Peter Huntley-Hawkins, Principal Specialist at Lloyds’ Register discusses the issues and the importance of LR’s Software Conformity Assessment System (SCA).
In today’s virtual world, hardware-based systems are increasingly being replaced by software applications. This marks a considerable step forward in terms of the design, development and delivery of critical marine and offshore safety systems. A software-based approach is more flexible, easier to change and enables over-the-air (OTA) deployment, provisioning and evergreen updates. It also enables adaptions and iterations without device recalls or physical visits from engineers. But software systems are also more complex and, without the appropriate level of certification, should not be relied on to support today’s safety solutions.
The trend towards software-based applications
Promising a flexible answer to the random failures that have beset traditional marine and offshore control systems, the trend towards software-based applications offers very real advantages. Unlike hardware, software doesn’t wear out or suffer from manufacturing defects. As above, software-only solutions can be remotely deployed and updated, and when developed in an open environment, can also provide a hardware agnostic option that can run on Commercial off the Shelf (COTS) platforms – which can considerably reduce costs.
But they’re not perfect. While they may not be subject to the same issues that have impacted hardware, there is little doubt that software systems are more complex. They are sensitive to small errors and, with the many discrete states that can be adopted, are hard to fully test.
Software failures typically arise during design and implementation activities, and can affect all units of the same design, under the same conditions. In short, a hardwired device may be defective because it’s been damaged in transit. This would be an exception. If it’s a software problem, every device will be subject to fail.
Which is why it is absolutely critical to ensure full assurance and control during the design phase, and then later during deployment or Over-the-Air (OTA) provisioning to avoid systematic errors and failures. This is, of course, even more critical should the software support onboard or portside safety systems.
Since 1994, LR’s Software Conformity Assessment System (SCA) has provided a certification programme by ensuring that acceptable processes are applied throughout the development of the software. This includes the inspection of documents and records, testing and test witnessing – with assessments typically carried out at the developer’s premises where the records reside.
LR may also recognise existing certificates or reports issued by other certification bodies or accredited testing laboratories where equivalence to LR’s SCA can be shown.
The SCA system does not insist on any particular software development methodology being adopted – only that the chosen methodology delivers a systematic approach to development. Here, it must deliver the required controlled and traceable product and the necessary testing and specification records exist and are held within an acceptable configuration management system. Compliance with a recognised National or International Standard for configuration management assists this process.
Agile development methodologies
While very popular, Agile development methodologies react against these formal lifecycle models and process-oriented approaches. The lack of overall product design and insufficient rules and guidance, combined with the lack of a product owner role (and corresponding lack of accountability), are just some of the shortcomings of this approach.
That is not to say that software developed using Agile methodologies cannot be certified, however. Only that these are used in conjunction with a number of wrap-around processes in order to achieve the required level of controllability and traceability. Certainly, when appropriately augmented, we have seen solutions developed using an Agile approach successfully used in applications to produce additional functionality in existing software.
It is also true that many serious software failures can also be traced back to inadequate requirements definition, rather than to deficiencies introduced in the later phases of the software development life cycle. Here, systematic techniques for requirements analysis are available to improve this critical task of collecting customer requirements and translating them into a form that can serve as a basis for the software project. Many computer tools exist to assist with this process.
As Artificial Intelligence (AI) and Adaptive Systems (AS) technologies evolve, we will see autonomous use cases evolve beyond the automotive sector and into marine. Indeed, we have already seen a number of proof of concept projects applied to autonomous ship control. In these emerging scenarios software design assurance alone will not be enough to assure the safe application of adaptive systems. Instead, defining and capturing system safety objectives as part of the design process, and making sure the adaptive system exhibits certain functional and safety properties, which can then be validated at system level, will be critical to assure safe operation.
It is certainly true that more reliance is now placed on verification by analysis or simulation rather than test, while use of multi-layered verification methods, involving a combination of test, analysis and simulation of models, is advocated too.
All of which adds up to a complex development and verification environment. However, with the inherent challenges posed by today’s software-first approaches, assurance is critical. Here at LR, we can guide you through the testing process and, leveraging our Software Conformity Assessment System, provide a robust and internationally accepted certification for your software.