Professional Documents
Culture Documents
5...4...3...2...1...
Rayfael Roman
IATF Software Safety SME
www.nasa.gov/sls
www.nasa.gov/sls
Overview
2
www.nasa.gov/sls
Knowns
ARTEMIS & MAESTRO will not be used in the Space Launch System
(SLS) vehicle.
3
www.nasa.gov/sls
NASA Standards
– Scope – “Describes the activities necessary to ensure that safety is designed into
the software that is acquired or developed by NASA. All Program/Project
Managers, Area Safety Managers, IT managers, and other responsible managers
are to assess the inherent safety risk of the software in their individual programs.
The magnitude and depth of software safety activities should reflect the risk
posed by the software while fulfilling the requirements of this Standard.”
4
www.nasa.gov/sls
NASA Standards
– Section 7.5.5 – “If a model, simulator or emulator is used to test our critical
systems (hardware, software or a combination) it is necessary to make sure our
tests and associated models and simulators are of sufficient rigor, accuracy and
depth to reliably supply results that are trusted and true … It is important that
an analysis of the risks to critical software tests, models and simulators be
performed and the resultant level of safety and software engineering rigor be
applied as for any safety critical software”.
5
www.nasa.gov/sls
NASA Standards
– Examples of Class C:
• Simulators, emulators, stimulators, or facilities used to test Class A, B, or C software
in development; integration and test environments (development environment,
including environment used from unit testing through validation testing); software used
to verify system-level requirements associated with Class A, B, or C software by
analysis (e.g., guidance, navigation, and control system performance verification by
analysis)
6
www.nasa.gov/sls
Safety Criticality (S-C) ASSESSMENT
7
www.nasa.gov/sls
Definition
8
www.nasa.gov/sls
Software HR Control Determination to S-
C Requirements Process
*** Desirable
process as
Begins with Hazard that is Developed and Documented by
described by documented in IATF Hazard Report Safety (QD34)
SLS-PLAN-013***
Integrated participation of System Safety, SwS,
System functionality and Software SwS Cause Record SW Reqs/Design, HW Reqs & Design, VM FDIR,
aspects of the hazard are identified (CR) Evaluation and subject matter experts.
11
www.nasa.gov/sls
Goals
• To acknowledge the effort ES53 has completed to mitigate hazards that exists in
the system (HW & SW)
• To document that ES53 has adequately done due diligence to provide verifications
to close out hazard controls and reduce the likelihood of occurrence to the lowest
level.
• To assist ES53 is resolving any verifications that remain open.
• To present to the ASCB that a adequate Safety Analysis has been accomplished by
SMA and the IATF facility is safe.
• To help NASA safely put the first Woman on the Moon!
12
www.nasa.gov/sls
Questions?
13
www.nasa.gov/sls
Backup
14
www.nasa.gov/sls
NPR 7150.2C NASA Software Engineering Requirements
If a project has safety-critical software or mission-critical software, the project manager shall
implement the following items in the software:
• a. The software is initialized, at first start and restarts, to a known safe state.
• b. The software safely transitions between all predefined known states.
• c. Termination performed by software of functions is performed to a known safe state.
• d. Operator overrides of software functions require at least two independent actions by an
operator.
• e. Software rejects commands received out of sequence when execution of those commands
out of sequence can cause a hazard.
• f. The software detects inadvertent memory modification and recovers to a known safe state.
• g. The software performs integrity checks on inputs and outputs to/from the software system.
• h. The software performs prerequisite checks prior to the execution of safety-critical software
commands.
• i. No single software event or action is allowed to initiate an identified hazard.
• j. The software responds to an off-nominal condition within the time needed to prevent a
hazardous event.
• k. The software provides error handling.
• l. The software can place the system into a safe state.
15
www.nasa.gov/sls
NASA Standards
• NPR 7150.2C
– Class C: Mission Support Software or Aeronautic Vehicles, or Major
Engineering/Research Facility Software
a. Definition
1. Space Systems include the following types of software:
d) Software used for the testing of space assets
– Examples of Class C:
• Simulators, emulators, stimulators, or facilities used to test Class A, B, or C
software in development; integration and test environments; software used to verify
system-level requirements associated with Class A, B, or C software by analysis (e.g.,
guidance, navigation, and control system performance verification by analysis)
16
www.nasa.gov/sls