Toward a lean approach to certification Cyrille Comar [email_address] www.open-do.org

Summary Introduction to Open-DO FLOSS & Open Source Communities Lean/Agile vs DO-178 Why Open-DO? Possible Open-DO material Keys to Success

Introduction to Open-DO

FLOSS & Open Source Communities

Lean/Agile vs DO-178

Why Open-DO?

Possible Open-DO material

Keys to Success

The Big Freeze Problem Can I change my code after certification ? The ESA anecdote Can I upgrade to a new version of community-developed component ? The AdaCore/Gcc anecdote Introduction to Open–DO (1)

The Big Freeze Problem

Can I change my code after certification ?

The ESA anecdote

Can I upgrade to a new version of community-developed component ?

The AdaCore/Gcc anecdote

Which Arinc 653 OS will be around in 15 years? Commercial Solutions - WRS, Sysgo, LynuxWorks, GHS, DDCI Private Solutions maintained internally by Avionics companies - At least 3 in Europe & 1 in the US Experimental - RTEMS + 653 interface Any lessons from what happened in the Unix world? Introduction to Open–DO (2)

Commercial Solutions

- WRS, Sysgo, LynuxWorks, GHS, DDCI

Private Solutions maintained internally by Avionics companies

- At least 3 in Europe & 1 in the US

Experimental

- RTEMS + 653 interface

The meeting of 3 worlds Introduction to Open–DO (3) Libre Open Source High Assurance Certification Agile Lean

Libre Open Source High Assurance Certification Agile Lean The meeting of 3 worlds Introduction to Open–DO (3) More efficient More reusable More attractive Less costly More visible Easier to learn

More efficient

More reusable

More attractive

Less costly

More visible

Easier to learn

The meeting of 3 worlds Introduction to Open–DO (3) More efficient More reusable More attractive Less costly More visible Easier to learn Libre Open Source High Assurance Certification Agile Lean

More efficient

More reusable

More attractive

Less costly

More visible

Easier to learn

FLOSS & Open Source Communities

FLOSS & Open Source Communities

Open Source Free to use… for ever Free to look at sources Free to change Free to redistribute FLOSS License

Open Source Communities (1) Significant technologies are successfully managed by such communities: - The Linux Kernel - Eclipse - GCC - RTEMS - Mozilla - Open Office - Python … For more than 20 years now

Significant technologies are successfully managed by such communities:

- The Linux Kernel

- Eclipse

- GCC

- RTEMS

- Mozilla

- Open Office

- Python

…

For more than 20 years now

The GCC example … and many more Contributors: from individuals to corporations Sharing technology not products Open Source Communities (2)

Contributors: from individuals to corporations

Sharing technology not products

Open Source Communities (3) Active participants Short term cost increase Learning curve Working in an open environment - Contributing back Long term cost decrease by - Sharing Resources Solving a common problem Avoiding solving already solved problems Initiators & regulators Passive Users Benefit from the work of others Can’t customize to their own needs Help spread the technology

Active participants

Short term cost increase

Learning curve

Working in an open environment

- Contributing back

Long term cost decrease by

- Sharing Resources

Solving a common problem

Avoiding solving already solved problems

Passive Users

Benefit from the work of others

Can’t customize to their own needs

Help spread the technology

Open Source Communities (4) Sharing instead of Off-shoring COTS or not COTS?

What about the HA/certification community? Is there a need for openness & cooperation? Potential for community growth? AVSI (Aerospace Vehicle Systems Institute) Certify Together The DO-178C committee military space railways, automotive, …

What about the HA/certification community?

Is there a need for openness & cooperation?

Potential for community growth?

AVSI (Aerospace Vehicle Systems Institute)

Certify Together

The DO-178C committee

military

space

railways, automotive, …

Lean/Agile vs DO-178

Lean/Agile vs DO-178

DO-178 vs Lean/Agile Continuous Integration Iterative requirements Test Driven Development (Executable Specifications) Life Cycle Data & Traceability Specific Workflows Requirement Based Testing Emphasis on verification activities Good Software Engineering Practices Guarantee/Improve Quality

DO-178 vs Lean/Agile

Continuous Integration

Iterative requirements

Test Driven Development

(Executable Specifications)

Life Cycle Data & Traceability

Specific Workflows

Requirement Based Testing

Emphasis on verification activities

Good Software Engineering Practices

Guarantee/Improve Quality

Some DO-178B workflows (1) Software Life Cycle Process Integral Processes Top level workflow Transition criteria between activities Workflow support Workflow verification System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle - section 3 Software Planning Process – Section 4 Software Development Processes – Section 5 Software Verification - section 3 Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Additional Considerations – Section 12

Some DO-178B workflows (2) Software Life Cycle Process Integral Processes Requirement coverage Code coverage Traceability Component certification workflow System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle - section 3 Software Planning Process – Section 4 Software Development Processes – Section 5 Software Verification - section 3 Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Additional Considerations – Section 12 Requirements Design Coding Reviews Testing Completeness Analysis

Some DO-178B workflows (3) Software Life Cycle Process Integral Processes Qualification of Verification Tools Workflow Requirement Coverage Traceability System aspects related to Software Development Section 2 Overview of aircraft and engine certification Section 10 Software Life Cycle - section 3 Software Planning Process – Section 4 Software Development Processes – Section 5 Software Verification - section 3 Software Config Management – section 7 Software Quality Assurance - Section 8 Certification Liaison - section 9 Software Life Cycle Data – Section 11 Additional Considerations – Section 12 Tool Operational Requirements Reviews Testing Completeness Analysis

Example : Agile Tool Qualification Requirement Coverage Traceability Minimize requalification effort when adding a new TOR Automate requalification for different environment « Natural » traceability model Integrate QA & CM 2 running experiments OSEE FitNesse +SVN Tool Operational Requirements Reviews Testing Completeness Analysis

Minimize requalification effort when adding a new TOR

Automate requalification for different environment

« Natural » traceability model

Integrate QA & CM

2 running experiments

Possible Open-DO material

Possible Open-DO material

Some Relevant Open Projects & Technologies OSEE Couverture SPARK

Some Relevant Open Projects & Technologies OSEE Couverture SPARK

Open DO Components Open-Do Life Cycle Management Document Templates Qualifiable Tools Education Materials Certifiable Components

Open-Do Document Templates Qualifiable Tools Education Materials Certifiable Components Specialized Workflows Tools supporting them Open DO Components Life Cycle Management

Specialized Workflows

Tools supporting them

Open-Do Document Templates Qualifiable Tools Education Materials Certifiable Components Open verification tools Open Development tools Open (orphan) qualification material Open DO Components Life Cycle Management

Open verification tools

Open Development tools

Open (orphan) qualification material

Open-Do Document Templates Qualifiable Tools Education Materials Certifiable Components Open DO Components Life Cycle Management Toy certifiable projects Training material Specialized DO-178C examples Model Based Formal Methods OOP …

Toy certifiable projects

Training material

Specialized DO-178C examples

Model Based

Formal Methods

OOP …

Open-Do Document Templates Qualifiable Tools Education Materials Certifiable Components Open DO Components Life Cycle Management Examples: 653 OS Light DataBase IP stack middleware Standard Classes …

Examples:

653 OS

Light DataBase

IP stack

middleware

Standard Classes

…

Open-Do Document Templates Qualifiable Tools Education Materials Certifiable Components Open DO Components Life Cycle Management Coding Standards C, Ada, … DO-178: PSAC, SDP, SVP, SCMP… Other standards

Coding Standards

C, Ada, …

DO-178:

PSAC, SDP, SVP, SCMP…

Other standards

Why Open-DO ?

Provides a shared infrastructure - For long term investment - For long term cost reduction Allows some level of cooperation with competitors Lower training costs (especially for subcontractors) Support for the transition to DO-178C Avionics industrial community Why Open-DO?

Provides a shared infrastructure

- For long term investment

- For long term cost reduction

Allows some level of cooperation with competitors

Lower training costs (especially for subcontractors)

Support for the transition to DO-178C

Why Open-DO? Better understand the needs of this industry Offer adequate training to students Opportunity for applied research activities Academics

Better understand the needs of this industry

Offer adequate training to students

Opportunity for applied research activities

Offers an ideal showcase for their open technologies Tool sharing makes it easier to provide a complete supported solution Creates and ecosystem where everyone can meet potential customers and partners Tool providers Why Open-DO?

Offers an ideal showcase for their open technologies

Tool sharing makes it easier to provide a complete supported solution

Creates and ecosystem where everyone can meet potential

customers and partners

Balance - Europe vs US - Boeing vs Airbus - Authorities vs Industry Find key participants for critical mass - Certification authorities - Major Aeronautics players - Established tool providers - Academics Attract public funds for bootstrap Find appropriate governance rules Keys to success

Balance

- Europe vs US

- Boeing vs Airbus

- Authorities vs Industry

Find key participants for critical mass

- Certification authorities

- Major Aeronautics players

- Established tool providers

- Academics

Attract public funds for bootstrap

Find appropriate governance rules

Open-DO Bootstrap One project in Europe (FP7) - call for projects in 1 month (T0) - submission of the proposal : T0 + 4 months One project in the US Others? Share from the start - infrastructures - ideas - activities open-do.org

One project in Europe (FP7)

- call for projects in 1 month (T0)

- submission of the proposal : T0 + 4 months

One project in the US

Others?

Share from the start

- infrastructures

- ideas

- activities

open-do.org