Check out more info at https://hashmi.ca
Challenges in Aviation Engineering
IBM Engineering platform for Aerospace/Defense
Engineering Lifecycle Management Solution for A&D capabilities
Deeper Dive: Accelerating Industry Compliance for Aerospace:
ARP4754 and DO178C
Summary and additional resources
1. IBM ELM for Aviation Compliance
Speed the delivery of smart air vehicles and systems
Imran Hashmi
Canadian AI Application
Leader
AI Applications – Engineering
Imran.Hashmi@ca.ibm.com
416-788-9101
https://hashmi.ca
3. Today’s smart products offer an increasingly feature rich functionality and
autonomous action dominated by software components…
• Need to deliver more function meeting same quality and schedule
• Meeting growing industry regulatory demands can be also time and resource
consumer
• Globalization drive competition requiring fast response for RFP/RFQs
• More effective supplier/integrator collaboration
• Business environment requires effective support of multi-variants programs
Watson / Presentation Title / Date
Today’s A&D Engineering Challenges
Complexity is rising!
Lines of code:
Mars Curiosity rover:
F22 Raptor
F-35 fighter jet:
:
0.5m
1.7m
24.7m
product engineering has to transform…
5. DO-178 B/C at 30,000 feet
DO-178B defines detailed guidelines for development of aviation software that performs intended
functions. The Federal Aviation Authority (FAA) accepts use of DO-178B/C as a means of
certifying Airborn software
DO-178B/C outlines the objectives to be met, the work activities to be performed for each
objective, and the evidence (output documents) to be supplied for each objective (based on
criticality level A-E)
Objectives are organized into process areas
– Planning, Development, Verification, Configuration Management, Quality Assurance
DO-178C has been introduced in 2012 to address challenges with DO178B.
– Clarification of DO178B
– Provide Guidance on how to use emerging technologies not referred by DO-178B, as a set of
appendixes
A.DO-330 - Tool Qualification
B.DO-331 - Model-Based Development and Verification
C.DO-332 - Object-Oriented Technology
D.DO-333 - Formal Methods
6. IBM ELM for SAE ARP-4754A (Sys. Dev. & Req.)
Aerospace Recommended Practice 4754a - development processes which support certification of Aircraft
systems.
- Air worthiness certification is a major
challenge and cost factor for A/C
manufacturers
- ARP 4754 ensures product quality and
safety
- acknowledged by the certification
authorities as an acceptable means of
compliance
- Recommends use of MBSE techniques
aligned with D0-178 C and DO-331
8. 8
Challenges in implementing DO-178
Typical
DO-178B
Project
Successful
DO-178B
Project
Technical
Project without
DO-178B
• Added 60% -
100% Cost
• Added 25% - 40%
Cost for Initial
Development
• Solid processes
• Experienced
Team
+25-
40%
+60 –
100%
Source: Avionics Certification – Vance Hilderman and Tony Baghai
(avionics publications)
Common issues
Inadequate formal plans or not following
them
Inadequate level of detail and process for
Requirements
Inadequate or non-automated Requirements
Mgmt and Traceability Mgmt
Improper Tool Qualification (too much or too
little)
Weak process and checklist management
9. IBM ELM for A&D
End to end engineering lifecycle management optimized with
AI
ELM enables a digital process for product
engineering
Higher velocity and agility with high quality
Support industry practices and regulations
Foster consistency and constant improvement
Support wide collaboration with suppliers and
enterprise
ELM for A&D specializes ELM with
Industry templates for standards compliance
DO178, ERP 4754a*
Reference implantation demonstrating 15288
lifecycle processes (“Aviary”)
10. ELM portfolio components
ETM
Test management
(RQM)
EWM
workflow management
(RTC)
Workflow Management
Requirements
Management
Systems Design
ESD
Rhapsody
Model Manager
Rhapsody
Rational Rhapsody
ERM
Rational DOORS Next
Generation
JRS
Jazz Reporting Service
EOP
Publishing Engine
ENI
Engineering Insights
(RELM)
Jazz Foundation
Dashboard
Test Management Cross Domain
DOORS
Rational DOORS EMC
Method Composer
RQA
Requirements Quality
Assistant
GCM
Global Configuration
Management
Integrated in
platform
11. IBM Engineering Lifecycle Management: transforming smart products engineering
11
Digital continuity
Enable cross discipline digital threads to
streamline impact of change analysis and
standards compliance
Early design verification
Verify at all stages of the product lifecycle
with model based engineering and digital
twins
Scaled agility
Effective agile engineering with digital
governance, real-time feedback, team
collaboration, and continuous delivery
Data and configuration
management
product line engineering
Reuse engineering data in parallel
development and product variants
Engineering insights with AI
Use AI and advanced analytics to improve
quality and support engineering decision
making
Efficiency
Correctness
12. ELM Tools Mapping to DO-178 B/C and DO-331
• Configuration Management Overarching Process
• Engineering Workflow Manager
• Reporting
• Jazz Reporting Services
• Reporting Engine
• Engineering Insights (RELM)
DNG
Rhapsody/RMM/TC
ETM
13. › DOORS Next Generation
• Requirements Change Request Process
• OEM/Supplier exchange via ReqIF
• Version management of requirements
› True Requirements Reuse
• Traceability across
› Requirements, Models, Code and Test
› Requirements managed as part of a global configuration
Requirements Management (ERM)
DO-178:- Use a proper requirements management
tool
• Manage Requirements &Traceability
• DNG template for DO-178
• DOORS and DNG qualified by TUV for DO-178
Requirement
s
Management
Capability
Analysis
System
V & V
Syste
m
Test
Operatio
nal test
System
Specification
Operations
and
Maintenance
Deploy
Component
test
Electrical /
Electronics
Design
Mechanical
Design
Lean Software
Engineering
Traceability and Impact Analysis
Across the and through the V
IBM
Engineering
Lifecycle
Management
Systems of
Systems
Operational
Analysis
System
Design
Component
Design
(HW/SW/Mech)
Implementation
14. Digital Traceability in DNG (Essential for DO178 and ARP 4754)
Software
Requirements
Validation Test CasesLinked System
Requirements Process
Gap
Traceability is the key to
compliance with DO-178 and ARP
4754
Initial requirements will be
decomposed, which creates traceability
relationships
Other relationships can also be traced
such as “consists of”, “verifies”, etc.
Traceability must be enforced in order
to ensure consistency and
completeness
Traceability from customer
requirements through product
development
to test and delivery enables
organizations to:
Know which requirements are
implemented and tested vs. those
which are not
Manage and defend against scope
creep
15. Develop fully executable models to verify the
correctness of your systems and software
User driven Panels drive simulation and
animation of
• Statemachines,
• Sequence diagrams
• Activity diagrams
Safety and Security profiles available
Provide patterns for testing for verification
Model Based Development - Rhapsody
DO-178
•Systems architecture
•Software design
•Software construction
•Safety Analysis
Capability
Analysis
System
V & V
Syste
m
Test
Operatio
nal test
System
Specification
Operations
and
Maintenance
Deploy
Component
test
Electrical /
Electronics
Design
Mechanical
Design
Lean Software
Engineering
Traceability and Impact Analysis
Across the and through the V
IBM
Engineering
Lifecycle
Management
Systems of
Systems
Operational
Analysis
System
Design
Component
Design
(HW/SW/Mech)
Implementation
Architecture
Management
20. › Engineering Test Manager (ETM)
• Test Plans linked to Requirements in DNG
• Test Specifications
• Captures test results
• Integrates with
• RTC, DNG, RMM, Test Conductor
• Third party tools
• NI Testand and Veristand
Testing and verification
DO-178
• A.6 Testing the output of integration
• A.7 Verification of Verification results
• TUV qualification kit
Test
Management
(V&V)
Capability
Analysis
System
V & V
Syste
m
Test
Operatio
nal test
System
Specification
Operations
and
Maintenance
Deploy
Component
test
Electrical /
Electronics
Design
Mechanical
Design
Lean Software
Engineering
Traceability and Impact Analysis
Across the and through the V
IBM
Engineering
Lifecycle
Management
Systems of
Systems
Operational
Analysis
System
Design
Component
Design
(HW/SW/Mech)
Implementation
21. 21
Know you are testing the right things
• Requirements tracking built into the test management tooling
• Customizable attributes enable you to track what is important to your team
ETM: Requirements driven testing
Make sure all requirements are tested! est
• Real-time impact analysis of requirements
changes
• Traceability of test results to user needs
Test
Management
(V&V)
Capability
Analysis
System
V & V
Syste
m
Test
Operatio
nal test
System
Specification
Operations
and
Maintenance
Deploy
Component
test
Electrical /
Electronics
Design
Mechanical
Design
Lean Software
Engineering
Traceability and Impact Analysis
Across the and through the V
IBM
Engineering
Lifecycle
Management
Systems of
Systems
Operational
Analysis
System
Design
Component
Design
(HW/SW/Mech)
Implementation
22. Planning, Tracking, Change and Configuration Management
• Engineering workflow Manager (EWM)
• Manage and plan tasks as part of an overall process
• Project overview via dashboards
• Manages work across:
• Requirements (ERM)
• Architecture (Rhapsody/RMM)
• Implementation
• Test (ETM)
• DO-178 and ARP 4754a
• Configuration Management
• Change Request Process
• CerTech TUV qualification
Change management
Configuration management
Planning and tracking
Test
Managem
(V&V)
Capability
Analysis
System
V & V
Syste
m
Test
Operatio
nal test
System
Specification
Operations
and
Maintenance
Deploy
Component
test
Electrical /
Electronics
Design
Mechanical
Design
Lean Software
Engineering
Traceability and Impact Analysis
Across the and through the V
IBM
Engineering
Lifecycle
Management
Systems of
Systems
Operational
Analysis
System
Design
Component
Design
(HW/SW/Mech)
Implementation
23. 23
ELM Base
Solution
Method
Templates
IBM ELM layered support for compliance
Business Need Solution Asset
features for efficiency and quality AI for Engineering
Insight into compliance status for assessments Reporting
Best practice example how to work with IBM ELM Sample project
Custom project setup tailored for compliance ELM tools Templates
Process definition and guidelines RMC Content
Capabilities to define, design, build, test and
complex products
IBM Engineering Lifecycle
Management
IBM Confidential. Subject to change without notice
Sample Data
Reports
AI Capabilities
Compliance Accelerators
25. DO-178 B/C required information model
• All SW design items need to be classified with
assurance levels (DAL)
• Higher DALs require increasingly increasing number
guidance compliance
Traceability model required by DO178 DALs
DO178 Design assurance levels
26. IBM ELM for DO-178 B/C Airborne SW development
guidelines
• Practices for DO-178 B and C, supplemented by
• DO 331 MDD
• DO 332 OOT
• Published Website
• ISDP 178 mapped to DO-178 B/C objectives
• Checklists to capture compliance
• Microsoft Word templates for process documentation, for
example PSAC
• Process Template
• Work item templates mapped to DO 178 B/C objectives
• DOORS template for DO-178B/C
• Rhapsody Safety analysis profile
• Safety relevant code generation
• MISRA C/C++ and OXF
28. DO-178C Lifecycle Data and Tooling
Abbreviation Document Title ELM Capability Section
PSAC Plan for Software Aspects of Certification ERM (DNG) – ref process template 11.1
SDP Software Development Plan EWM (based on RMC) 11.2
SVP Software Verification Plan Test Manager 11.3
SCMP Software Configuration Management Plan Method Composer, EWM 11.4
SQAP Software Quality Assurance Plan Method Composer, EWM 11.5
SRS Software Requirements Standards ERM 11.6
SDS Software Design Standards ERM (ESW modeling guidelines) 11.7
SCS Software Coding Standards ERM 11.8
SRD Software Requirements Data ERM 11.9
SDD Software Design Description Rhapsody 11.10
SC Source Code EWM 11.11
EOC Executable Object Code <Project compiler> 11.12
SVCP Software Verification Cases and Procedures ETM 11.13
SVR Software Verification Results ETM, 11.14
SECI Software Lifecycle Environment Configuration Index EWM 11.15
SCI Software Configuration Index EWM 11.16
PR Problem Reports EWM 11.17
SCMR Software Configuration Management Records EWM 11.18
SQAR Software Quality Assurance Records EWM 11.19
SAS Software Accomplishment Summary <Word processor> 11.20
29. Leveraging Model Based Engineering based on DO-331
DO331 Articulates the following benefits of MBE:
• Providing unambiguous expression of requirements and architecture.
• Supporting the use of automated code generation.
• Supporting the use of automated test generation.
• Supporting the use of analysis tools for verification of requirements and
architecture.
• Supporting the use of simulation for partial verification of requirements,
architecture, and/or Executable Object Code.”
30. Specification vs. design models
• A Specification Model represents high-level requirements that provide an abstract
representation of functional, performance, interface, or safety characteristics of
software components. The Specification Model should express these
characteristics unambiguously to support an understanding of the software
functionality. …Therefore, a Specification Model may express high-level
requirements but neither low-level requirements nor software architecture.
• A Design Model prescribes software component internal data structures, data
flow, and/or control flow. A Design Model includes low-level requirements and/or
architecture.
• A model cannot be classified as both a Specification Model and a Design Model
32. Model Based Safety Critical Development for DO-
178B/C
Create requirements based tests using Rhapsody TestConductor
and include the runtime framework supplied tests
HLR
LLR
Application Model
HLR
LLR/Design
Framework Model
Test Model
Framework
Test Suite
Trace
Full Trace
Trace
32
33. Model Based Safety Critical Development – Overall
Flow
A validation suite is available for Rhapsody TestConductor
Object Code
Source
Code
HLR
LLR/Design
Application Model
Runtime
Framework
HLR
LLR/Design
Framework Model
Test Model
Rhp TestConductor
Framework
Test Suite
Test results
Test
Coverage
Full TraceTrace
Full Trace
generate
compile
Test & Measure
Full Trace
TC Kit
Code to be certified
Trace
33
34. 34
IBM Rhapsody Reference workflow for 178
Rhapsody Reference Workflow for the development of safety-related software
– provides guidance on how to fulfill functional safety requirements with model-based
development methods and tools
– is based on best practices for safety-related projects
– addresses various workflow activities relevant for the development of safety-related software
with a special focus on verification and validation to develop safe software
34
Test Conductor
35. IBM Rhapsody Kit for DO-178B/C
3
• Overview: describes the content of the Rhapsody workflow qualification package
• Rhapsody Reference workflow : provides an exemplary workflow for modelling,
code generation and verification in safety critical
• TestConductor Workflow: describes testing activities and objectives
• TestConductor Safety Manual: provides additional information for using TC in
safety related development
• PSAC for SMXF
• SXF/SMXF frameworks
• SXF/SMXF validation suites
• TestConductor Validation Suite (optional)
36. Tool Qualification for DO-178B
Is Tool Qualification Necessary?
– Generally not. Ask these questions:
DO-178B
process
eliminated,
reduced or
automated?
Is output of
tool verified
per Section 6?
No Qualification Needed
N
Y
N
Can an Error
be Introduced
Y
Can an Error
be overlooked
Qualify as Dev.
Tool
Qualify as
Verification Tool
Y
Y
37. Tool Qualification for DO-178C
Is Tool Qualification Necessary?
– In many cases not. Ask these questions:
DO-178C process
eliminated,
reduced or
automated by the
tool?
Is output of
tool verified?
No Qualification Needed.
Describe the tool in the plans
N
Y
N
Y
Decide if “criteria 1,2 or 3 applies and
define TQL (sec 12.2)
Apply DO-330 objectives based on TQL
level identified above
39. IBM ELM for SAE ARP-4754A (Sys. Dev. & Req.)
Table Objective text Outputs IBM Solutions
2.1
Aircraft-level functions, functional requirement,
functional interfaces and assumptions are refined
*List of Aircraft level
functions
*Aircraft-level
Requirements
Requirements Management,
Model Based Systems
Engineering, Traceability
(DOORS/NG, Rhapsody,
Rhapsody Model Manager,
Rational Publishing Engine)
2.2Aircraft functions are allocated to systems System Requirements
2.3
System requirements, including assumptions and
system interfaces are defined. System Requirements
2.4
System derived requirements (including derived safety-related
requirements) are defined and rationale explained. System Requirements
2.5System architecture is defined. System Design Description
2.6System requirements are allocated to the items. Item Requirements
2.7
Appropriate item, system and aircraft integrations are
performed. Verification Summary
Aircraft and System Development Process and Requirements Capture
40. Mapping of tools to ARP 4754A
DOORS/DNG & RHAPSODY RHAPSODY
QUALITY MANAGER, TEST CONDUCTOR
AND RHAPSODY
41. ARP4754 Integral Process
5.1 Safety Assessment
5.2 Development Assurance Level
Assignments
5.3 Requirements Capture
5.4 Requirements Validation
5.5 Implementation Verification
5. 6 Configuration Management
5.7 Process Assurance
5.8 Certification & Regulation
Authority Coordination
- Core process for the
development at
- Aircraft
- System
- Subsystem
- HW/SW levels
Safety Analysis
Rhapsody (Dependability profile)
Medini Analyze
Systems Engineering
Requirements Management
Rhapsody, Test Conductor
Quality Management
Process
Management
CCM, Methods
Workflow
Management
Method Composer
43. Summary: ELM for Aviation Compliance
ELM Automates all the engineering practices recommended by Aviation
standards
ARP 4754
DO-178C/DO-331
ELM Implement maintains information model with all the necessary evidence
Traceability, verification,
Automate certifiable Embedded SW implementations compatible with
industry guidelines
DO-178B/C