As software and software requirements in space systems become more complex, software safety plays a critical part in overall mission safety. In fact, according to a Aerospace Corporation study, half of all observed spacecraft mission anomalies were due to software failures.
Therefore in the design and deployment of spacecraft and launch vehicles the use of rigorous software testing can provide great savings.
Space systems have traditionally not had as rigorous standards of software test as aviation systems. There is no analogue to DO-178B, which is generally considered the gold standard in software safety. Instead, space systems often use an inconsistent mix of software safety standards dictated by vendors and range safety.
However, the value proposition afforded by using LDRA to enforce some portions of DO-178B or other safety standards is easy to understand in the context of preventing mission failures.
The LDRA tool suite can be used to ensure a consistent software development methodology across both flight and ground software. Elements such as requirement traceability, coding review, structural coverage analysis, secure coding and unit test can be used across Ada, C, C++ and Java. The artefacts from all of these different activities can be connected together through traceability to provide insight into project management and risk reduction.
1. Requirements Traceability - The requirement traceability component of the LDRA tool suite, namely TBreq provides a comprehensive view into your projects software development process. From the top down LDRA’s Testbed requirement traceability element, on its own or as part of the Embed-X product, can access requirements in common office formats as well as requirement management systems such as IBM Rational DOORS and Visure Requirements.
This capability allows you to connect high level requirements to lower level requirements including those that involve unit testing and system testing on spaceflight hardware.
2. Coding Standards Compliance - The LDRA tool suite includes the capability to provide compliance against a variety of industry code review standards, as well as create your own. A library of hundreds of rules can be mapped to in house standards and rules as well as check code, before runtime, for a variety of runtime errors such as buffer overflows and misuse of pointers.
3. Structural Coverage Analysis - Required by both DO-178B and Def Stan 00-55 Structural Coverage Analysis ensures all code on the spacecraft has been tested. Coverage up to MC/DC can be used to ensure against conditions masking each other. This is particularly useful in cases where the space environment's effects may cause conditions that would not be seen in ground test to exhibit themselves.
4. Object Code Coverage - In order to ensure that the system object code is an accurate translation of the high level language, both DO-178B and Def Stan 00-55 require some level of proof this translation, which object code coverage helps to provide, ensuring that 100% coverage at the object code level is achieved when 100% coverage at the source code level is achieved. The Testbed Object Box coverage module enable the automated measurement of the object code, helping to ensure that this DO-178B objective is met.
5. Secure Code - For spacecraft ground station software, secure coding provides insights into both runtime defects and errors that can lead to vulnerabilities that can be exposed by malicious code. While this is potentially useful in spacecraft flight software as well, examination of these potential defects is vital when ground software is connected to wider area networks.
5. Unit Test - Unit test capabilities allow developers to test code before the hardware has been developed as well as forces them to examine a full set of input conditions in their code. Without unit test, especially combined with structural coverage analysis, developers typically choose input test conditions that are convenient to test. The introduction of structural coverage tools forces them to choose a more representative set of input conditions.
6. Target Capabilities - The LDRA tool suite can be used in wide variety of embedded targets, including those using radiation hardened spacecraft flight computers. In addition the LDRA tool suites capabilities are available in host applications. This wide range of capabilities allows for uniform enforcement of process, including the elements above, throughout the spacecraft flight and ground software development life cycle.