Download presentation
Presentation is loading. Please wait.
1
Industrial Avionics Working Group 19/04/07 The Relationship Between the Design and Safety Domains in IAWG Modular Certification What are DGRs and How are DGRs used in the Safety Argument?
2
Industrial Avionics Working Group 19/04/07 Safety Case Architecture Safety_Req Block XBlock YBlock Z AL Int Arch Int OSL MSL RTBP
3
Industrial Avionics Working Group 19/04/07 Safety Argument Overview Argument over software related elements within the System –Blocks in the Application Layer –Modules in the OSL –Modules in the MSL Integration Arguments regarding –Architecture Integration of OSL and MSL Provision and Performance of services –Application Layer Integration of the Software Applications Integration of the Arguments for each Block –Overall Integration Integration of the Applications with the Architecture
4
Industrial Avionics Working Group 19/04/07 Dependencies / Guarantees & the Safety Argument (1) Overall Argument Strategy –Top Level Claims that each Safety Requirement is adequately assured –Supported by claims that guaranteed behaviour is adequately assured Use of DGRs –Provide Context for Arguments over the Software related elements (I.e. Application Block, OSL & MSL) –Identifies the guaranteed behaviour for each software related element –Guaranteed behaviour is defined by a set of ‘Guarantees’ –For each ‘Guarantee’ the related ‘Dependencies’ are identified –The related ‘Dependencies’ are the behaviour needed from other elements to meet the ‘Guarantee’
5
Industrial Avionics Working Group 19/04/07 A DGR for a Software Related Element G1 D1 D2 D3 G1 D1 D2 D3 DGR
6
Industrial Avionics Working Group 19/04/07 Dependencies / Guarantees & the Safety Argument (2) Integration of arguments –Integration of the arguments over the software related elements is achieved by linking the arguments over the ‘Dependencies’ and the ‘Guarantees’ between the elements Mechanism for the argument –Argument over the satisfaction of each ‘Dependency’ in one element by one or more ‘Guarantee’ in supporting elements –This may be specified in a Dependency Guarantee Contract (DGC) –Argument creates a ‘Daisy Chain’ that begins with a Safety Requirement in one element that is supported by a Guarantee in another element, whose associated Dependencies are supported in turn by Guarantees in another element ……….. Provision of Guarantees –‘Dependencies’ may be satisfied by ‘Guarantees’ provided by other application blocks or the architectural Services –A ‘useful’ set of Guarantees is provided by the architecture
7
Industrial Avionics Working Group 19/04/07 G1D2 Contract D1 G2 D3 Safety Case “Agreements” Software Related Elements G1 is Guaranteed, provided Dependency D1 is met. G2 is Guaranteed, provided Dependencies D2 & D3 are met. ‘Agreement’ (may be a DGC) –Between software related elements (G1-D2) –One or more Guarantees can be mapped to one Dependency Link ‘providing’ block Guarantees (e.g. G1) with ‘consuming’ block Dependencies (e.g. D2)
8
Industrial Avionics Working Group 19/04/07
9
Industrial Avionics Working Group 19/04/07 Example Argument Con:Sufficient Assurance Definition of what is necessary to sufficiently assure this argument. Goal::{Guarantee G} { },which describes behaviour of the product made available by { Component c }, is sufficiently assured. Con:Product The product baseline is identified here. An example DGR Requirements For Module Example source evidence Con:DGRs Each DGR records the Dependencies associated with a specific {Guarantee G}. {.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.