ISVV Process and Facility Project

2004

This paper presents a study on dedicated software product assurance measures and dependability techniques to support space on-board autonomous functions. An analysis of current standards and techniques in space and other domains, and a survey of software autonomy projects from the point of view of product assurance, dependability and safety are presented. Product assurance measures are proposed, and the paper concludes with the description of two generic software components developed and experimented to provide additional safety mechanisms in autonomous space systems: a "safety bag" in charge of monitoring on-board a set of safety properties, and a "plausibility checker" complementing on ground the validation means for interpreted procedures before they are uploaded and executed on-board.

2002

Over the years, the complexity of space missions has dramatically increased with more of the critical aspects of a spacecraft's design being implemented in software. With the added functionality and performance required by the software to meet system requirements, the robustness of the software must be upheld. Traditional software validation methods of simulation and testing are being stretched to adequately cover the needs of software development in this growing environment. It is becoming increasingly difficult to establish traditional software validation practices that confidently confirm the robustness of the design in balance with cost and schedule needs of the project. As a result model checking is emerging as a powerful validation technique for mission critical software. Model Checking conducts an exhaustive exploration of all possible behaviors of a software system design and as such can be used to detect defects in designs that are typically difficult to discover with conventional testing approaches.

ACM SIGSOFT Software Engineering Notes, 1994

The ESSDE Reference Facility Project, whose goal is to provide a uniform, open environment for software development at the European Space Agency (ESA), has just completed the architectural design phase. A software engineering environment based upon the Portable Common Tool Environment (PCTE) interfaces has been specified, including a complete data model supporting all activities and products in the ESA standard software development life cycle. Several issues of much current interest have been addressed including scalability, configurability and the integration of commercial tools into an existing framework.

Proc. of the Int. Space …, 2009

This paper reports the results of an ESA funded project on the use of abstract interpretation to validate critical real-time embedded space software. Abstract interpretation is industrially used since several years, especially for the validation of the Ariane 5 launcher. However, the limitations of the tools used so far prevented a wider deployment. Astrium Space Transportation, CEA, and ENS have analyzed the performances of two recent tools on a case study extracted from the safety software of the ATV: -ASTRÉE, developed by ENS and CNRS, to check for run-time errors, -FLUCTUAT, developed by CEA, to analyse the accuracy of numerical computations. The conclusion of the study is that the performance of this new generation of tools has dramatically increased (no false alarms and fine analysis of numerical precision).

IEEE Systems Journal, 2013

2009

Developing software for high-dependable space applications and systems is a formidable task. With new political and market pressures on the space industry to deliver more software at a lower cost, optimization of their methods and standards need to be investigated. The industry has to follow standards that strictly sets quality goals and prescribes engineering processes and methods to fulfill them. The overall goal of this study is to evaluate if current use of ECSS standards is cost efficient and if there are ways to make the process leaner while still maintaining the quality and to analyze if their V&V activities can be optimized. This paper presents results from two industrial case studies of companies in the European space industry that are following ECSS standards and have various V&V activities. The case studies reported here focused on how the ECSS standards were used by the companies and how that affected their processes and how their V&V activities can be optimized.

2001

The National Aeronautics and Space Administration Space (NASA) Shuttle program is a multi-billion dollar activity scheduled to span over 40 years. Maintaining such software with requirements for high reliability and mission safety taxes current development methods. In this paper we present how Independent Verification and Validation (IV&V) activities have evolved in order to provide for these requirements. We also show how the IV&V activities for this program differ from those of more traditional software developments.

DASIA …, 2003

Space technology is no longer used only for much specialised research activities or for sophisticated manned space missions. Modern society relies more and more on space technology and applications for every day activities. Worldwide telecommunications, Earth observation, navigation and remote sensing are only a few examples of space applications on which we rely daily. The European driven global navigation system -Galileo -and its associated applications, e.g. air traffic management, vessel and car navigation, will significantly expand the already stringent safety requirements for space based applications Apart from their usefulness and practical applications, every single piece of onboard software deployed into the space represents an enormous investment. With a long lifetime operation and being extremely difficult to maintain and upgrade, at least when comparing with "mainstream" software development, the importance of ensuring their correctness before deployment is immense. Verification & Validation techniques and technologies have a key role in ensuring that the onboard software is correct and error free, or at least free from errors that can potentially lead to catastrophic failures.