4.4.7 The project manager shall perform, record, and maintain bidirectional traceability from software design to the software code.
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
1.2 Applicability Across Classes
If Class D software is safety critical, this requirement applies to the safety-critical aspects of the software.
Class F and Class G are labeled "X (not OTS)." This means that this requirement does not apply to off-the-shelf software for these classes.
Bidirectional traceability matrices help ensure that all of the software features and components contained in the software design are included in the software code. Bidirectional traceability also helps ensure that only what is required is developed. Bidirectional traceability matrices also make it less likely that requirements and design are misinterpreted as they are refined.
Code (software) is based on a software design which is based on a set of software requirements. Some measure of assurance is needed to show that the created code fulfills the design upon which it is based without leaving out any design elements or adding any new functionality not present in the design.
Tracing elements of the code such as functions, subsystems, modules, Computer Software Configuration Items (CSCI), etc. to design elements helps provide the basis of this assurance.
Traceability matrices help ensure that each design element, typically documented in a Software Design Document (SDD), is implemented in the resulting software, giving a reason for the code implementation through the design back to the software requirements.
Traceability links between individual requirements and other system elements, including, but not limited to, source code, are helpful tools when evaluating the impact of changing or deleting a requirement. When a requirement is changed, traceability can help identify the affected products, including design, documentation, source code, tests, etc. (NASA-GB-8719.13, NASA Software Safety Guidebook
Tracing source code to design elements also provides the ability to demonstrate traceability of safety-critical software functions and safety-critical software controls to detailed design specifications.
Bidirectional traceability is defined as a traceability chain that can be traced in both the forward and backward directions as illustrated below (Westfall, 2006
Bidirectional traceability is a traceability chain that can be traced in both the forward and backward directions. Figure 2 illustrates how software design and software code are traced between software products.
Before starting the traceability activity, it is assumed that the documents being traced (e.g., requirements, design, code, test data, etc.) have been approved.
Using a matrix such as the one shown below (Westfall, 2006
While traceability matrices are not the only method for capturing bidirectional traceability, they are the most common. Traceability matrices can be included in the documents, such as the Software Requirements Specification (SRS), to which they apply or they can be combined into a single matrix covering higher level requirements, software requirements, design, code, and verification. General guidance for creating a bidirectional traceability matrix includes the following suggested actions:
- Create the matrix at the beginning of the project.
- Uniquely identify the elements in the matrix (requirements identifiers, design document identifiers and paragraph numbers, code module identifiers, etc.).
- Keep the matrix maintained throughout the life of the project.
- Assign responsibility for creating and maintaining the matrix to a project team member, since managing the links/references can be a labor-intensive process that needs to be tracked and monitored.
- Maintain the matrix as an electronic document to make maintenance and reporting easier.
- Create the matrix such that it may be easily sorted to achieve/convey bi-directional traceability.
Ensure a review of the matrix at major phases / key reviews of the project.
If the software development team is not the same as the software design team, collaboration may be needed to ensure proper bidirectional traceability between source code and design. Early collaboration is valuable since a one-to-one subsystem to design package relationship (or as close as possible), makes the traceability activity between design and source code much simpler.
Key aspects of tracing source code include:
- Clear tracing of safety requirements to the source code that implements them (typically via comments in the code or via the traceability matrix using requirements traced to design to code) (NASA-GB-8719.13, NASA Software Safety Guidebook
Swerefn refnum 276
- For traceability purposes, safety-critical code and data is to be commented as such (NASA-STD-8719.13C, NASA Software Safety Standard
Swerefn refnum 271
- Trace source code to the detailed design specifications.
- Map each low level function or data specification to the requirements it fulfills.
Swerefn refnum 047
- Trace unit tests to source code and to design specifications.
Swerefn refnum 127
NASA-specific bidirectional traceability resources are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
Additional guidance related to bidirectional traceability may be found in the following related requirements in this Handbook:
Bidirectional Traceability Between Higher Level Requirements and Software Requirements
Bidirectional Traceability Between Software Requirements and Software Design
Bidirectional Traceability Between Software Test Procedures and Software Requirements
4. Small Projects
For small projects without access to a tracing tool for requirements, design, and code and with budget limitations preventing them from acquiring a new tool and associated training, tracing may be done with a spreadsheet (such as Excel), a simple database (such as Access) or a textual document. It is very important that the project be diligent about keeping such traces up to date as these methods do not include automatic updates when requirements, design elements, etc. change.
In some instances, value-based requirements tracing may be a prudent deviation/waiver request against SWE-064 which would provide partial relief from this requirement. However, no matter how small the budget is, traceability of safety-critical requirements all the way through design and code is always a priority.
6. Lessons Learned
No Lessons Learned have currently been identified for this requirement.