-1&2 EMTRKAPS 1&2 EMTR
RAPS-3 COIS
NAPS- three systems
29 October 2009 VECC 13
NAPS- three systems
Design Basis Report
S i (S )Verification
Verification
System Requirements (SR)
System Architectural Design (SAD)Verification
Verification
Hardware Requirements
Hardware Design
Software Requirements
Software Design
Verification VerificationHardware Design
Hardware Implementation
Software Design
Software Implementation
VerificationVerification
System Validation (L/F)
System Integration
System Commissioning
S t O ti
System Validation (S)Custom Built CBS Life Cycle
29 October 2009 VECC 14
System OperationCBS Life Cycle
System OperationCustom Built CBS Life Cycle
Design Basis Report System Commissioning
Validation at Site
System Operation(Software view)
Systems Requirements System Validation TestsVerification
Verification
Validation at Factory
System Architectural Design (SAD) System Integration Tests
Verification
Verification
Software Requirements Specification
Software Design Description Software Unit Tests
Software Integration TestsVerification
Software Design Description
Software Implementation
Software Unit Tests
Verification
29 October 2009 VECC 15
Plans
Project Management Plan (PMP)System Development Plan (SDP)Configuration Management Plan (CMP)Configuration Management Plan (CMP)Hardware Quality Assurance Plan (HQAP)Software Quality Assurance Plan (SQAP)H d V ifi ti & V lid ti Pl (HVVP)Hardware Verification & Validation Plan (HVVP)Software Verification & Validation Plan (SVVP)
Total: 7 documents on plans
29 October 2009 VECC 16
Design Documents
Design Basis Report (DBR) / Statement of Purpose (SOP)System Requirements (SR)System Requirements (SR)System Design Guidelines (SDG)System Architectural Design (SAD)System Integration and Test Procedure (SysITP)System Validation Procedure (SVP)Hardware Requirements Specification (HRS)Hardware Design Description (HDD)Hardware Integration and Test Procedure (HITP)Hardware Integration and Test Procedure (HITP)Software Requirements Specification (SRS)Software Design Description (SDD)Software Integration and Test Procedure (SITP)
i G id li ( G)Programming Guidelines (PG)Software Implementation (Source and Object Code)User Documentation (UD)System Build (SB)
29 October 2009 VECC 17
Sys e u d (S )Total: 16 documents on design
Reports
Hardware Unit Test Reports (HUTR)dw e U es epo s ( U )Hardware Integration & Test Report (HITR)Software Unit Test Reports (SUTR)Software Integration & Test Report (SITR)Software Integration & Test Report (SITR) System Integration & Test Report (SysITR)System Safety Analysis Report (SSAR) (IA/IB systems
l )only)Hardware Reliability Analysis (HRA) (IA/IB systems only)
Total: 7 (or 5) documents on reports
29 October 2009 VECC 18
The Review Procedure
Design Basis Report (DBR) (or SOP) is baseline documentConsists of following review stages:Consists of following review stages:
RequirementsSystem ArchitectureH d /S ft S ifi tiHardware/Software SpecificationHardware/Software Implementation System Integration System Validationy
The plans, guidelines, reports, System Build and User Documentation are reviewed for consistency and completeness.
All other documents are reviewed in addition for traceability andAll other documents are reviewed, in addition, for traceability and various traits.
The reviews for design documents are carried out as per checklists.
29 October 2009 VECC 19
Requirements Review
Documents submitted:Design Basis Report (DBR)System Requirements (SR) (with Traceability Matrix)
Activity:The major traits examined for SR are:
System’s RoleClarity, completeness, consistency and verifiability of functional requirementsAccuracy, resolution and response time for all outputsCompleteness of interface requirements Testability and self-supervision requirements Safety and security requirementsReliability and maintainability requirementsReliability and maintainability requirementsForward and backward Traceability with DBR
Baselined Documents:
29 October 2009 VECC 20
System Requirements (SR)
System Architecture Review
Documents submitted:System Design Guidelines (SDG)System Architecture Design (SAD)System Validation Procedure (SVP) (at Lab/Factory and at Site) System Integration and Test Procedure (SysITP)System Safety Analysis Report (SSAR)All Plans (PMP, SDP, CMP, HQAP, SQAP, HVVP and SVVP)All Plans (PMP, SDP, CMP, HQAP, SQAP, HVVP and SVVP)
Activity:All plans are reviewed for completeness and consistency.System Design Guidelines (SDG) are reviewed for applicability and consistency.Major traits reviewed for SAD:
Clarity, completeness and consistency of functional, performance, y, p y , p ,resource and interface (external and internal) requirements for each subsystem/package.Cohesion and coupling Conformance to SDG
29 October 2009 VECC 21
Traceability to SR
System Architecture Review(Contd.)
Major traits reviewed for System Integration and Test Procedure (SysITP):Clarity completeness and Traceability to SADClarity, completeness and Traceability to SAD
Major traits reviewed for System Validation Procedure (SVP):Testability of all features/functionsTest setup requirementsCompleteness, consistency and Traceability of test cases
S stem Safet Anal sis Report (SSAR) is re ie ed for completeness andSystem Safety Analysis Report (SSAR) is reviewed for completeness and consistency.
Baselined Documents:System Architecture Design (SAD)
29 October 2009 VECC 22
Hardware/Software Specifications Review
Documents submitted:Hardware Requirements Specification (HRS)S ft R i t S ifi ti (SRS)Software Requirements Specification (SRS)
Activity:
The major traits reviewed for HRS are:
Clarity, completeness and testability of functional requirements
Accuracy, response time and throughput
Consistency with other hardware and software requirementsConsistency with other hardware and software requirements
Traceability with SAD
29 October 2009 VECC 23
Hardware/Software Specs Review (Contd.)
The major traits reviewed for SRS are:
Clarity, completeness.consistency, error handling / recovery and safe outputsPrecision, accuracy and frequency of outputsA t l d d t itAccess control and data security Integrity checksConsistency with other hardware and software specificationsTraceabilty to SADTraceabilty to SAD
Baselined Documents:Hardware Requirements Specification (HRS)Hardware Requirements Specification (HRS)Software Requirements Specification (SRS)
29 October 2009 VECC 24
Hardware/Software Design Review
Documents submitted:Hardware Design Description (HDD)H d I t ti d T t P d (HITP)Hardware Integration and Test Procedure (HITP)Hardware Reliability Analysis (HRA)Programming Guidelines (PG)Software Design Description (SDD)g p ( )Software Integration and Test Procedure (SITP)
Activity:dHardware Design Review:
HDD is examined for completeness, consistency and traceability with respect to HRSHITP should cover procedure for progressive integration and testing of various modules/subsystems and tests for all functional and performance specification given in HRS. It should also include the test setupHRA is reviewed for completeness and consistency.
29 October 2009 VECC 25
Hardware/Software Design Review (Contd.)
Software Design Review:
The Programming Guidelines (PG) are reviewed for their applicability andThe Programming Guidelines (PG) are reviewed for their applicability and consistencyThe Software Design description (SDD) is reviewed for following traits:
d l iModularityCohesion and couplingNominal and maximal performance for each moduleError detection containment and recoveryError detection, containment and recoveryTraceability to SRS
Baselined Documents:Hardware Design Description (HDD)Software Design Description (SDD)
29 October 2009 VECC 26
Hardware/Software Implementation Review
Documents submitted:Hardware Unit Test Report (HUTR)H d I t ti d T t R t (HITR)Hardware Integration and Test Report (HITR)Software Unit Test Report (SUTR)Software Implementation (Source and Object Code)Software Integration and Test Report (SITR)g p ( )
Activity:
Hardware Implementation Review:
The HUTRs and HITR are reviewed for completeness and consistency
29 October 2009 VECC 27
Hardware/Software Implementation Review (Contd)(Contd)
Software Implementation Review:f p
The SUTRs and SITR are reviewed for completeness and consistency
The software source code is analyzed (through static analysis) to considerThe software source code is analyzed (through static analysis) to consider compliance to Programming Guidelines and complexity and other properties.
Code walkthrough is carried out to confirm compliance to ProgrammingG idelines and correct implementation of the design as stated in SDDGuidelines and correct implementation of the design as stated in SDD
Baselined Documents:Software Code (SC)
29 October 2009 VECC 28
System Integration Review
Documents submitted:
S i d (S )System Integration and Test Report (SysITR)System Build (SB)
Activity:Activity:
The SysITR and SB are reviewed for completeness and consistency
Baselined Documents:System Build (SB)
29 October 2009 VECC 29
System Validation
Documents submitted:
User Documentation (UD)
Activity:
UD is reviewed for completeness and consistencySystem is validated at Laboratory (using SVP) and IVVC issues System Validation report (SVR)p ( )System is validated at factory (using SVP for Factory and System Build) and IVVC issues System Validation report (SVR-F)System is validated at site (using SVP for Site and System Build) for correct assembly, connection to the plant and safe operation and IVVC issues System y p p yValidation Report (SVR-S)
Baselined Documents:User Documentation (UD)
29 October 2009 VECC 30
User Documentation (UD)
SummarySummary
Embedded systems need to be systematically engineered in accordance y y gwith established standards
Software Quality Assurance is essential forSoftware Quality Assurance is essential for ensuring dependability of embedded systemssystems
29 October 2009 VECC 31
THANK YOUTHANK YOU
29 October 2009 VECC 32