Professional Documents
Culture Documents
Vmodel Slides
Vmodel Slides
• Systems engineering is
the interdisciplinary field
of engineering focusing
on how complex
engineering projects
should be designed and
managed over their life
cycles
• Quality attributes:
• usability, efficiency, reliability, maintainability, reusability
• different qualities can conflict
− increasing efficiency can reduce maintainability
− increasing usability can reduce efficiency
• Usability
• Users can learn it and fast and get their job done easily
• Efficiency
• It doesn’t waste resources such as CPU time and memory
• Reliability
• It does what it is required to do without failing
• Maintainability
• It can be easily changed
• Reusability
• Its parts can be used in other projects, so reprogramming
is not needed
9
What is Automotive Software Engineering?
• Process models:
• Capability Maturity Model Integration® (CMMI)
• Software Process Improvement and Capability Determination
(SPICE)
• V-Model
• Standards:
• IEC 61508 (Functional Safety standard)
• ISO26262 (Functional Safety standard)
• MISRA-C
• Waterfall model
• Agile software development
• Prototyping
• Incremental development
• Rapid application development
• V-model
Waterfall model
requirements engineering
V&V
design
V&V
implementation
V&V
testing
V&V
maintenance
V&V
• Waterfall model
• Document oriented
• Suited for (very) large projects (> 50 people)
• Too many design activities during coding and testing
• Comprehensive documentation
• ESA Life cycle:
• User Requirements • Software Project
Document Management Plan
• Software Requirements • Software Configuration
Document Management Plan
• Architectural Design • Software Validation and
Document Verification Plan
• Detailed Design Document • Software Quality
Assurance Plan
• Software Transfer Document
• Meeting minutes
• Project History Document
• Progress reports
• …
Feb 2009 17
Software development model
• See http://agilemanifesto.org/
• Agile methods
• Individuals and interactions are more important than
processes and tools
• Working software is more important than comprehensive
documents
• Customer collaboration is more important than contract
negotiation
• Responding to change is more important than following a
plan
• XP practices
• Co-location
• Self organizing teams
• Pair programming
• Collective code ownership
• Working software
• User stories
• Unit testing
• Continuous build and integration
• Customer collaboration
• Scrum: Prioritized backlog of user stories
• Must be accessible for questions
• Frequent delivery of working software
• Acceptance testing
• Agile methods
• No extensive architectural or design phase
• No energy spend on documentation
design design
implementation implementation
testing testing
maintenance
• Advantages of prototyping
• Resulting system is easier to use
• Resulting system has less features
• User needs are better accommodated
• Design is of higher quality
• Problems are detected earlier
• Resulting system is easier to maintain
• Development costs less effort
• Disadvantages of prototyping
• Resulting system has more features
• Design is of lower quality
• Performance of resulting system is worse
• Resulting system is harder to maintain
• Team members should be more experienced
• Prototyping
• Is useful in situations with unclear or ambiguous
requirements
• Is useful in when emphasis is on user interface
• Users and designers must be aware of pitfalls
• Must planned and controlled
• Incremental development
• Incremental development
• First focusing on essential features
• Additional functionality is only included if needed
• Resulting systems are leaner but provide sufficient
support to the user
V-model
• Implementation Phase
• This is the phase of the project during which the actual
physical work is performed.
• Construction of the equipment occurs during this
phase, as does the programming of the software.
• Note that the Implementation Phase is the “turning
point” of the V-model. At this point, all the tasks turn
from specification of what is supposed to happen to
verification of what actually happens.
• Very critical that any RFI and As-built information is
recorded and worked back into the detailed design
documents!
• Underlying principles
• Independence of methods and tools
• Independence of organizations
• Separation into “submodels”
• Orientation to activities and products
• Adaptability of the model
• Regulations on 3 levels
• Procedure (what)
• Allocation of methods (how)
• Functional tool requirements (what)
• Procedure
• What has to be done:
− Activities to be carried out
− Results that have to be
produced
− Content of the results
− Roles
• Lifecycle process
model
• Tailoring
• No important document is “forgotten”
• Tailoring relevant for tendering
− Selection of the necessary activities and products
− Deletion conditions
− The resulting subset of the Lifecycle is put together in the Project
Manual
• Technical Tailoring
− Adapting to conditions during the course of the project
• Software development
• SD1-System Req. analysis
− Description of the requirements of the system and its
environment,
− Risk Analysis, and
− User requirements
• SD2–System design
− Segmentation of the system into SW/HW
• SD3-SW/HW requirement analysis
− Detail Technical Requirements
• SD4-Preliminary SW design
− Structuring of the interfaces and interaction of SW components
• Software development
• SD5-Detailed SW design
− Description of functionality, Data administration and error
handling of SWC
• SD6-SW implementation
− Coding in chosen programming language
• SD7-SW integration
− Integration of modules
• SD8-System integration
− Integration of SW and HW components
• SD9-Transition to utilization
− Activities for Deployment into Production
SWD 1 SWD 9
System
Requirements Analysis System
System Requirements
and Design Integration
System Design
System Integration
Plan
Segment
DP Requirements SWD 2 SWD 8 Manual
DP Design
Information
DP Integration Plan DP DP Integration
Requirements Analysis
and Desgin
Program
SW Requirements
SWD 3 Documents
SWCI
Integration (SWCI)
SW Requirements
Analysis
SWD 7 SWCI
SW Inte-
gration
SWD 4 Program Documents
SW Architecture
(Component)
Interface Design
SWCI Integration Plan Preliminary Component
Design
Integration
Component
Data-Dictionary
SWD 5
SW Design Program Documents
Detailed (Module)
Design
Module
SWD 6
Implementation Legend:
Proof
activities
(see QA)
SWD
Activity
• Quality assurance
• QA1-Initialization
− Generated the QA and Assessment Plan
• QA2-Assessment Preparation
− Generation of unambiguous Assessment specification and
procedures & Req. of Assessment Environment
• QA3-Process Assessment of Activities
− Specified procedures were adhered to during the realization of an
activity
• QA4-Product Assessment
− Assessment with respect to the formal criteria & the contents of
the product. Assessment Report generated.
• QA5-Reporting
− Assessment Reports are assessed in regular intervals and the
results submitted to PM.
• Configuration management
• CM1-CM Initialization
− Generation of the CM plan and setting of the CM resources
• CM2-Product and CM
− Administration of products, configurations and rights
• CM3-Change Management
− Controlled artifacts are recorded and administered
• CM4-CM Services
− General services (e.g Product Catalog)
• Project management
• PM1-Project Initialization
• PM2-Placement/Procurement
• PM3-Contractor Management
• PM4-Detailed Planning
• PM5-Cost/Benefit Analysis
• PM6-Phase Review
• PM7-Risk Management
• Project management
• PM8-Project Control
• PM9-Information Service/Reporting
• PM10-Training/Instruction
• PM11-Supplying Resources
• PM12-Allocation of Work Orders
• PM13-Staff Training
• PM14-Project Completion
− Final Project Report
• Tool requirements
• What is to be used to do something:
− Functional characteristics must the tools have
• Introduces the Software Development Environment
− User Interface
− Work flow management
− Security and integrity requirements
− Software development
− Quality assurance
− Configuration Management
− Project Management
• Use for:
− Selection of tools
− Evaluation
− Further development of tools
Category Definition
Catastrophic Multiple loss of life
Critical Loss of a single life
Marginal Major injuries to one or more persons
Negligible Minor injuries at worst
Consequence
Likelihood Catastrophic Critical Marginal Negligible
Frequent I I I II
Probable I I II III
Occasional I II III III
Remote II III III IV
Improbable III III IV IV
Incredible IV IV IV IV
• Improved Reliability
• For systems that operate continuously (continuous mode)
the allowable frequency of failure must be determined
• For systems that operate more than once a year (high
demand) the allowable frequency of failure must be
determined
• For systems that operate intermittently (less than once a
year / low demand) the probability of failure is specified as
the probability that the system will fail to respond on demand
• Failure to Safety
• Calculation of safe failure fraction (SFF) determines how Fail-
safe the system is
Part 5: Examples of methods for the determination of Part 5: Product Development: Hardware Level
safety integrity levels
Part 6: Guidelines on the application of parts 2 and 3 Part 6: Product Development: Software Level
• ASIL
• ISO 26262 replaces SILs with ASILs (Automotive Safety
Integrity Levels)
• ASILs designed to specify the measures required to avoid
unreasonable residual risk
• ASIL levels A-D, with D being the most demanding
• Risk of each hazardous event is evaluated on the basis of:
− Frequency of the situation (or “exposure”)
− Impact of possible damage (or “severity”)
− Controllability
• ISO 26262:
• Uses ASILs for specifying the item's necessary safety
requirements for achieving an acceptable residual risk.
• Provides requirements for validation and confirmation
measures to ensure a sufficient and acceptable level of
safety is being achieved.
• Covers functional safety aspects of the entire development
process (including such activities as requirements
specification, design, implementation, integration,
verification, validation, and configuration).
• System Design
• To develop the system design and the technical safety
concepts that comply with the functional requirements and
the technical safety requirements specification.
• Verify the system design and technical safety concept
comply with technical safety requirements specification.
• Need to have bidirectional traceability between system
design and technical safety requirements specification.
• Safety Validation
• To provide evidence of due compliance with the functional
safety goals and that the safety concepts are appropriate for
the functional safety of the item.
• To provide evidence that the safety goals are correct,
complete and fully achieved at vehicle level.
• The validation plan shall include:
1. The configuration of the item
2. The specification of test cases and acceptance criteria
3. The required environmental conditions
• Software Design
• To develop a software architectural design that realizes the
software safety requirements and verify the software
architectural design achieving bi-directional traceability
• The software architectural design represents all software
components and their interactions with one another in a
hierarchical structure.
• Software Design
• The software architectural design shall exhibit
− Modularity
− Encapsulation
− Minimum complexity
• V model for
software
development
• Definition:
• Design is a problem-solving process whose objective is
to find and describe a way:
− To implement the system’s functional requirements...
− While respecting the constraints imposed by the
quality, platform and process requirements...
− including the budget
− And while adhering to general principles of good
quality
• System:
• A logical entity, having a set of definable responsibilities or
objectives, and consisting of hardware, software or both.
− A system can have a specification which is then implemented by
a collection of components.
− A system continues to exist, even if its components are changed
or replaced.
− The goal of requirements analysis is to determine the
responsibilities of a system.
• Subsystem:
• A system that is part of a larger system, and which has a
definite interface
• Component:
• Any piece of software or hardware that has a clear role
− A component can be isolated, allowing you to replace it with a
different component that has equivalent functionality
− Many components are designed to be reusable
− Conversely, others perform special-purpose functions
• Module:
• A component that is defined at the PL level
− For example: classes and packages are modules in Java
• Function:
• Unit at programming level with specific behaviour
− For example: methods in Java, functions in C
• Top-down design
• First design the very high level structure of the system.
• Then gradually work down to detailed decisions about low-
level constructs.
• Finally arrive at detailed decisions such as:
− the format of particular data items;
− the individual algorithms that will be used.
• Bottom-up design
• Make decisions about reusable low-level utilities.
• Then decide how these will be put together to create high-
level constructs.
• Architecture design:
− The division into subsystems and components,
− How these will be connected
− How they will interact
− Their interfaces.
• Class design:
− The various features of classes
• User interface design
• Algorithm design:
− The design of computational mechanisms
• Protocol design:
− The design of communications protocol
• System modeling
• What is SysML?
• A graphical modeling language in response to the UML for
Systems Engineering developed by the a.o. OMG
− a UML Profile that represents a subset of UML 2 with extensions
• Supports the specification, analysis, design, verification, and
validation of systems that include hardware, software, data,
personnel, procedures, and facilities
• Supports model and data interchange via XML Metadata
Interchange (XMI)
• What is SysML?
• Is a visual modeling language that provides
− Semantics = meaning
− Notation = representation of meaning