See edit history of this section
Post feedback on this section
- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
1. Requirements
4.5.8 The project manager shall validate the software system on the targeted platform or high-fidelity simulation
1.1 Notes
Typically, a high-fidelity simulation has the exact processor, processor performance, timing, memory size, and interfaces as the target system.
1.2 History
1.3 Applicability Across Classes
Class A B C D E F Applicable?
Key: - Applicable | - Not Applicable
2. Rationale
Validation is a process of evaluating work products to ensure that the right behaviors have been built into the work products. The right behaviors adequately describe what the system is supposed to do and what the system is supposed to do under adverse conditions. They may also describe what the system is not supposed to do.
Validation is performed to assure that the specified software systems fulfill their intended use when placed on the targeted platform in the target environment (or simulated target environment). The methods used to accomplish validation on the actual target platform or in a high fidelity simulator may include aspects that were applied to previous software work products (requirements, designs, prototypes, etc.). The use of these methods provides continuity of results through the assembling system. The use of the high-fidelity or targeted system allows the software developers to check systems-level interfaces, memory performance and constraints, event timing, and other characteristics that can only be evaluated properly in the real system or near-system environment (see SWE-055). Validation activities include preparation, performance, analysis of results, and identification of corrective action. Validation at the systems level ensures that the correct product has been built. 001
3. Guidance
The basic validation process is shown below with the steps addressed by this requirement highlighted:
Validation activities are not be confused with verification activities as each has a specific goal. Validation is designed to confirm the right product is being produced while verification is conducted to confirm the product being produced meets the specified requirements correctly.
Validation, as used in this requirement, addresses the following:
- Confirmation of the correctness, completeness, clarity, and consistency of the requirements with stakeholders.
- Confirmation that implied or inherent requirements (e.g., the system must do X before Y) are correctly implemented.
See SWE-055 for additional information on requirements validation during the concept, design, coding, and initial testing phases of the software development life cycle.
Once the software work products have been integrated into a software system, validation activities are concentrated on systems-level effects, interactions, interfaces, and the overall behavior of the system (i.e., whether the system is providing for and meeting the needs of the customer). This level of validation can be accomplished in either an actual operational environment with the use of the targeted platform or if this combination is not viable, on a high-fidelity simulator. A high-fidelity simulation typically has the exact processor, processor performance, timing, memory size, and interfaces as the flight unit.
The following scenarios provide additional considerations for the selection of the most appropriate validation approach at the systems level:
- Operational environment demonstrations.
- Running the software in an actual operational environment.
- Using this technique to confirm that implied, derived, and inherent requirements such as "the software will run" are properly fulfilled in the target environment.
- Using this technique to view a system or subsystem as a collected implementation of the requirements and confirm that the software product fulfills its intended purpose, not just individual requirements, but as a collected set of requirements, addressing needs, expected behavior, and functionality.
- Behavior in a simulated environment.
- Running the software in a simulated operational environment.
- Using this technique when running the system in the actual environment is not possible or is impractical (costly).
Using this technique to view a system or subsystem as a collected implementation of the requirements and confirm that the product fulfills its intended use, not just individual requirements, but as a collected set of requirements, addressing needs, expected behavior, and functionality.
See Lessons Learned for other considerations related to simulated environment validation.
- Portability requirements may require the software to be run on a variety of platforms.
- Validate portability by running appropriate software and system tests on all the required platforms.
Also, consider user-created operational scenarios, when appropriate. They can be a valuable tool in either simulated or operational environments.
4. Small Projects
The small project does not normally involve highly complex platforms, so it is generally easier and cheaper to validate software systems on the targeted platform. However, the environment for space systems will typically need to be simulated during validation for projects regardless of size. When using simulated platforms, small projects are advised to look for existing tools rather than creating their own.
5. Resources
5.1 References
- (SWEREF-001) Software Development Process Description Document, EI32-OI-001, Revision R, Flight and Ground Software Division, Marshall Space Flight Center (MSFC), 2010. This NASA-specific information and resource is available in Software Processes Across NASA (SPAN), accessible to NASA-users from the SPAN tab in this Handbook.
- (SWEREF-197) Software Processes Across NASA (SPAN) web site in NEN SPAN is a compendium of Processes, Procedures, Job Aids, Examples and other recommended best practices.
- (SWEREF-209) IEEE Computer Society, IEEE Std 1012-2012 (Revision of IEEE Std 1012-2004), This link requires an account on the NASA START (AGCY NTSS) system (https://standards.nasa.gov ). Once logged in, users can access Standards Organizations, IEEE and then search to get to authorized copies of IEEE standards.
- (SWEREF-219) IEEE Std 1028, 2008. IEEE Computer Society, NASA users can access IEEE standards via the NASA Technical Standards System located at https://standards.nasa.gov/. Once logged in, search to get to authorized copies of IEEE standards.
- (SWEREF-224) ISO/IEC 12207, IEEE Std 12207-2008, 2008. IEEE Computer Society, NASA users can access IEEE standards via the NASA Technical Standards System located at https://standards.nasa.gov/. Once logged in, search to get to authorized copies of IEEE standards.
- (SWEREF-273) NASA SP-2016-6105 Rev2,
- (SWEREF-277) NASA-STD-8739.9, NASA Office of Safety and Mission Assurance, 2013. Change Date: 2016-10-07, Change Number: 1
- (SWEREF-405) Issue 1, Revision 1, ESA Board for Software Standardization and Control, 1995. FOR SECURITY REASONS, ALL LINKS TO THE ftp.estec.esa.int SERVER ARE DISABLED. YOU MAY REQUEST RELATED DOCUMENTS TO bssc@esa.int
- (SWEREF-539) Public Lessons Learned Entry: 1122.
- (SWEREF-578) Public Lessons Learned Entry: 3716.
5.2 Tools
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.
6. Lessons Learned
6.1 NASA Lessons Learned
The NASA Lessons Learned database contains the following lessons learned related to simulations:
- Aero-Space Technology/X-34 In-Flight Separation from L-1011 Carrier, Lesson No. 1122 539: A recent NASA technology program recognized the need to validate its flight (systems) level software in a series of simulated environments because of the concern over its inability to validate the software on the targeted platform (i.e., the X-34 separation from an L-1011 aircraft) ahead of the operational mission. The concern was heightened because of the seeming distributed nature of the mission's safety functions among the project's participants.
- Testbed Limitations May Impact End-to-End Flight System Testing, Lesson No. 3716 578: "After 11 years of spaceflight, it was discovered that the dual string Stardust/NExT spacecraft was incapable of switching to the redundant flight system. Flight software changes made only 3 weeks before launch had inhibited side swapping, and the testbed that had verified the changes was not capable of simulating redundancy switching. When it is infeasible to test such changes using the flight system integrated with the launch system, assure that the system testbed is fully equipped for end-to-end simulation of the flight system."
The Recommendation states: "When it is only feasible to test 'last-minute' command changes or flight software changes via simulation, instead of using the flight system that has been integrated with the launch vehicle, assure that the simulation testbed is capable of end-to-end verification of the impact on all flight software functions, including fault protection. Should the system testbed lack high fidelity features such as dual string simulation, the project should identify potential testing shortfalls and address how it will validate the test results ."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
- Confirm that the project validates the software components on the targeted platform or a high-fidelity simulation.
7.2 Software Assurance Products
- None at this time.
Objective Evidence
- Software test procedures
- Software test plan
- Software test reports
7.3 Metrics
- # of software components (e.g. programs, modules, routines, functions, etc.) planned vs. # released in each build
7.4 Guidance
For this requirement, confirm that the validation of the software system is being done on the target platform, or if that is not possible, on a high fidelity simulation. If the testing is done on a high fidelity simulation, identify any risks they see with using the high fidelity simulation instead of the intended platform. To identify potential risks in using the high fidelity simulation instead of the intended platform, think about the capabilities that the high fidelity simulator is not able to replicate exactly, including any interfaces that are not able to provide realistic inputs. There may be risks in any operational scenarios that cannot be tested fully because realistic simulator inputs are not available or because the simulator does not exactly replicate the capabilities of the flight systems.