ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (3): 654-668.doi: 10.7544/issn1000-1239.2017.20151055

• 软件技术 • 上一篇    下一篇



  1. 1(北京航空航天大学计算机学院 北京 100191); 2(中航工业西安航空计算技术研究所 西安 710068) (
  • 出版日期: 2017-03-01

Objectives Conformity Argument Patterns for Software Testing Process in DO-178C

Yang Yang1, Wu Ji1, Yuan Chunchun1, Liu Chao1, Yang Haiyan1, Xing Liang2   

  1. 1(School of Computer Science and Engineering, Beihang University, Beijing 100191); 2(Xi'an Aeronautics Computing Technique Research Institute, Aviation Industry Corporation of China, Xi'an 710068)
  • Online: 2017-03-01

摘要: 安全关键软件已广泛应用于众多领域.鉴于其对防范灾害风险方面的特殊要求,必须符合相关领域的安全性标准.但是目前对于如何建立面向标准的目标符合性论证模型,尚缺乏有效的方法.针对DO-178C标准中关于软件测试过程目标的特征描述,提出了一个基于GSN的目标论证模式描述框架,分别从解决问题、解决方案、应用方法和产生效果4个方面对目标论证模式进行描述;同时使用一种扩展的安全案例模式描述方式,用以描述面向标准的目标符合性论证模式.在此基础上,提出了3种面向DO-178C软件测试过程的目标符合性论证模式,分别是代码-需求符合性论证模式、需求测试覆盖率论证模式、结构测试覆盖率论证模式,并提出基于这些模式建立针对特定项目的目标符合性论证结构的实例化方法,为建立面向DO-178C软件测试过程的目标符合性论证结构提供了有效指导.通过一个机载嵌入式实时操作系统的案例,说明了提出的目标符合性论证模式的可用性和有效性.

关键词: 安全关键性软件, 适航认证, DO-178C, GSN, 论证模式

Abstract: Safety-critical software has been widely used in many fields. As the specific requirement of safety-critical software is preventing catastrophes, this kind of software must comply with its relevant safety standards. But now it does not have any effective ways to construct objectives conformity argument model for standards. By analyzing the features of objectives of software testing process in DO-178C, an objective conformity argument pattern description framework based on GSN is proposed, and these patterns are described through four fields: the problems that we need to solve, the specification for the solution, the approach to use them and the effect after using them. At the same time, some extensions for safety case patterns are proposed to describe the objectives conformity argument patterns. On this basis, three objectives conformity argument patterns based on software testing process in DO-178C are proposed, which are code-requirement conformity argument pattern, test coverage of requirements argument pattern and test coverage of structure argument pattern. At the same time, the instantiated method to build the objectives conformity argument structure for a specific program based on these patterns is proposed. People can construct objectives conformity argument structure for objectives of software testing process in DO-178C effectively through the proposed way. At last, one case study, which is an embedded real-time operating system, indicates that the objectives conformity argument patterns proposed here are useful and effective.

Key words: safety-critical software, airworthiness certification, DO-178C, GSN, argument patterns