The increased use of models in the development of complex aircraft and systems provides great opportunities and benefits, but also introduces some additional risks. The purpose of this document is to clarify ways to identify, prioritize, and mitigate risks associated with the use of models and tools in aircraft and system development. This document introduces considerations for the usage of models and tools in aircraft and system development activities that are defined in ARP4754/ED-79 (at latest revision). Throughout this document, a model refers to an abstract representation of a given set of aspects of a system/function/item, and a tool refers to an application or commercial product that is used for aircraft or system development activities such as developing, managing, and executing models, managing requirements validation and implementation verification activities and associated data, and automation of complex development tasks. The characteristics of models and tools and how they are applied differently for system-level development compared to item-level development are discussed. A discussion of several types of potential errors that can arise during the application of models and tools to system development is included as well. This is followed by proposed activities for managing the risks associated with the application of models and tools to system development. These suggestions start by identifying the contribution of models and tools to the decision-making process, and then understanding the impact of potential model and tool errors, leading to a discussion of potential process mitigations and methods for increasing the confidence in the application of models and tools to system development.
NOTE: Unless otherwise stated, in the context of this document, the term “risk” is used to mean risks associated with potential errors that can be introduced in model and tool development and usage.
System development activities that may employ models and tools include but are not limited to:
-
Developing the system functions, architecture, and design
-
Validating system functions and their requirements under normal and unusual conditions (extreme cases, tolerance stack-ups, failure insertion, etc.), which can help define additional requirements for features to constrain adverse operation
-
Developing test procedures to be used in verifying the implemented system when it becomes available
-
Analyzing the performance of a system against requirements over a range of inputs and conditions or combinations thereof to supplement the system verification
-
Confirming the intended behavior of a system design using a validated model
This document applies to models that are used for requirements analysis, design analysis, or to better understand and define requirements. Models that are used as the requirements are not discussed in this document, as in this case the ARP4754/ED-79 (at latest revision) Requirements Capture section and other associated sections provide the pertinent objectives and guidelines.
This document does not describe the software or hardware development process or the direct verification of such items. It is assumed that these software or hardware processes, which may involve use of models, are handled by their respective guidance (e.g., DO-178C/ED-12C or DO-254/ED-80). This use of models is not described in this document, despite that it might involve system development processes in combination with software or hardware development processes.
There is already a large and growing list of models and tools being applied in the development of complex systems, including computer aided design (CAD) tools for installation analysis, models and tools supporting system safety analysis, architectural models supporting various analyses, and tools used to simulate and analyze system performance or behavior.
Two examples are presented to illustrate where models and tools are used to facilitate a set of typical system design decisions. The examples also identify model and tool errors, describe possible mitigation methods used to increase confidence in the use of models and tools in system development, and minimize the effect of errors that may be introduced by using the models and tools. The two examples are:
-
An aircraft-level control law design targeted for software implementation on a digital computer, where a model is used for analysis of the control gains (referred to as the Roll Control System and described in Appendix A)
-
An avionics network architecture where the tool analyzes the interfaces between the elements and identifies issues in the architecture (referred to as the Network Analysis Tool and described in Appendix B)
The examples herein are not intended to be an exhaustive treatment of all considerations, but rather to demonstrate a set of principles and techniques that are generally applicable to the use of models and tools in system design. The Roll Control System and the Network Analysis Tool examples show how confidence in the models and tools can be established.