Geek Answers Handbook

Is it flexible programming ... ad hoc for mission critical systems?

For example, would it be incredibly dangerous to do this for avionics?

Notice, I do not quite understand Agile.

+7
real-time agile sdlc safety-critical
source share
10 answers

I worked on air traffic control systems using essentially the waterfall process, and these projects could definitely benefit from agile practice. I don’t like to think about what part of the code works “randomly”, without any automated unit-level regression testing. And all that is needed is something like a red herring. Although it is also true that aerospace systems are probably as close as you can get to the specified front requirements, you still have arguments in favor of the meaning of the ambiguous requirements that appear only when the system has to pass acceptance tests. Or you have bandwidth problems that no one considered last in the game due to the large integration. Test-first solutions with spikes, continuous integration, pair programming - I think that all this would improve the projects that I worked on.

UPDATE: Not to mention how often the “project documents” were a bunch of lies towards the end of the project, because the design necessarily evolved in the face of reality. Agile acknowledges the appearance of a design that is just as real in Waterfall projects as it is in any other, rather than trying to pretend that you can get a design before you start writing code.

+18
source share

I work in the aerospace industry (especially for satellites), and we use a hybrid approach, because we face two different problems: the requirements for the real world and the requirements for business processes.

We use the waterfall approach for spacecraft requirements and critical sections, because changes on the satellite are slow and rare, and screwing in there is bad.

But for constantly changing business processes, we use a flexible approach, because the way they fly on a spaceship is constantly changing due to customer requirements. Screwing means that in the worst case, the user gets non-good results.

+9
source share

I do not have enough experience in this area (except for the user of aviation systems) to form my own truly independent opinion. However, everything that I continue to read about critical systems that have a better track record makes me think that a waterfall is the best way. This is possible because people are prepared to resolve the additional loss of freeze requirements in order to increase safety. In this case, the tradeoffs are slightly different.

+5
source share

Determining the applicability of agile practices for mission and vital systems

Flexible Filters

In short, there is no Agile programming. There are many practices. Some of them are better than others, but in general, any project will be useful for some of these practices.

The largest area of ​​people, as a rule, is engaged in modeling and architecture. There are many teams that use flexible methods — for example, I know the members of the Fun3d team with NASA — they use flexible methods with things such as Space Shuttle support.

There are several groups dedicated to this type of work - so this is possible. You just need to know your risks - just like any other methodology.

+5
source share

Agile must be a disciplined process. Regardless of your process, security issues in this case must be addressed in advance. I don’t see how delivery is in iterations, using a continuous assembly system, calculating the burning parameters of programmers, holding meetings, active participation of the client, etc. Adversely affect security.

+2
source share

There are many considerations. First, your critical safety. If your answer is “A” or “B” (and indeed “A”), then absolutely NOT. You will not succeed in making Agile in any way in form or form. There are very strict coding standards, documentation standards, and process standards required from level A software (my experience is about 15 years). It includes:

  • Full traceability up / down.
  • Full coverage of branches.
  • Full tiered coverage.
  • Key documents outlined by DO-178B include: SRD, SDD, SCI, SCMP, SDP, TQP, SCI ...

Thus, you must not only certify your code, design and requirements, but also certify tool kits, compilers, automated test equipment, etc.

In short, this is really not a small feat, and it will not be done with a small team. Similarly, the interfaces are really robust and very specific as well as static. Changing interfaces usually requires coordination with 3+ companies (Airframe, Vender 1 - Vender 2).

Honestly, a 12-line code change can cost up to $ 170,000. Of course, changing 500 lines of code would be $ 190,000. In short, there is a huge process overhead associated with level A code (much less with level B, even less with C and very little with level D), making small iterations very expensive; i.e. it costs a lot of money to get a fully charged and flying 777 to test a little change. Even the system test laboratories of large commercial aircraft will have a burning rate of $ 10,000 per day.

For example: Level A: HUD, Thrust Reversers, Power-Systems, FADEC (engine control) Level B: Secondary switching logic, Voice communication systems. Level C: In flight data channels. Level D: in flight entertainment systems.

Tier D and possibly Tier C may be candidates for Agile.

+2
source share

I think it depends on how security requirements are integrated into the process. If they are an additional set of tests, then nothing that contradicts flexible programming. I believe that flexible methods will help you create safer software, since flexible projects tend to be of higher quality than waterfall projects. What is important is that the additional quality assurance that you have installed is also used for agile methods.

But if safety requirements apply to the construction process, this may be contrary to flexible methods.

+1
source share

In fact, there is a variation of the waterfall model, called the V-shaped model, which is preferable, for example, IEC61508. This is a kind of waterfall, but with provisions for re-iterating (s) the main project cycle. The main goal of repeated iterations in this case is to consider problems found at different stages of the process. The main idea is that there is a problem in the future along the road that you encounter, in the future you must go in your process to take care and analyze the impact of your changes.

So this is not really Agile, but ... :-)

+1
source share

You could have used a flexible approach, but the first pass should have included aspects of safety and security, or at least ensure that you do not shoot in the leg and do not rewrite all of this. But I agree with Brian, you are probably better off using the Waterfall approach for such projects.

0
source share

At the EuroStar 2009 conference, Gittie Ottosen talked about how they are progressing in their company. What is impressive is that this Systematic company creates software for aircraft, military, etc. They do this in accordance with CMMI 5, ISO 9001 and AQAP 150 & 2110. Therefore, I think that a flexible system can be applied to systems with high rules. Perhaps try to find this presentation and try to get more information from it.

0
source share

More articles:


All Articles