While this cautious approach is understandable, as codebases have become larger, more complex and more connected, this traditional approach is now being challenged by the need to modernise those processes in order to cope.
The flight and support systems for a Boeing 787 are believed to be around eight million lines of code and many modern mil-aero systems are considerably larger. The larger a codebase becomes and the faster the pace of development, the more challenging it is to keep control.
Size is only half of the story, of course, and these modern aerospace systems are becoming not only larger but also vastly more complex. This is driven by the need to process ever more sensor data, as well as the system integration itself with development timescales encouraging software reuse, of both commercial components and open source software (OSS).
Security is another key trend. As with almost all software development today, the use of open source software components, together with the rise of connected, embedded systems and the IoT increases the potential security threat landscape considerably. Now is the time to make sure software is safe, while also being fit-for-purpose and compliant in a highly regulated market.
So what steps are being taken to modernise the process?
“The Radio Technical Commission for Aeronautics (RTCA)‘s most recent guidelines, the DO-178C (2012), cover the software elements within airborne systems, and provides specific objectives for software development processes and procedures,” explains Steve Howard, a Field Technical Services Manager, International, with Rogue Wave Software (a Perforce company). “This new revision tightens up on its predecessor’s more high-level objectives, which were often open to wide variations of how they were interpreted. The DO-178C standard also clarifies the role of coding standards within the software development.
“Coding standards are a set of guidelines or rules, such as MISRA C++ 2008, against which developers can check the integrity of code, to help prevent errors that create vulnerabilities that a hacker might exploit later. Coding standards assist with regulatory compliance, by ensuring that both quality and security needs have been considered as part of code development.
“The aerospace industry is also embracing Agile and DevOps development techniques. These are more nimble and collaborative approaches that can improve time-to-market. However, scaling Agile and DevOps can be a challenge.”
There are numerous technical challenges in this space. So, how have other sectors approached software development and what can aerospace learn from their experiences?
“The biggest challenge is how to deal with fast-growing, complex codebases, against a backdrop of shorter development windows. In this context, traditional approaches to developing safety-critical software – such as Waterfall, or exhaustive functional testing of every module, long approval processes – can be cumbersome and inefficient,” says Howard.
“The automotive and medical device markets, which face similar challenges to aerospace, have already had to change their software development processes in order to survive. One important lesson they can share is that finding problems earlier in the development process mitigates their impact and the cost of fixing them. This is critical for producing safe software at scale. It’s a multi-faceted approach, starting with verification of code before it has been executed, then testing software constantly and throughout the development lifecycle. Referred to as continuous testing, this is part of the wider ’shift left’ movement within software development.”
What examples can Perforce provide of a systems failure or a data breach? What mistakes or errors were made?
“Here are two examples that have been reported in the media,” says Howard. He continues, “In May 2019, a story hit the news about a team of researchers at Northeastern University in Boston claiming that hackers could hijack the systems used to guide planes, by compromising and spoofing the radio signals that are used during landing. In 2017, Canadian Cyclone helicopters were grounded after a software glitch caused a flight system to momentarily restart and send the aircraft into a brief loss of altitude.”
Speed and complexity
When it comes to handling growing complexity and speed, Howard points to a number of solutions.
“The coding phase of the software development lifecycle is the point at which many future software vulnerabilities can occur, having potentially catastrophic implications later. In my own experience as a software test engineer, going back 15 years or so, I noted that around half of the issues we were finding were ultimately coding errors, and unrelated to the design. As such, these issues could have been detected immediately after being coded, by using a sophisticated static analysis tool.
“Static code analysis tools, ‘inspect’ the software in an automated, background mode, even before the code is executed, and eliminate the risk of human error. They are able to detect coding defects, or even security vulnerabilities, and demonstrate compliance to coding standards. The use of modern, sophisticated static analysis tools would have made a very significant saving in time and effort in my testing work 15 years ago. In tandem, tools for continuous testing - from the developer’s desktop and throughout the software development lifecycle - further help to ensure the quality and performance of code, and demonstrate correctness in line with the intended software design.
“Version control systems provide a single-source-of-truth of every change and version in a software development project, both in real-time and historically, across all kinds of digital assets, not just code. If there was a malfunction due to a coding problem, the manufacturer needs to be confident that they can pinpoint what version of that particular piece of code went on board. Being able to demonstrate versioning history is also required for compliance audits.
“Finally, there are tools that improve collaboration and management of the development environment, for instance application lifecycle management - which can contribute powerfully to risk analysis - and planning tools for Agile and other design methodologies. Combined together, all these tools help to keep end-to-end control over huge codebases, assist with compliance, project and risk management, and better team collaboration.”
So, what is Perforce doing to help aerospace companies?
“We already work with aerospace firms worldwide,” explains Howard. “We have a comprehensive product portfolio that covers the critical stages of the software development lifecycle to ensure quality, security, safety and compliance, but without any compromise to performance, time-to-market or flexibility.
“For instance, Helix Core for version control, when paired with Helix ALM, provides complete traceability from requirement to code to test. Helix ALM is also used to support DO-178C, by making sure that every specified software requirement is tested. Helix QAC and Klocwork are our static code analysis tools, typically used by aerospace and other customers to support compliance, use of coding standards and to improve code quality in general.
“Across the portfolio, we place huge emphasis on helping companies address the challenges of developing ‘at scale‘. That is a challenge that is facing all kinds of organisations we work with, across games, financial services, embedded, medical devices, automotive, semiconductor, defence and government, and – of course – aerospace. Codebases are only going to get bigger and software more complex.”
According to Howard, “Getting the right foundation of supporting tools, together with a review and update of software development is a big task, but it is arguably necessary in order to survive.”