bannerb

A. Introduction

B. Institutional Requirements

C. Project Software Requirements

D. Software Topics

E. Tools, References, and Terms

F. SPAN
(NASA Only)

Versions Compared

Old Version 21

changes.mady.by.user Haigh, Fred Douglas. (HQ-KA000)[PEROT]

Saved on

compared with

New Version 23

changes.mady.by.user Haigh, Fred Douglas. (HQ-KA000)[PEROT]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Set Data
hiddentrue
namereftab
6

...

idtabs-1

1. Introduction

Model-based software development uses a model as the centerpiece of the development process. Software engineers create a model of the system behavior that can then be translated into different languages such as C or Ada by the appropriate code generator. The model is continually refined throughout the development process and can even be executable. For maximum benefit, the generated code should not be modified by software engineers; when changes are desired, the model is revised and code is generated from the revised model.

Both the modeling tool and the code generation tool are part of a toolset that makes up the model-based development system, referred to in this guidance as MBDS.

Efficiency is a key benefit of using MBDS, but there are many considerations to be reviewed when deciding whether MBDS is the right choice for a project. For a list of pros and cons, see the

Tablink
1Determining the Need for MBDS
tab2
linktextDetermining the need for MBDS
 section of this guidance.

1.2 Purpose

This document addresses guidance for projects that desire to use MBDS. This guidance addresses:

  • Identifying the need for MBDS.
  • Choosing an appropriate MBDS.
  • Practices to avoid.
  • Recommended practices.

1.3 Roles

...

Role

...

Responsibility

...

Project Manager

...

Approves MBDS acquisition

...

Software Project Lead

...

MBDS analysis and selection, project procedure development

...

Software Engineers

...

Carrying out recommended practices

...

V&V Personnel

...

Receive, verify and validate MBDS tools, auto-generated code

Div
idtabs-2

2. Determining the need for MBDS

Before automatically assuming that MBDS is the right choice, it should be determined whether this type of system is appropriate for the project. The following questions should be addressed when making this determination:

  1. Why does the project want to use MBDS? What is the benefit to the project?
  2. What is the team's experience with software development using MBDS?
  3. What are the pros and cons of using MBDS? Are there specific pros and cons to be weighed for this project?
    1. General pros:
      1. Shifts the focus from implementation to design
        Swerefn
        refnum244
        allowing the focus to be on the problem being solved.
      2. Can improve productivity, quality and complexity hiding.
        Swerefn
        refnum244
      3. Can provide consistent products and lower error rates.
        Swerefn
        refnum244
      4. Can create optimized efficient implementations.
        Swerefn
        refnum226
      5. Helps avoid programmer errors such as typos, pointer problems, etc.
        Swerefn
        refnum226
      6. Can enforce programming practices.
        Swerefn
        refnum226
      7. Can provide for shared resource protection, memory management, code and data optimization, process and data distribution, bug avoidance, less testing, and reuse.
        Swerefn
        refnum226
      8. Can adapt quickly to changes in requirements.
        Swerefn
        refnum226
      9. Increases productivity by maximizing compatibility between systems, simplifying the process of design, promoting communication between individuals and teams working on the system.
        Swerefn
        refnum253
      10. Helps recognize problems early on and reduce risk.
      11. Reduces iterations in the development cycle, reducing development time and cost.
    2. General cons:
      1. MBDSs are typically not qualified; therefore, there is no guarantee that their output is correct.
        Swerefn
        refnum193
      2. "Code reviews are still necessary for mission-critical applications, but the generated code is often difficult to understand..."
        Swerefn
        refnum193
      3. "Common modeling and programming languages do not allow important requirements to be represented explicitly (e.g., units, coordinate frames, quaternion handedness); consequently, such requirements are generally expressed informally and the generated code is not traced back to these requirements."
        Swerefn
        refnum193
      4. "Writing documentation is tedious and therefore often not completed or kept up to date."
        Swerefn
        refnum193
      5. "Limited code generation possibilities force developers to start manual programming after design. This kills the idea of full code generation and minimizes the productivity benefits."
        Swerefn
        refnum244
      6. Flaws in parsers or generators can have wide effects downstream.
        Swerefn
        refnum226
  4. Will the amount of code the project will be developing warrant/justify the use of MBDS?
  5. Does the project or Center already have MBDS that can be used or will the project need to purchase, rent, or develop MBDS? What are the pros and cons of each option?
  6. How will using MBDS affect the maintenance of the developed code?

...

idtabs-3

3. Choosing MBDS

Once the decision has been made that MBDS is appropriate for a project, the actual system needs to be selected. When choosing a system, the following considerations should be included in the decision-making process:

...

Swerefn
refnum226

...

Swerefn
refnum226

...

Swerefn
refnum276

...

Swerefn
refnum276
  1. How much of the code can the tool generate?
  2. How much will have to be hand-coded?

...

Swerefn
refnum369
  1. Look at the MBDS's history/track record.
  2. Determine what, if any, analysis exists to verify the software produced by the MBDS.

...

Swerefn
refnum276

...

Swerefn
refnum276

...

Swerefn
refnum276
  1. Choose the right tool for the development environment.
  2. Choose the right method for the problem to be solved.
  3. Choose tools and methods that will work together.

...

Swerefn
refnum244
  1. Choose MBDS that allows focus to be on the model/design, which is the problem, not the code.
  2. Choose MBDS in which the domain knowledge is made explicit for the development team, being captured in the modeling language and its tool support.

...

Swerefn
refnum276

...

Swerefn
refnum369
  1. Consider importance to project of being able to use different input models.

...

Swerefn
refnum369
  1. Consider how much flexibility is needed to meet project requirements for generated code.
  2. If each mission can impose its own coding standards for the code being generated, then the flexibility of the output of the generator is important.
  3. Consider whether the project has a need for generating multiple forms of code from the same input, such as 1) C/C++ code, 2) a model representation that can be run through a model-checking tool and 3) a model that can be executed in simulation.

...

Swerefn
refnum245

...

Swerefn
refnum226

...

Tablink
1See also Recommended Practices section.
tab5
linktextalso see Recommended Practices

...

idtabs-4

4. Issues and Pitfalls, Practices to Avoid

As with any development methodology, there are issues associated with MBDS and practices that can result in unintended consequences. To ensure the best outcome for a project using MBDS, the following recommendations should be part of the process of developing associated procedures:

...

Swerefn
refnum226

...

Swerefn
refnum226

...

Swerefn
refnum226
  1. MBDS which are maintained internally (e.g., project or center) can have customizations and/or bug fixes that may not be documented or that may have side effects.

...

Swerefn
refnum369
  1. One advantage of MBDS is moving some of the testing activities earlier in the life cycle. If major problems are found, they can be resolved with less impact on the budget or schedule of the project.
  2. Disadvantages include a reliance on the automatically generated source code (which may not be generated correctly) and the difficulty of knowing how well the model conforms to reality. Interactions between parts of the system may not be evident until the system is operational.

...

Swerefn
refnum369

...

Swerefn
refnum369

...

idtabs-5

5. Recommended Practices

The following practices, collected from a variety of sources, are recommended practices when using MBDS in a project. These practices should be considered when developing project or center procedures for the use of MBDS:

...

Swerefn
refnum226
  1. Including instrumentation, such as internal or intermediate check points, in production code is problematic as that code has the potential for inadvertent execution.
  2. Including instrumentation and then removing it is also problematic as it changes the production code from the tested, verified code.

...

Swerefn
refnum133

...

Swerefn
refnum160
  1. Invalid models should be rejected by the generator while correct models should be translated properly into code.
  2. Correct functioning of the generator can be ensured if the test model and the generated code behave the same when subjected to the same stimulus/test data.

...

Swerefn
refnum226

...

Swerefn
refnum226

...

Swerefn
refnum193

...

Swerefn
refnum193

...

Swerefn
refnum193

...

Swerefn
refnum369

...

Swerefn
refnum226

...

Swerefn
refnum226
  1. Use good modeling principles
    Swerefn
    refnum250
    , including:
    1. Keep the model as simple as possible
    2. Keep the model semantically well-defined
    3. Keep the model organized and manageable
    4. Use a practical point of view: if you aren't going to use it, don't model it
  2. Structure the model logically and make it architecturally consistent.
  3. Include notations and comments in the model so the purpose of each element/module is clear.

...

Swerefn
refnum369
  1. Include system engineers and software engineers in joint reviews to identify misunderstood or unclear requirements.

...

Swerefn
refnum133
  1. Use separate folders/directories for generated code.
  2. Include commentary at the beginning of generated code to clearly identify it as generated.

...

Swerefn
refnum133
  1. Code which is 100 percent generated should neither be changed nor checked into the repository.
  2. Code which is 100 percent generated is a disposable good - the important artifacts are the models.
  3. The only time it can make sense to check-in generated code is when, for some reason, it is impossible to integrate the generator run into the build process.

...

Swerefn
refnum133

...

Swerefn
refnum133
  1. Generated code should satisfy the same quality requirements that apply to manually written code.
  2. Generated code should follow applicable coding styles and use well-established design patterns.

...

Swerefn
refnum276

...

  1. Make an effort to understand what details are being abstracted and make a conscious choice as to whether the team will be comfortable with the level of abstraction provided.
  2. A good practice is to maintain a controlled library of accepted, reusable model elements and limit developers to using only approved libraries.
  3. A mechanism should exist for getting additional model elements into the approved library.
  4. Each project may need to review the library set for suitability for that application. For example, a model element that is acceptable for processing data on the ground may not be acceptable on a real-time flight control system.

Additional guidance related to auto-generated code may be found in the following related requirement in this Handbook:

SWE-146

Auto-generated Source Code

Div
idtabs-6

6. Resources

refstable-topic

6.1 Tools

toolstable-topic
Page Editor: Tim Crumbley
NASA Official: Tim Crumbley
NASA Software Engineering Handbook - A service of the NASA Office of the Chief Engineer
NASA Privacy Statement
______________________________________________________________________________