The design of safety critical systems can be defined as

A safety–critical system or life-critical system is a
system whose failure or malfunction may
result in one (or more) of the following outcomes:
death or serious injury to people.
loss or severe damage to equipment/property.

The design of these systems places the highest burden on the team of engineers, knowing that their actions may directly impact another person’s life.  So what should an engineer do?

Process and standards

To help in the development of safety-critical software multiple standards documents have been developed

• DO-178C: Software Considerations in Airborne Systems and Equipment Certification
• ISO-26262: an international standard for functional safety of electrical and/or electronic systems in production automobiles
• IEC-61508: is a basic functional safety standard applicable to all kinds of industry. It defines functional safety as: “part of the overall safety relating to the EUC (Equipment Under Control) and the EUC control system which depends on the correct functioning of the E/E/PE safety-related systems, other technology safety-related systems and external risk reduction facilities.”

The standard documents are one part of what is required to implement a safety critical system.  The other part is a process that embodies the guidelines of the standard document.
In general, there are 4 parts of a standard guideline that must be addressed in the software development process

1. Validation of tool behavior
2. Creation and traceability of requirements
3. Compliance with software development best practices
4. Adherence to verification and validation processes

Tool validation

Tool validation consists of two steps

1. Develop and execute a validation plan to ensure the software tool (i.e., MATLAB and add on products) is working as anticipated and producing the right results. (Exhaustive testing at this stage isn’t expected.)
2. Validate and ensure your algorithm is working as you expect. Is it producing the right results based on your requirements?

There are essentially three main steps to creating a software tool validation plan

1. Create a tool validation plan: Identify risks, define contexts of use, and perform validation activities to reduce risk to an acceptable level. Typical items to document include hazard assessment, tool role in the development process, standard operating procedures, validation approaches, resources, and schedule.
2. Develop a validation protocol: This includes test cases, expected results, and assumptions.
3. Execute that validation protocol: Run test cases, and create a final tool validation report to document the validation activity.

Use of requirements

Creation of safety critical software starts with the development of testable requirements.  The development of the high-level requirements and derived requirements are then mapped onto the artifacts in the development process.

Once mapped the requirements to the artifacts they need to be analyzed for both coverage and correctness.  The correctness aspect is covered in the verification and validation step.

There are two types of coverage, requirements coverage and artifact coverage.  One hundred percent coverage should be achieved for both coverage types.

1. Requirements coverage: validation that every requirement is linked to an artifact in the system
2. Artifact coverage: The percentage of artifacts that have a requirement associated with them.  In this case, an “artifact” may be resolved down to a single line of code for some systems.

The final part of the requirements workflow is the tracing of requirements through the development cycle.  Tracing requirements is the process of mapping the requirement onto specific artifacts and validating the behavior of the requirements through each step of the development process.

Verification and validation

The V&V portion of the development process serves 3 ends.

1. Validation of the tools in use
2. Verification of requirements
3. Enforcement of development standards

Of the three tasks, the first two have been previously covered; so let’s look at the third, enforcement of development standards.  Software languages have coding standards, C and C++ have the MISRA-C standard while Simulink has the MAAB standard.    Validation tools can ensure that the code or models are in compliance with the standard.

Software development best practices

Like the development standards, there are existing documents of best practices for software development.  Selection of and adherence to such workflows are required for safety critical workflows.  The reference section of this blog includes some best practice workflows for MBD.