• Keine Ergebnisse gefunden

Traceability gap analysis for assessing the conformance of software traceabilityto relevant guidelines

N/A
N/A
Protected

Academic year: 2022

Aktie "Traceability gap analysis for assessing the conformance of software traceabilityto relevant guidelines"

Copied!
2
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Volltext

(1)

Traceability Gap Analysis for Assessing the Conformance of Software Traceability to Relevant Guidelines

Patrick Rempel1, Patrick M¨ader1, Tobias Kuschke1, and Jane Cleland-Huang2

Technische Universit¨at Ilmenau1 DePaul University2

Software Systems Group SAREC

Ilmenau, Germany Chicago, IL, USA

{patrick.rempel|patrick.maeder}@tu-ilmenau.de jhuang@cs.depaul.edu

Abstract:Many guidelines for safety-critical industries such as aeronautics, medical devices, and railway communications, specify that traceability must be used to demon- strate that a rigorous process has been followed and to provide evidence that the system is safe for use. In practice, there is a gap between what is prescribed by guidelines and what is implemented in practice, making it difficult for organizations and certifiers to fully evaluate the safety of the software system. We present an approach, which parses a guideline to extract a Traceability Model depicting software artifact types and their prescribed traces. It then analyzes the traceability data within a project to identify areas of traceability failure. Missing traceability paths, redundant and/or inconsistent data, and other problems are highlighted. We used our approach to evaluate the traceability of seven safety-critical software systems and found that none of the evaluated projects contained traceability that fully conformed to its relevant guidelines.

1 Motivation and Traceability Challenges

Developing safety-critical systems is a challenging process. Required features must be delivered in a way that ensures that the system is safe for use. Therefore, stringent guide- lines must be met before the systems can be certified for use. Such guidelines typically prescribe activities, deliverable documents, and quality criteria focused around the soft- ware development lifecycle. As one important quality criterion, most guidelines mandate traceability. For example, the aviation guideline DO-178B/C mandates traceability from requirements to design, source code and executable object code. In practice, traceability is achieved throughtrace links, defined as “specified associations between a pair of artifacts, one comprising the source artifact and one comprising the target artifact” [CHGHH+14].

It is important for demonstrating that a software mitigates all identified safety risks and a rigorous software development process has been followed. However, organizations struggle to establish complete traceability [RMK13]. A prior analysis of submissions to the US Food and Drug Administration (FDA) as part of the medical device approval process, showed a significanttraceability gapbetween the traceability expectations as laid out in the FDA’s

“Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices”, and the traceability data documented in the submissions [MJZCH13].

120

(2)

2 Traceability Gap Analysis Approach

In this presentation we propose formalisms, metrics, and tool support for evaluating trace- ability coverage with respect to a project’s relevant guidelines in order to identify areas of traceability failure. This work has been originally published at [RMKC14]. Our work is based on a specification of potential traceability problems, such as missing artifacts and missing, redundant, or inconsistent traceability. Our approach can be applied for preparing a system for initial certification or continuously throughout the software development life-cycle and involves three steps. First, those parts of a guideline that are relevant to traceability are translated into formal representation. This is a manual step that produces a formal guideline model that is reusable across different projects. Second, project data such as artifact identifiers, artifact types, and trace links, are automatically parsed and captured in a formal representation. Finally, formally specified rules are used to analyze the captured data for traceability problems within an individual guideline, between guidelines, and between a relevant guideline and project data.

3 Results and Conclusions

To evaluate our approach, we conducted case studies with five safety-critical software guidelines and seven software projects from different domains. Our case studies show that all projects suffer from insufficient traceability. We found missing artifacts in six projects and missing traceability paths as well as missing trace links in all seven projects, implying that none of the projects conform with their relevant guideline(s) and thus cannot be considered ready for certification. Our approach facilitates the identification of such problems for an initial certification and continuously throughout the project’s lifecycle.

Acknowledgments We are funded by the German Ministry of Education and Research (BMBF): 16V0116 and 01IS14026A, by the excellence program of the TU Ilmenau, and by the US National Science Foundation Grant CCF-1319680.

References

[CHGHH+14] Jane Cleland-Huang, Orlena Gotel, Jane Huffman Hayes, Patrick M¨ader, and Andrea Zisman. Software Traceability: Trends and Future Directions. InICSE, 2014.

[MJZCH13] Patrick M¨ader, Paul L. Jones, Yi Zhang, and Jane Cleland-Huang. Strategic Trace- ability for Safety-Critical Projects.IEEE Software, 30(3):58–66, 2013.

[RMK13] Patrick Rempel, Patrick M¨ader, and Tobias Kuschke. An Empirical Study on Project- Specific Traceability Strategies. InRE13, pages 195–204, 2013.

[RMKC14] Patrick Rempel, Patrick M¨ader, Tobias Kuschke, and Jane Cleland-Huang. Mind the gap: assessing the conformance of software traceability to relevant guidelines. In ICSE, pages 943–954, 2014.

121

Referenzen

ÄHNLICHE DOKUMENTE

Traceability up to the requirements, mandatory for SIL-4 software development and specifically important in an open project, as one needs to trace V&V verdicts to trigger

Man versteht darunter die Nachvollziehbarkeit der Umsetzung von Anforderungen über die verschiedenen Entwicklungsstadien hinweg, von einzelnen Entwicklungsaktivitäten, sowie

Based on (1) the OMEGA modeling environment (section 4.2), the following subsections relate the requirements outlined in the previous section to existing tool support, also for

− Knowing which requirements are not covered via the model-based testing process allows one to complete the test suite with some manually designed test cases or to improve the model

Alle auf terminologieorientierten Ontologien basierenden Informationen werden intern durch Topic Maps [ISO1] repr¨asentiert, deren themenzentrische Konzeption bereits der Sichtweise

1’028 experimental animals with plastic or electronic ear tags were examined both before scalding and after dehairing of the carcase at five different abattoirs.. Results

The final version of the image editor has to be finished before end of May 2021 (to make it available for the exams) and thesis must be submitted not later

Comparison of the glucose meters at the cut-off value (Table 12) showed that the number of samples where the glucose concentrations less than 2,6 mmol/L were found was 12 with the