Science &
Engineering
Associates, Inc.
IMPACT
™
Integrated Messaging and Process Analysis Control Techniques
Functional and Graphical Interface Model
Bringing CONTEXT to and With
Hardware, Software, and the Human Element
IMPACT
INFLUENCING
DESIGN
™
PROVING
DESIGN
Toolset
Systems Engineering
Safety Engineering
Software Engineering
Systems Integration
System Safety
Software Design
• Functional Definition
• Hazard Identification
• Requirements Allocation
• Requirements Allocation
• Hazard Causal Factors
• Implementation Model
• Control Requirements
• Hazard Mitigation
• Fault Detection
• System Modeling
• Fault Tree Analysis
• Fault Handling
• Interface Analysis
• Residual Risk
• SW & HW Integration
• Safety Reporting
• User Interface Analysis
Specialty Engineering
Software Safety
Software Test
• System Integration
• Safety-Critical SW
• Test Rqmt Allocation
• Human Factors
• SW Causal Factors
• Test Case Generation
• Training
• SW Safety Requirements
• Test Acceptance Criteria
• Reliability/Availability and
• Hazard Mitigation
• Test Readiness Report
Maintainability
• Integrated Logistics
• Interface w/Hardware
• Interface w/Human
SEA Inc. Proprietary Data – Please Protect Accordingly
Page One
6100 Uptown Blvd., NE, Suite 700, Albuquerque, New Mexico 87110 (505) 884-2300
IMPACT
Science &
Engineering
Associates, Inc.
™
Integrated Messaging and Process Analysis Control Techniques
Graphically Integrating Hardware, Software
And Human Interaction in the Performance of System Functions
SCE02068
Startup Service
OSS
ELE_
PWR_
U2RM
PROCESS-BASED
TOOL SET
Action: Power to On
Power On
CREW
SPH
Crew views Power On
indication
Boot strap
sequence
ELE_
GPU_
U1
Initialize a
GPU
ANALYSES PLACES
SOFTWARE, HARDWARE
AND PERSONNEL ACTION
WITHIN THE CONTEXT OF
MAJOR SYSTEM
FUNCTIONS
Hardware Icon
For all Hardware Refer to Logic
Document by equipment type
in IDE Package 31138:
Armament *_ARM_*
Resupply
*_RES_*
GDAS
*_RES_*
SP Conveyor
SPH_RES_SPC
Initialize
SPH
Perform start up
BIT on GPU
2-1
ELE_
GPU_
U1
Perform BIT
Sheet Connector
NOTE
(keyed to number)
3.1
3
OSS Initialized
Ready to load
applications
SPH
Release Main
Thread for vehicle
initialization to
VMG
SCE00850
Initialize Core Software
VMG
Scenario
Invocation
Disconnect
I
Scenario
Iteration
R
Invocation
Return
T
Scenario
Terminus
Initialization_Command
1. Initialize vehicle management
software to coordinate system
initialization
2. Coordinate initialization of core
software on first GPU.
Allows Hardware &
Software Designers to
See the “Big Picture”
To CUI
ELE_
GPU_
U1
Scenario Iteration or off page connector
X = Sheet Number
Y = Unique Number
SPH
4. Upon receiving all statuses, initialize power
management software: Invoke Scenario SCE08157
"Initialize VPMG Software"
5. Coordinate initialization of core
software on remaining processors.
ELE_
GPU_
ELE_
SAI
Initialization_Command
6. Upon receiving all statuses,
command all core software to
configure to the AdminstrativeConfigure sub-state:
Timelines & Milestones
Are Met With Fewer
Surprises
1
1. Verify that the PDCS
subsytem is ready to
accept commands.
To PDS
SPH
Invoke Scenario SCE04895
"State Transition".
3
INVOKE
X
7. Send a notification that the
core software is ready to
interact with the crew
Can't Invoke
SCE04085 here.
The software to
transition to Admin
State has not been
commanded to
initialize at this point
Request_PDCS_Subsystem
_State
2. Command the transition
into the initial power net
configuration:
Invoke Scenario
SCE08155 "Change the
Power Network
Configuration"
Vehicle_State_Notification
Release core
software applications
on the GPU as
directed by VMG
INVOKE
SCE00009
Thread Manager
OSS
Create core
applications thread
5
5
X
4
4
X
Can't Invoke SCE8155
here. PDS has not yet
been commanded to
initialize.
2
2
INVOKE
To CUI
Request threads for core software applications
Can't send a message to
PDS here. PDS has not
yet been commanded to
initialize.
SCE08157
Initialize VPMG Software
VMG
INVOKE
Testing is More a
“Proving Process” Than
a “Fixing Process”
Shows “Actual Design”
as opposed to
“Perceived Design”
X-Y
3. Begin monitoring health of software
Reduces the Amount of
Reverse Engineering to
“Make It Work”
Customers Have More
Confidence in the
Contractor as it offers
Tangible Evidence of
Progress
Message
Disconnect
X
Initialization_Command
To PDC
3. Report the initialization
status
Can't notify CUI,
CUI not started yet.
Core software
threads just now
requested.
Why is SCE00009
(thread manager)
invoked here if OSS
created and released
threads above all by
itself?
Threads
T
X
T
CONTACT
SEA, Inc. Albuquerque Division
Steve Mattern or Greg Elcock
(505) 884-2300
SEA Inc. Proprietary Data – Please Protect Accordingly
Page Two
CREW
Crew turns computer
power switch on
6100 Uptown Blvd., NE, Suite 700, Albuquerque, New Mexico 87110 (505) 884-2300
IMPACT
Science &
Engineering
Associates, Inc.
™
Integrated Messaging and Process Analysis Control Techniques
IMPACT Software Safety Process
System Hazards Analysis
The integration of the “Software Assurance” of RTCA/DO
178B and “Software Safety” of Mil-Std 882 ensures a total
integration of system safety engineering, system engineering
and software development methodologies for a safer system.
The process as defined below produces the necessary output
products to support system certification and safety
requirements criteria.
The Functional Hazard Analysis is a natural springboard into
the safety activities required by Mil-Std 882. The most
important step in the process is the in-depth analysis to
identify failure modes or pathways to the identified hazards
of the system. This analysis includes the identification of
each hardware, software, and human interaction on the
failure pathways.
SOFTWARE ASSURANCE IAW RTCA/DO-178B
Functional
Hazard Analysis
Determine Severity
Ramification of Loss
Of Function
Allocate Software
Functions to
Appropriate CSCI’s
CSC’s and CSU’s
Determine Safety
Level Definition
Level A/B/C/D/E
Software Design
Software
Requirements
And Definition
Review
Software Safety
Constraints
Determine
SafetyCritical
Functions
Identify
SystemLevel
Hazards
Link Software Functionality
to Hazard FailurePathways
(Prioritize Based on
DO-178B Level of Safety)
Identify
SubsystemLevel
Hazards
Software Code
Preliminary
Detailed
Determine
Software-Specific
Hazard Causes
Categorize
Hazard
(Severity &
Probability)
Determine
Hazard
Causal
Factors
Define Software
Hazard Mitigation
Define
Hazard
Mitigation
Requirements
Software Test and
HW/SW Qualification
and Integration
Testing
Define Software
Safety Test
Requirements
(including FMET)
Residual
Safety
Risk
Assessment
Produce
Evidence Of
Hazard
Mitigation
SYSTEM SAFETY ENGINEERING IAW MIL-STD-882D
COTS/NDI
Hardware and Software
With Supporting Safety
Design Test, and Certification
Artifacts
Software Assurance To Include Hardware & Software Functionality
Software Development Engineering
Software System Safety Engineering
System Safety Engineering to include HW/SW/HE + Interfaces
System Functional Analysis
Identification of Software Safety Requirements
Analysis is accomplished to determine system functionality
and the ramifications of “loss of functionality”. This activity
is accomplished in conjunction with systems engineering and
can be used to supplement interface and integration activities.
The primary purpose is to identify the Safety-Critical
Functions (SCF) of the system and categorize them in
accordance with DO-178B safety level criteria. The SCF’s is
then tied to the software functionality to determine which
CSCI’s or CSU’s will be determined to have significant
safety impact. This allows functionality to be allocated to the
appropriate safety levels within the software design
architecture.
The in-depth hazard causal analysis defines the interaction of
hardware, software, and the human as contributors to
potential mishaps. The results of this analysis is a more
refined list of hazard mitigation requirements for hardware
and software design, safety and redundant systems, fault
detection, tolerance, and recovery, and procedures and
training. The safety engineering team then ensures that the
domain experts (designers) successfully implement the
defined hazard mitigation requirements.
This is
accomplished through a variety of analysis, inspection, and
test activities.
SEA Inc. Proprietary Data – Please Protect Accordingly
Page Three
6100 Uptown Blvd., NE, Suite 700, Albuquerque, New Mexico 87110 (505) 884-2300