Assurance of Complex Electronics What path do we take?€¦ · Richard.A.Plastow @ nasa.gov Sr. Software Assurance Engineer (SAIC) 2 The Quandary Programmable Logic devices are blurring

AAssssuurraannccee ooff CCoommpplleexx EElleeccttrroonniiccss WWhhaatt ppaatthh ddoo wwee ttaakkee?? Abstract Many of the methods used to develop software bare a close resemblance to Complex Electronics (CE) development. CE are now programmed to perform tasks that were previously handled in software, such as communication protocols. For instance, Field Programmable Gate Arrays (FPGAs) can have over a million logic gates while system-on-chip (SOC) devices can combine a microprocessor, input and output channels, and sometimes an FPGA for programmability. With this increased intricacy, the possibility of “software-like” bugs such as incorrect design, logic, and unexpected interactions within the logic is great. Since CE devices are obscuring the hardware/software boundary, we propose that mature software methodologies may be utilized with slight modifications to develop these devices. By using standardized S/W Engineering methods such as checklists, missing requirements and “bugs” can be detected earlier in the development cycle, thus creating a development process for CE that will be easily maintained and configurable based on the device used. Richard Plastow

https://ntrs.nasa.gov/search.jsp?R=20070007336 2020-07-14T18:29:56+00:00Z

Ass

ura

nce

of

Com

plex

A

ssu

ran

ce o

f C

ompl

ex

Elec

tron

ics

Elec

tron

ics

Wh

at p

ath

do

we

take

?W

hat

pat

h d

o w

e ta

ke?

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

2

Th

e Q

uan

dar

y

Pro

gram

mab

le L

ogic

dev

ices

are

blu

rring

the

hard

war

e / s

oftw

are

boun

dary

. It i

s no

w

com

mon

for C

ompl

ex E

lect

roni

cs (C

E)

devi

ces

to h

ave

over

one

milli

on g

ates

and

ev

en a

bui

lt in

mic

ropr

oces

sor.

Thes

e de

vice

s ar

e be

ing

used

to re

plac

e so

ftwar

e in

m

any

criti

cal a

pplic

atio

ns.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

3

Lets

take

a lo

ok

Hardware

•Pro

gram

med

•Eas

ily c

hang

ed•C

an “

do a

nyth

ing”

•Can

not b

e 10

0%, e

xhau

stiv

ely

test

ed

BIO

S/bo

otst

rap

Ope

ratin

g sy

stem

App

licat

ions

Soft

war

e

Softw

are

resi

ding

in n

on-v

olat

ile

stor

age

Firm

war

e •Off

-the-

shel

f com

pone

nts

•Exh

aust

ivel

y Te

sted

by

Ven

dor

ICs

Mic

ropr

oces

sor

A/D

, D/A

Sens

ors

Ele

ctro

nic

Har

dwar

e

•Spe

cial

pur

pose

com

pute

r (pr

oces

s con

trol)

•Use

s Lad

der L

ogic

, oth

er la

ngua

ges f

or

prog

ram

min

g

Prog

ram

mab

le L

ogic

Con

trol

lers

SOC

R

econ

fig.

Com

putin

g•D

esig

ned

with

HD

L•C

ompi

led/

Prog

ram

med

•May

be

repr

ogra

mm

able

in th

e fie

ld•C

anno

t be

100%

, exh

aust

ivel

y te

sted

FPG

AC

PLD

PAL

ASI

C

Prog

ram

mab

le L

ogic

Dev

ices

Software

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

4

How

do

they

com

pare

?

CE A

sync

hron

ous

Cos

tly to

cha

nge

No

upda

tes

can

be d

one

in o

pera

tion

No

curr

ent s

tand

ards

Reu

sabl

eC

an n

ot b

e 10

0%

test

ed

Sof

twar

eS

ynch

rono

usE

asy

to c

hang

eP

atch

es c

an b

e do

ne in

op

erat

ion

Hav

e de

fined

sta

ndar

dsR

eusa

ble

Can

not

be

100%

te

sted

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

5

Conc

erns

and

Issu

es

AS

ICs

and

FPG

As

have

bee

n us

ed to

avo

id th

e rig

ors

of

the

softw

are

appr

oval

pro

cess

. (F

AA

DO

-254

)C

ompl

ex E

lect

roni

c de

vice

s ar

e de

sign

ed a

nd

prog

ram

med

by

engi

neer

s, o

ften

with

out q

ualit

y as

sura

nce

over

sigh

t or c

onfig

urat

ion

man

agem

ent

cont

rol o

f the

des

igns

. In

addi

tion,

the

deve

lopm

ent

proc

ess

may

not

be

wel

l def

ined

or f

ollo

wed

. H

igh-

leve

l lan

guag

es (e

.g. C

, C++

) are

now

bei

ng u

sed

to d

efin

e co

mpl

ex e

lect

roni

c de

sign

s (in

who

le o

r in

part)

.C

ompl

ex fu

nctio

nalit

y ca

nnot

be

com

plet

ely

sim

ulat

ed,

nor t

he re

sulti

ng c

hip

com

plet

ely

test

ed.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

6

Wha

t is t

o be

don

e?

Sof

twar

e an

d C

ompl

ex E

lect

roni

cs h

ave

man

y th

ings

in c

omm

on.

Bot

h ha

ve a

Qua

lity

Ass

uran

ce p

rogr

amB

oth

Sha

re a

com

mon

dev

elop

men

t pro

cess

Sin

ce th

e C

ompl

ex E

lect

roni

cs d

evic

e is

a b

lend

, w

hy n

ot u

se th

e be

st o

f bot

h as

sura

nce

wor

lds?

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

7

Com

mon

ality

in D

evelo

pmen

t pro

cess

Sof

twar

eP

lann

ing

Req

uire

men

tsD

esig

nC

ode

Test

Ope

ratio

ns

CE P

lann

ing

Req

uire

men

tsD

esig

n E

ntry

/ S

ynth

esis

Impl

emen

tatio

nTe

st (V

erifi

catio

n)O

pera

tions

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

8

How

the

Des

ign

Proc

ess F

or C

ompl

ex

Ele

ctro

nics

shou

ld fl

ow

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

9

Plan

ning

is w

here

we

shou

ld st

art

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

10

Requ

irem

ents

In a

typi

cal d

esig

n, th

e re

quire

men

ts fl

ow

dow

n fro

m th

e sy

stem

requ

irem

ents

. D

evel

opm

ent m

ay b

e by

the

wat

erfa

ll,

itera

tive,

spi

ral o

r oth

er d

evel

opm

ent

met

hodo

logy

. Mos

t pro

ject

s, s

oftw

are

and

CE

, use

an

itera

tive

appr

oach

as

they

flow

th

roug

h th

e de

sign

pro

cess

.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

11

Requ

irem

ents

The

first

ste

p in

any

desi

gn p

roce

ss s

houl

d be

to d

efin

e an

d do

cum

ent t

he re

quire

men

ts a

nd c

onst

rain

ts u

nder

w

hich

the

CE

mus

t ope

rate

. Thi

s al

low

s yo

u to

thin

k th

roug

h th

e is

sues

and

doc

umen

t any

des

ign

deci

sion

s an

d tra

de-o

ffs.

Sof

twar

e ha

s a

wel

l def

ined

and

robu

st p

roce

ss. W

hile

th

is d

oes

not g

uara

ntee

suc

cess

, it a

llow

s yo

u to

find

an

d re

solv

e m

any

issu

es th

at m

ay a

rise.

C

ompl

ex E

lect

roni

cs d

esig

n is

ofte

n st

arte

d ba

sed

on th

e en

gine

ers

know

ledg

e of

the

syst

em, n

ot d

efin

ed

requ

irem

ents

.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

12

An

Inte

grat

ed A

ssur

ance

App

roac

h

Req

uire

men

ts R

evie

ws

Com

plet

eV

erifi

able

Und

erst

anda

ble

Trac

eabl

eIn

terfa

ce C

ontro

l Doc

umen

t ver

ifica

tions

Fit p

lann

ed h

ardw

are

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

13

Trac

eabi

lity

Ana

lysis

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

14

Des

ign

Whe

ther

you

are

usi

ng U

nifo

rm M

odel

ing

Lang

uage

(UM

L), h

ardw

are

desc

riptio

n la

ngua

ge (H

DL)

or s

ome

othe

r for

m, t

his

is

whe

re y

ou d

efin

e th

e sy

stem

and

it’s

func

tion.

O

ne m

ajor

diff

eren

ce b

etw

een

CE

and

so

ftwar

e is

the

aspe

ct o

f tim

ing

and

conc

urre

ncy.

Th

e ba

sic

prem

ise

is th

e sa

me.

A g

ood

desi

gn is

exp

ecte

d.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

15

Code

/ Im

plem

enta

tion

Alth

ough

HD

L is

not

true

cod

e, it

sha

res

man

y of

the

sam

e fe

atur

es a

nd a

ttrib

utes

of s

oftw

are.

The

di

ffere

nces

occ

ur d

urin

g th

e “c

ompi

le a

nd li

nk”

func

tions

. Dur

ing

synt

hesi

s (c

ompi

le),

the

desi

gn is

m

appe

d to

the

logi

c ga

tes

of th

e de

vice

.The

pl

acem

ent o

f the

logi

c bl

ocks

with

in th

e ch

ip, a

nd

the

rout

ing

betw

een

bloc

ks, a

re s

ome

of th

e pr

oces

ses

that

occ

ur d

urin

g im

plem

enta

tion.

Thi

s pr

oces

s is

loos

ely

com

para

ble

to th

e lin

king

ste

p in

so

ftwar

e.C

odin

g st

anda

rds,

cod

e re

view

s, a

nd b

est p

ract

ices

th

at a

re u

sed

by s

oftw

are

wor

k ve

ry w

ell o

n H

DL.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

16

Eas

e of

cod

ing

Cod

ing

Sta

ndar

ds a

nd B

est P

ract

ices

wor

k w

ell o

n H

DLs

. The

y al

low

:R

eada

bilit

yS

tand

ard

Sig

nal n

ames

Nam

es d

o no

t cha

nge

acro

ss b

ound

arie

sC

omm

on re

gist

er n

ames

Mai

ntai

nabi

lity

Com

mon

nam

ing

conv

entio

nsC

ode

revi

ews

Etc

….

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

17

VH

DL

Code

Exa

mpl

e

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

18

Test Whi

le c

ompl

ex e

lect

roni

cs u

se te

st b

ench

es

and

timin

g m

odel

s, th

e id

ea o

f a w

ell d

efin

e su

ite o

f tes

t cas

es is

com

mon

in b

oth

disc

iplin

es. T

his

incl

udes

test

pla

ns, f

ault

inje

ctio

n an

d er

ror h

andl

ing

test

ing

and

verif

icat

ion.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

19

Test

Met

hodo

logi

es

Bes

t Pra

ctic

esTe

st P

lans

Tr

acin

g to

requ

irem

ents

Feas

ible

Cov

er m

ore

than

just

suc

cess

…..

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

20

Rea

lity

Ch

eck

Man

y as

sura

nce

engi

neer

s, re

gard

less

of

thei

r spe

cial

ty, h

ave

little

und

erst

andi

ng o

f th

e co

mpl

exiti

es o

f the

se d

evic

es. A

ny re

view

do

ne w

ill on

ly b

e to

the

leve

l of k

now

ledg

e of

th

e as

sura

nce

engi

neer

. S

oftw

are

Ass

uran

ce E

ngin

eers

hav

e fa

ced

thes

e is

sues

and

use

man

y te

chni

ques

and

ch

eckl

ists

to in

sure

qua

lity.

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

21

Tech

niqu

es

Cha

nge

Impa

ct A

naly

sis

Dec

isio

n Ta

bles

/Tre

esD

esig

n E

valu

atio

nD

esig

n R

evie

wFa

ilure

Mod

e an

d E

ffect

Ana

lysi

sFa

ult T

ree

Ana

lysi

sFu

nctio

n an

d P

hysi

cal C

onfig

urat

ion

Aud

itsIn

terfa

ce A

naly

sis

Req

uire

men

ts E

valu

atio

nR

equi

rem

ents

Rev

iew

Ris

k A

naly

sis

Trac

eabi

lity

Ana

lysi

s

Rich

ard.

A.P

lasto

w @

nas

a.gov

Sr

. Sof

twar

e A

ssur

ance

Eng

inee

r (SA

IC)

22

Chec

klist

sP

lann

ing

Pha

seR

equi

rem

ents

Pha

seP

relim

inar

y D

esig

n P

hase

Det

aile

d D

esig

n P

hase

Impl

emen

tatio

n P

hase

Test

ing

Pha

seO

pera

tions

Pha

seA

ssur

ance

Pla

nnin

gA

ssur

ance

Pla

nnin

gM

odifi

catio

ns o

r Upg

rade

sM

odifi

catio

ns o

r Upg

rade

sA

udits

Aud

its(F

unct

iona

l Con

figur

atio

n, P

hysi

cal C

onfig

urat

ion

and

In-P

roce

ss)

Bes

t Pra

ctic

esB

est P

ract

ices

(Cod

e Re

view

)(C

ode

Revi

ew)

Test

ing

Test

ing

(Doc

umen

t Rev

iew

)(D

ocum

ent R

evie

w)