U.S. Army Uses SCADE Suite to Improve Requirement V&V on Flight Control System
The U.S. Army’s Software Engineering Directorate (SED) is responsible for providing mission critical computer resource expertise to support weapons systems throughout their lifecycle. The SED works with the Army’s Aviation Engineering Directorate to ensure that software used to develop aviation systems satisfies airworthiness qualification requirements, namely DO-178B. The SED is also charged with researching and testing new COTS tools that may speed the development of future military aircraft while maintaining the requirements of the Aviation Engineering Directorate.
As avionics and mission systems become more complicated, the SED has identified a number of concerns and challenges to their mission. First, traditional verification and validation systems are not as effective for evaluating airworthiness of highly integrated software systems. Secondly, incorrect or incomplete requirements result in a large number of root cause problems, especially as systems become more complex. Also, software design implementation does not accurately reflect intended safe functionality. And finally, manual coding is subject to human error.
The Army SED chose to evaluate SCADE Suite in an attempt to mitigate some of these challenges with the goal of finding a COTS tool that would allow the SED to more objectively analyze software system safety. An existing flight control system application was analyzed.
By using SCADE Suite and SCADE Suite Design Verifier, a module that enables users to prove that a design is safe with respect to its requirements, the Army SED modeled 925 requirements for the flight control system. 198 defects were found, including 144 found using SCADE that would have been missed with traditional V&V. More importantly, 62.5 percent of all
catastrophic defectswere found using model verification, not traditional methods.
The later that errors are introduced in the development cycle, the more costly it becomes to correct them. In order to complete the SCADE evaluation, the Army analyzed where requirements errors were introduced and the effect on development cost. Using traditional V&V methods, 2278 man hours were spent in requirements review. This was reduced by 40 percent by using SCADE Suite Design Verifiier. The 144 requirements errors that were found up front using SCADE rather than later in the development phase resulted in a savings of $213,000 or 5 percent of the total project costs.