Agile Development for Safety Critical Systems using MBSE, ISO 26262 and DO-178 b/c Graham Bleakley Ph.D. Solution architect A&D, Automotive Unleash the Labs, IBM UK Graham.bleakley@uk.ibm.com Twitter @BleakleyGJ

Agenda Problems with systems and software engineering Course Title Agenda Problems with systems and software engineering Improving systems and software development with continuous engineering An Agile to approach to MBSE Working with practices Model based development and ISO 26262 Applying DO-178 B/C Tool qualification for DO-178 B/C ISO 26262 Resources

Manufacturers are struggling to manage complexity and increased regulation Energy and utilities Smart meters for water utilities will lead to $29.9 million in sales by 2017 compared with $10.3 million in 2011. Aerospace and defense Today’s F35 has 10 million lines of code on board, twice the amount on the F-22, another stealth fighter. Automotive Electronics drives 80 percent of the automotive industry’s functional innovation — software is the key to most of it. Telecom Between 2012 - 2016, mobile data traffic will multiply tenfold, with video content acting as the biggest driver. Software is changing the game … Allowing companies to enter in new markets Allowing the creation of multiples / product lines Software is driving the value, the innovation, the differentiation in products today …across all industries! Products are no longer driven by the physical piece, but it is the software (and electrical) that makes the product unique, provides the value, software needs to be thought of up front Driving force to enable customer satisfaction in products Software opens up the opportunities for clients to lead in innovation and manage complexity, and enabling you to create the ‘next big thing’ … Medical devices The da Vinci S surgical robotic system: 1.4 million lines of code Computing power of 7 laptops 10,000 individual parts Electronics By 2014, 230 million Smart TVs will be installed with 57 million homes watching web-based streams over broadband.

Pound£ And £ense: Initial cost increase due to Implementing Standards Typical DO-178B Project Successful Technical Project without DO-178B Added 60% - 100% Cost Added 25% - 40% Cost for Initial Development Solid processes Experienced Team +60 – 100% +25-40% Automation can help reduce costs Repeatable Process governance Process Guidance Reuse Systems and SW assets Automate build Automate testing Systems Software 3

State of the Practice for Systems and Software Development Systems and Software Engineering Environments, in general, Are document-centric Require huge investment in planning that doesn’t reflect actual project execution Have difficulty adapting to change. Require expensive and error-prone manual review and update processes. Require long integration and validation cycles to beat out many defects Are difficult to maintain over the long haul Additional standards constraints DO-178C, ARP 4761,ARP 4754 ISO26262, ASPICE, AUTOSAR IEC 62304 Add to the challenge Tooling Selection Dependability engineering Safety Reliability Security System certification

Modern Processes and Practices are Evolving Past Future Requirements Definition & Management Analysis & Design Quality Management Build & Release Management Construction Configuration & Change Mgmt Asset Management & Reuse Production Model-Based Engineering Defect Avoidance Defensive Design Continuous Integration Risk Management Project Governance Dynamic Planning THE AGILE SE MODEL Moving from waterfall “ballistic” planning to incremental, adaptive approach

Managing Complexity with Continuous Engineering Improve systems engineering to tackle growing product complexity Engineering context Market Analytics Operations and Maintenance Customer Requirements Deployment/ Release to Mfg. Iterative Improve software development to deliver innovation faster System Requirements System Verification and Validation Decomposition and Definition Integration and Validation System Design System Test With an agile, open, integrated systems approach that enables access to all engineering and related information Implementation Electrical/ Electronics Design Agile Software Engineering Mechanical Design But the disciplines of systems engineering and software development can’t sit in isolation from one another or from the other disciplines and teams in the product lifecycle. For your product development process to be effective you need greater visibility and collaboration across all activities, teams and tools. Key to this is having all necessary information available to provide the engineering context for product development. IBM believes this is best delivered through an open approach to integrating tools and workflows. Open standards Business Engineering Operational Enterprise information

Improving software development Requirements Acceptance Improving software development Agility Compliance Automation

Key Concepts for Agility Improve quality through continuous feedback Verification (do it right) Analysis Review Testing via execution or simulation Customer feedback (meet the need) Correctness Appropriateness Usability Defensive Design Efficiency through Concentrate on high-value tasks Avoid rework Paying attention to how you’re doing against goals Project retrospective Risk management Planning Don’t plan beyond the fidelity of the information you have Plan enough but not more than that Adjust plans based on “truth on the ground” (metrics) Primarily build executable things Verify them continuously Validate them with the customer early & often Active and continuous risk mitigation Dynamic planning

What does “agile” mean for Systems Engineering? Do what you need to do, no more and no less This depends heavily on industry, regulation, and business environment Often requires detailed traceability links among work products (e.g. requirements traceability) Use tooling to automate manually-intensive, error-prone work Work iteratively and incrementally Group requirements with user stories or use cases Verify continuously With Q/A activities With testing With customer Outcome contains textual specifications but linked to executable & verifiable specifications Use dynamic planning to adjust project plans based on “truth on the ground” Use goal-based metrics (KPIs) to track project progress Continuously track progress against plan. Adjust planning frequently Safety, Reliability, Security Not “done once” but continuously assessed Model-based hand off to downstream engineering

Best practice content for specific industries (What) Support for other industries:- Network service providers Rail Chemicals and petroleum Energy and utilities Electronics Industry neutral systems and software practices Automotive Aerospace Electronics ECU Design/Dev via AUTOSAR Each solution contains practice content that has been developed and tested to provide a complete lifecycle management solution for a particular industry. The practice content describes how to develop a product or system using Rational and third-party tools. You can download the types of published practice content from the IBM Rational Solution Process Assets web page (see Resources). Practice content is created and managed with IBM® Rational® Method Composer, which has a domain language based on the Unified Method Architecture (UMA). The terminology used in the practice content is derived from UMA. A set of practices that provide process guidance (via a website) to support the solution A template to customise RTC for the specific industry The industry-specific solutions described in this webinar are: IBM Rational solution for aerospace and defense DO-178B/C compliance IBM Rational solution for automotive engineering ISO-26262 and ASPICE compliance IBM Rational solution for medical devices IEC 62304 Defense Architectures via DoDAF HW-SW Co-Design ASPICE Functional Safety for Automotive via ISO 26262 Functional Safety for Aerospace via DO-178B Functional Safety for Medical Devices via IEC 62304, FDA Design Control F u n c t i o n a l S a f e t y 10

Supported by Best Practices for Agile Systems Engineering (How) High-fidelity model-based engineering (Hi-MBE) Incremental functional analysis with use cases Executable requirements modeling with SysML / UML Test-driven development of system specifications Integrated safety and reliability analysis Model-based handoff to downstream engineering Automated document generation from model artifacts Note: a key difference between agile SW and agile SE is that the outcome of SE is specifications and the outcome of SW is implementation

Rational Method Composer Rational Team Concert Supported by an integrated toolset Rational Engineering Lifecycle Management Use modeling to validate requirements, architecture and design earlier in the development process – including Simulink integration, AUTOSAR, autocode generation, MISRA, SMXF and automated test case generation; use for FMEA, FTA using the safety analysis profile Provides customised views on information across the lifecycle Rational Rhapsody Mentor Graphics Mathworks Rational Quality Manager Rational Test Conductor Rational Test RealTime NI Veristand ETAS DSpace Rational DOORS/DNG Manage system requirements with complete traceability across the product lifecycle Automate quality and test management with an integrated, lifecycle-based testing process Rational Method Composer Rational Team Concert Manage collaborative systems lifecycle management across development teams and engineering disciplines with ISO 26262 or DO-178 process template for compliance to these standards 12 12