11.0 软件生命周期数据 SOFTWARE LIFE CYCLE DATA
数据是在软件生命周期中产生的,用于计划、指导、解释、定义、记录或提供活动证据。 这些数据支持软件生命周期过程、系统或设备认证以及软件产品的认证后修改。 本节讨论软件生命周期数据的特征、形式、配置管理控制和内容。Data is produced during the software life cycle to plan, direct, explain, define, record, or provide evidence of activities. This data enables the software life cycle processes, system or equipment certification, and post-certification modification of the software product. This section discusses the characteristics, form, configuration management controls, and content of the software life cycle data.
a. 特征:软件生命周期数据应为:Characteristics: Software life cycle data should be:
1. 明确:如果信息以仅允许单一解释的术语编写,并在必要时通过定义进行辅助,则该信息是明确的。Unambiguous: Information is unambiguous if it is written in terms which only allow a single interpretation, aided, if necessary, by a definition.
2. 完整:当包含必要且相关的要求和/或描述性材料时,信息是完整的; 响应是针对有效输入数据的范围定义的; 所使用的数字均已标记; 并定义了术语和计量单位。Complete: Information is complete when it includes necessary and relevant requirements and/or descriptive material; responses are defined for the range of valid input data; figures used are labeled; and terms and units of measure are defined.
3. 可验证:如果信息可以由人或工具检查其正确性,则该信息是可验证的。Verifiable: Information is verifiable if it can be checked for correctness by a person or tool.
4. 一致:如果信息内部不存在冲突,则信息是一致的。Consistent: Information is consistent if there are no conflicts within it.
5. 可修改:如果信息是结构化的并且具有可以在保留结构的同时完全、一致和正确地进行更改的风格,则信息是可修改的。Modifiable: Information is modifiable if it is structured and has a style such that changes can be made completely, consistently, and correctly while retaining the structure.
6. 可追溯:如果可以确定其成分的来源,则信息是可追溯的。Traceable: Information is traceable if the origin of its components can be determined.
b. 形式:软件生命周期数据的形式应能够在机载系统或设备的整个使用寿命期间有效地检索和审查软件生命周期数据。 《软件方面认证计划》应规定数据和数据的具体形式。Form: The form of the software life cycle data should provide for the efficient retrieval and review of software life cycle data throughout the service life of the airborne system or equipment. The data and the specific form of the data should be specified in the Plan for Software Aspects of Certification.
注 1:软件生命周期数据可以多种形式保存(例如,电子形式或印刷形式)。
Note 1: The software life cycle data may be held in a number of forms (for example, held electronically or in printed form).
注2:申请人可以以申请人认为方便的任何方式打包软件生命周期数据项(例如,作为单独的数据项或作为组合的数据项)。
Note 2: The applicant may package software life cycle data items in any manner the applicant finds convenient (for example, as individual data items or as a combined data item).
注 3:某些认证机构可能会要求将《软件方面的认证计划》和《软件成就摘要》作为单独的文件。
Note 3: The Plan for Software Aspects of Certification and the Software Accomplishment Summary may be required as separate documents by some certification authorities.
注4:术语“数据”是指证据和其他信息,并不暗示此类数据应采用的格式。
Note 4: The term “data” refers to evidence and other information and does not imply the format such data should take.
c. 配置管理控制:软件生命周期数据可以置于与所应用的软件配置管理控制相关的两个类别之一:CC1 和 CC2(参见 7.3)。 分配给每个数据项的最低控制类别及其随软件级别的变化在附件 A 的表格中指定。如果生成除本文所述数据项之外的其他数据项作为帮助认证过程的证据,则它们应至少为 ,在 CC2 控制下。Configuration management controls: Software life cycle data can be placed in one of two categories associated with the software configuration management controls applied: CC1 and CC2 (see 7.3). The minimum control category assigned to each data item, and its variation by software level is specified in the tables of Annex A. If additional data items than those described herein are produced as evidence to aid the certification process, they should be, as a minimum, under CC2 controls.
d. 内容:以下部分提供的软件生命周期数据描述标识了软件生命周期通常产生的数据。 这些描述并不旨在描述开发软件产品可能需要的所有数据,并且并不旨在暗示特定的数据打包方法或包内数据的组织。 本文提供的软件生命周期数据项的内容的描述并不包含全部内容,并且应结合本文档的正文来阅读并适应申请人的需要。Content: The software life cycle data descriptions provided in the following sections identify the data that is generally produced by the software life cycle. The descriptions are not intended to describe all data that may be necessary to develop a software product, and are not intended to imply a particular data packaging method or organization of the data within a package. The descriptions of the content of software life cycle data items provided herein are not all encompassing and should be read in conjunction with the body of this document and adapted to the needs of the applicant.
11.1 软件合格审定计划 Plan for Software Aspects of Certification
软件合格审定计划 (PSAC) 是认证机构用来确定申请人所提议的软件生命周期是否与所开发软件级别所需的严格程度相匹配的主要手段。 该计划应包括:The Plan for Software Aspects of Certification (PSAC) is the primary means used by the certification authority for determining whether an applicant is proposing a software life cycle that is commensurate with the rigor required for the level of software being developed. This plan should include:
a. 系统概述:本节提供系统概述,包括其功能及其对硬件和软件的分配、架构、使用的处理器、硬件/软件接口和安全功能的描述。System overview: This section provides an overview of the system, including a description of its functions and their allocation to the hardware and software, the architecture, processor(s) used, hardware/software interfaces, and safety features.
b. 软件概述:本节简要描述软件功能,重点介绍所提出的安全和分区概念。 示例包括资源共享、冗余、容错、减轻单事件干扰以及定时和调度策略。Software overview: This section briefly describes the software functions with emphasis on the proposed safety and partitioning concepts. Examples include resource sharing, redundancy, fault tolerance, mitigation of single event upset, and timing and scheduling strategies.
c. 认证注意事项:本节提供了认证基础的摘要,包括与认证的软件方面相关的合规手段。 本节还说明了建议的软件级别,并总结了系统安全评估过程提供的理由,包括软件对故障情况的潜在贡献。Certification considerations: This section provides a summary of the certification basis, including the means of compliance, as relating to the software aspects of certification. This section also states the proposed software level(s) and summarizes the justification provided by the system safety assessment process, including potential software contributions to failure conditions.
d. 软件生命周期:本节定义了要使用的软件生命周期,并包括每个软件生命周期过程的摘要,其详细信息在各自的软件计划中定义。 摘要解释了如何满足每个软件生命周期过程的目标,并指定了参与的组织、组织职责以及系统生命周期过程和认证联络过程的职责。Software life cycle: This section defines the software life cycle to be used and includes a summary of each of the software life cycle processes for which detailed information is defined in their respective software plans. The summary explains how the objectives of each software life cycle process will be satisfied, and specifies the organizations to be involved, the organizational responsibilities, and the system life cycle processes and certification liaison process responsibilities.
e. 软件生命周期数据:该部分指定由软件生命周期过程产生和控制的软件生命周期数据。本节还描述了数据之间的关系,以及数据与定义系统的其他数据之间的关系、提交给证书颁发机构的软件生命周期数据、数据的形式,以及向证书颁发机构提供数据的方法。Software life cycle data: This section specifies the software life cycle data that will be produced and controlled by the software life cycle processes. This section also describes the relationship of the data to each other or to other data defining the system, the software life cycle data to be submitted to the certification authority, the form of the data, and the means by which the data will be made available to the certification authority.
f. 时间表:本节描述了申请人将使用哪些方法向认证机构提供软件生命周期过程活动的可见性,以便规划审核。Schedule: This section describes the means the applicant will use to provide the certification authority with visibility of the activities of the software life cycle processes so reviews can be planned.
g. 其他注意事项:本节描述可能影响认证过程的具体注意事项。 示例包括合规性的替代方法、工具鉴定、先前开发的软件、可选软件、用户可修改软件、停用代码、COTS 软件、现场可加载软件、参数数据项、多版本不同软件和产品服务历史记录。Additional considerations: This section describes specific considerations that may affect the certification process. Examples include alternative methods of compliance, tool qualification, previously developed software, option-selectable software, user-modifiable software, deactivated code, COTS software, field-loadable software, parameter data items, multiple-version dissimilar software, and product service history.
h. 供应商监督:本节描述了确保供应商流程和输出符合批准的软件计划和标准的方法。Supplier oversight: This section describes the means of ensuring that supplier processes and outputs will comply with approved software plans and standards.
11.2 软件开发计划 Software Development Plan
软件开发计划(SDP)是对用于满足软件开发过程目标的软件开发过程和软件生命周期的描述。 它可以包含在软件方面的认证计划中。The Software Development Plan (SDP) is a description of the software development procedures and software life cycle(s) to be used to satisfy the software development process objectives. It may be included in the Plan for Software Aspects of Certification.
该计划应包括:This plan should include:
a. 标准:项目的软件需求标准、软件设计标准和软件代码标准的标识。 此外,还引用了先前开发的软件(包括 COTS 软件)的标准(如果这些标准不同的话)。Standards: Identification of the Software Requirements Standards, Software Design Standards, and Software Code Standards for the project. Also, references to the standards for previously developed software, including COTS software, if those standards are different.
b. 软件生命周期:对软件生命周期过程的描述,用于形成项目中使用的特定软件生命周期,包括软件开发过程的转换标准。 该描述不同于软件方面认证计划中提供的摘要,因为它提供了确保正确实施软件生命周期过程所需的详细信息。Software life cycle: A description of the software life cycle processes to be used to form the specific software life cycle(s) to be used on the project, including the transition criteria for the software development processes. This description is distinct from the summary provided in the Plan for Software Aspects of Certification, in that it provides the detail necessary to ensure proper implementation of the software life cycle processes.
c. 软件开发环境:对所选择的软件开发环境的硬件和软件的说明,包括:Software development environment: A statement of the chosen software development environment in terms of hardware and software, including:
1. 要使用的需求开发方法和工具。The requirements development method(s) and tools to be used.
2. 要使用的设计方法和工具。The design method(s) and tools to be used.
3. 要使用的编码方法、编程语言、编码工具,以及适用时的自动代码生成器的选项和约束。The coding method(s), programming language(s), coding tool(s) to be used, and when applicable, options and constraints of autocode generators.
4. 要使用的编译器、链接编辑器和加载器。The compilers, linkage editors, and loaders to be used.
5. 要使用的工具的硬件平台。The hardware platforms for the tools to be used.
11.3 软件验证计划 Software Verification Plan
软件验证计划(SVP)是对用于满足软件验证过程目标的验证过程的描述。 这些程序可能会因附件 A 表中定义的软件级别而异。该计划应包括:The Software Verification Plan (SVP) is a description of the verification procedures to be used to satisfy the software verification process objectives. These procedures may vary by software level as defined in the tables of Annex A. This plan should include:
a. 组织:软件验证过程中的组织职责以及与其他软件生命周期过程的接口。Organization: Organizational responsibilities within the software verification process and interfaces with the other software life cycle processes.
b. 独立性:在需要时对建立验证独立性的方法的描述。Independence: A description of the methods for establishing verification independence, when required.
c. 验证方法:软件验证过程中每项活动所使用的验证方法的描述:Verification methods: A description of the verification methods to be used for each activity of the software verification process:
1. 评审方法,包括清单或其他辅助工具。Review methods, including checklists or other aids.
2. 分析方法包括溯源分析和覆盖分析。Analysis methods, including traceability and coverage analysis.
3. 测试方法,包括选择测试用例的方法、要使用的测试程序和要产生的测试数据。Testing methods, including the method for selecting test cases, the test procedures to be used, and the test data to be produced.
d. 验证环境:对测试的设备、测试和分析工具以及如何应用这些工具和硬件测试设备的描述。 第 4.4.3b 节提供了有关指示目标计算机和模拟器或模拟器差异的指导。Verification environment: A description of the equipment for testing, the testing and analysis tools, and how to apply these tools and hardware test equipment. Section 4.4.3b provides guidance on indicating target computer and simulator or emulator differences.
e. 转换标准:进入软件验证流程的转换标准。Transition criteria: The transition criteria for entering the software verification process.
f. 分区注意事项:如果使用分区,则用于验证分区完整性的方法。Partitioning considerations: If partitioning is used, the methods used to verify the integrity of the partitioning.
g. 编译器假设:申请人对编译器、链接编辑器或加载器的正确性所做的假设的描述(参见 4.4.2)。Compiler assumptions: A description of the assumptions made by the applicant about the correctness of the compiler, linkage editor, or loader (see 4.4.2).
h. 重新验证方法:对于软件修改,描述识别、分析和验证软件受影响区域以及可执行目标代码的更改部分的方法。Reverification method: For software modification, a description of the methods for identifying, analyzing, and verifying the affected areas of the software and the changed parts of the Executable Object Code.
i. 先前开发的软件:对于先前开发的软件,如果验证过程的初始合规基线不符合本文件,则描述满足本文件目标的方法。Previously developed software: For previously developed software, if the initial compliance baseline for the verification process does not comply with this document, a description of the methods to satisfy the objectives of this document.
j. 多版本不同软件:如果使用多版本不同软件,则需要描述软件验证过程活动(见 12.3.2)。Multiple-version dissimilar software: If multiple-version dissimilar software is used, a description of the software verification process activities (see 12.3.2).
11.4 软件配置管理计划 Software Configuration Management Plan
软件配置管理计划建立了在整个软件生命周期中用于实现 SCM 过程目标的方法。 该计划应包括:The Software Configuration Management Plan establishes the methods to be used to achieve the objectives of the SCM process throughout the software life cycle. This plan should include:
a. 环境:对要使用的SCM环境的描述,包括程序、工具、方法、标准、组织职责和接口。Environment: A description of the SCM environment to be used, including procedures, tools, methods, standards, organizational responsibilities, and interfaces.
b. 活动:软件生命周期中 SCM 流程活动的描述:Activities: A description of the SCM process activities in the software life cycle:
1. 配置标识:需要标识的项目、何时标识、软件生命周期数据的标识方法(例如部件编号)以及软件标识与系统或设备标识的关系。Configuration identification: Items to be identified, when they will be identified, the identification methods for software life cycle data (for example, part numbering), and the relationship of software identification and the system or equipment identification.
2. 基线和可追溯性:建立基线的方式、将建立哪些基线、何时建立这些基线、软件库控制以及配置项和基线可追溯性。Baselines and traceability: The means of establishing baselines, what baselines will be established, when these baselines will be established, the software library controls, and the configuration item and baseline traceability.
3. 问题报告:软件产品和软件生命周期过程的问题报告的内容和标识、编写时间、关闭问题报告的方法以及与变更控制活动的关系。Problem reporting: The content and identification of Problem Reports for the software product and software life cycle processes, when they will be written, the method of closing Problem Reports, and the relationship to the change control activity.
4. 变更控制:建立基线的方式、将建立什么基线、何时建立这些基线、软件库控制以及配置项和基线的可追溯性。Change control: The means of establishing baselines, what baselines will be established, when these baselines will be established, the software library controls, and the configuration item and baseline traceability.
5. 变更评审:处理软件生命周期过程反馈的方法; 评估问题并确定优先级、批准变更以及处理其解决方案或变更实施的方法; 以及这些方法与问题报告和变更控制活动的关系。Change review: The method of handling feedback from and to the software life cycle processes; the methods of assessing and prioritizing problems, approving changes, and handling their resolution or change implementation; and the relationship of these methods to the problem reporting and change control activities.
6. 配置状态统计:记录数据以启用报告配置管理状态、定义数据的保存位置、如何检索数据以进行报告以及何时可用。Configuration status accounting: The data to be recorded to enable reporting configuration management status, definition of where that data will be kept, how it will be retrieved for reporting, and when it will be available.
7. 归档、检索和发布:完整性控制、发布方式和权限、数据保留。Archive, retrieval, and release: The integrity controls, the release method and authority, and data retention.
8. 软件加载控制:软件加载控制保护措施和记录的描述。Software load control: A description of the software load control safeguards and records.
9. 软件生命周期环境控制:对用于开发、构建、验证和加载软件的工具的控制,涉及第 11.4.b.1 节到 11.4.b.7 节。 这包括对合格工具的控制。Software life cycle environment controls: Controls for the tools used to develop, build, verify, and load the software, addressing sections 11.4.b.1 through 11.4.b.7. This includes control of tools to be qualified.
10. 软件生命周期数据控制:与 CC1 和 CC2 数据相关的控制。Software life cycle data controls: Controls associated with CC1 and CC2 data.
c. 转换标准:进入SCM流程的过渡标准。Transition criteria: The transition criteria for entering the SCM process.
d. SCM数据:SCM过程产生的软件生命周期数据的定义,包括SCM记录、软件配置索引和软件生命周期环境配置索引。SCM data: A definition of the software life cycle data produced by the SCM process, including SCM Records, the Software Configuration Index, and the Software Life Cycle Environment Configuration Index.
e. 供应商控制:将SCM 流程要求应用于供应商的手段。Supplier control: The means of applying SCM process requirements to suppliers.
11.5 软件质量保证计划 Software Quality Assurance Plan
软件质量保证计划建立了用于实现 SQA 过程目标的方法。 SQA 计划可能包括流程改进、指标和渐进式管理方法的描述。 该计划应包括:
The Software Quality Assurance Plan establishes the methods to be used to achieve the objectives of the SQA process. The SQA Plan may include descriptions of process improvement, metrics, and progressive management methods. This plan should include:
a. 环境:SQA 环境的描述,包括范围、组织职责和接口、标准、程序、工具和方法。Environment: A description of the SQA environment, including scope, organizational responsibilities and interfaces, standards, procedures, tools, and methods.
b. 权威:SQA 权威、责任和独立性的声明,包括 SQA 对软件产品的批准。Authority: A statement of the SQA authority, responsibility, and independence, including the SQA approval of software products.
c. 活动:为每个软件生命周期过程以及整个软件生命周期执行的 SQA 活动,包括:Activities: The SQA activities that are to be performed for each software life cycle process and throughout the software life cycle including:
1. SQA 方法,例如,软件生命周期过程的审查、审计、报告、检查和监控。SQA methods, for example, reviews, audits, reporting, inspections, and monitoring of the software life cycle processes.
2. 与问题报告、跟踪和纠正措施系统相关的活动。Activities related to the problem reporting, tracking, and corrective action system.
3. 软件一致性评审活动的描述。A description of the software conformity review activity.
d. 转换标准:进入SQA流程的转换标准。Transition criteria: The transition criteria for entering the SQA process.
e. 计时:与软件生命周期过程的活动相关的 SQA 过程活动的计时。Timing: The timing of the SQA process activities in relation to the activities of the software life cycle processes.
f. SQA 记录:SQA 流程生成的记录的定义。SQA Records: A definition of the records to be produced by the SQA process.
g. 供应商监督:描述确保供应商的流程和输出符合计划和标准的方法。Supplier oversight: A description of the means of ensuring that suppliers’ processes and outputs will comply with the plans and standards.
11.6 软件需求标准 Software Requirements Standards
软件需求标准定义了用于开发高级需求的方法、规则和工具。 这些标准应包括:Software Requirements Standards define the methods, rules, and tools to be used to develop the high-level requirements. These standards should include:
a. 用于开发软件需求的方法,例如结构化方法。The methods to be used for developing software requirements, such as structured methods.
b. 用于表达需求的符号,例如数据流程图和形式规范语言。Notations to be used to express requirements, such as data flow diagrams and formal specification languages.
c. 对用于需求开发的工具的使用的限制。Constraints on the use of the tools used for requirements development.
d. 用于向系统流程提供派生需求的方法。The method to be used to provide derived requirements to the system processes.
11.7 软件设计标准 Software Design Standards
软件设计标准定义了用于开发软件架构和低级需求的方法、规则和工具。 这些标准应包括:Software Design Standards define the methods, rules, and tools to be used to develop the software architecture and low-level requirements. These standards should include:
a. 要使用的设计描述方法。Design description method(s) to be used.
b. 要使用的命名约定。Naming conventions to be used.
c. 对允许的设计方法施加的条件,例如调度、中断和事件驱动架构的使用、动态任务分配、重入、全局数据和异常处理,以及其使用的理由Conditions imposed on permitted design methods, for example, scheduling, and the use of interrupts and event-driven architectures, dynamic tasking, re-entry, global data, and exception handling, and rationale for their use.
d. 设计工具的使用受到限制。Constraints on the use of the design tools.
e. 设计上的限制,例如,排除递归、动态对象、数据别名和压缩表达式。Constraints on design, for example, exclusion of recursion, dynamic objects, data aliases, and compacted expressions.
f. 复杂性限制,例如,嵌套调用或条件结构的最大级别、无条件分支的使用以及代码组件的入口/出口点的数量。Complexity restrictions, for example, maximum level of nested calls or conditional structures, use of unconditional branches, and number of entry/exit points of code components.
11.8 软件编码标准 Software Code Standards
软件编码标准定义了用于对软件进行编码的编程语言、方法、规则和工具。 这些标准应包括:Software Code Standards define the programming languages, methods, rules, and tools to be used to code the software. These standards should include:
a. 要使用的编程语言和/或定义的子集。 对于编程语言,引用明确定义该语言的语法、控制行为、数据行为和副作用的数据。 这可能需要限制语言的某些功能的使用。Programming language(s) to be used and/or defined subset(s). For a programming language, reference the data that unambiguously defines the syntax, the control behavior, the data behavior, and side-effects of the language. This may require limiting the use of some features of a language.
b. 源代码呈现标准,例如行长度限制、缩进和空行使用以及源代码文档标准,例如作者姓名、修订历史记录、输入和输出以及受影响的全局数据。Source Code presentation standards, for example, line length restriction, indentation, and blank line usage and Source Code documentation standards, for example, name of author, revision history, inputs and outputs, and affected global data.
c. 组件、子程序、变量和常量的命名约定。Naming conventions for components, subprograms, variables, and constants.
d. 对允许的编码约定施加的条件和约束,例如软件组件之间的耦合程度以及逻辑或数字表达式的复杂性及其使用的理由。Conditions and constraints imposed on permitted coding conventions, such as the degree of coupling between software components and the complexity of logical or numerical expressions and rationale for their use.
e. 对编码工具的使用的限制。Constraints on the use of the coding tools.
11.9 软件需求数据 Software Requirements Data
软件需求数据是高级需求的定义,包括派生需求。 这些数据应包括:Software Requirements Data is a definition of the high-level requirements including the derived requirements. This data should include:
a. 描述系统需求对软件的分配,并注意安全相关的需求和潜在的故障情况。Description of the allocation of system requirements to software, with attention to safety-related requirements and potential failure conditions.
b. 每种操作模式下的功能和操作要求。Functional and operational requirements under each mode of operation.
c. 性能标准,例如精度和准确度。Performance criteria, for example, precision and accuracy.
d. 时间要求和限制。Timing requirements and constraints.
e. 内存大小限制。Memory size constraints.
f. 硬件和软件接口,例如协议、格式、输入频率和输出频率。Hardware and software interfaces, for example, protocols, formats, frequency of inputs, and frequency of outputs.
g. 故障检测和安全监控要求。Failure detection and safety monitoring requirements.
h. 分配给软件的分区要求、分区的软件组件如何相互交互以及每个分区的软件级别。Partitioning requirements allocated to software, how the partitioned software components interact with each other, and the software level(s) of each partition.
11.10 设计说明 Design Description
设计描述是软件架构和满足高级需求的低级需求的定义。 该数据应包括:The Design Description is a definition of the software architecture and the low-level requirements that will satisfy the high-level requirements. This data should include:
a. 详细描述软件如何满足指定的高级要求,包括算法、数据结构以及如何将软件要求分配给处理器和任务。A detailed description of how the software satisfies the specified high-level requirements, including algorithms, data structures, and how software requirements are allocated to processors and tasks.
b. 软件架构的描述定义了实现需求的软件结构。The description of the software architecture defining the software structure to implement the requirements.
c. 输入/输出描述,例如数据字典,在整个软件架构的内部和外部。The input/output description, for example, a data dictionary, both internally and externally throughout the software architecture.
d. 设计的数据流和控制流。The data flow and control flow of the design.
e. 资源限制、管理每种资源及其限制的策略、余量 以及测量这些裕度的方法,例如时序和内存。Resource limitations, the strategy for managing each resource and its limitations, the margins, and the method for measuring those margins, for example, timing and memory.
f. 调度程序和处理器间/任务间通信机制,包括时间严格排序、抢占式调度、Ada 交会和中断。Scheduling procedures and inter-processor/inter-task communication mechanisms, including time-rigid sequencing, preemptive scheduling, Ada rendezvous, and interrupts.
g. 设计方法及其实现细节,例如软件加载、用户可修改的软件或多版本异种软件。Design methods and details for their implementation, for example, software loading, user-modifiable software, or multiple-version dissimilar software.
h. 分区方法以及防止分区破坏的方法。Partitioning methods and means of preventing partition breaches.
i. 软件组件的描述,无论它们是新的还是以前开发的,如果是以前开发的,则引用它们的基线。Descriptions of the software components, whether they are new or previously developed, and, if previously developed, reference to the baseline from which they were taken.
j. 从软件设计过程中得出的衍生需求。Derived requirements resulting from the software design process.
k. 如果系统包含已停用的代码,请描述确保该代码无法在目标计算机中启用的方法。If the system contains deactivated code, a description of the means to ensure that the code cannot be enabled in the target computer.
l. 可追溯到安全相关系统需求的设计决策的基本原理。Rationale for those design decisions that are traceable to safety-related system requirements.
11.11 源代码 Source Code
该数据由用源语言编写的代码组成。 源代码与集成过程中的编译、链接和加载数据一起使用,以开发集成系统或设备。 对于每个源代码组件,此数据应包括软件标识,包括修订和/或版本的名称和日期(如果适用)。This data consists of code written in source language(s). The Source Code is used with the compiling, linking, and loading data in the integration process to develop the integrated system or equipment. For each Source Code component, this data should include the software identification, including the name and date of revision and/or version, as applicable.
11.12 可执行目标码 Executable Object Code
可执行目标码由目标计算机的处理单元直接使用的代码形式组成,因此是加载到硬件或系统中的软件。The Executable Object Code consists of a form of code that is directly usable by the processing unit of the target computer and is, therefore, the software that is loaded into the hardware or system.
11.13 软件验证案例和程序 Software Verification Cases and Procedures
软件验证案例和程序详细说明了软件验证过程活动是如何实施的。 该数据应包括以下内容的描述:Software Verification Cases and Procedures detail how the software verification process activities are implemented. This data should include descriptions of the:
a. 评审和分析程序:除了软件验证计划中的描述之外,要使用的评审或分析方法的范围和深度。Review and analysis procedures: The scope and depth of the review or analysis methods to be used, in addition to the description in the Software Verification Plan.
b. 测试用例:每个测试用例的目的、输入集、条件、达到所需覆盖标准的预期结果以及通过/失败标准。Test cases: The purpose of each test case, set of inputs, conditions, expected results to achieve the required coverage criteria, and the pass/fail criteria.
c. 测试程序:如何设置和执行每个测试用例、如何评估测试结果以及要使用的测试环境的分步说明。Test procedures: The step-by-step instructions for how each test case is to be set up and executed, how the test results are evaluated, and the test environment to be used.
11.14 软件验证结果 Software Verification Results
软件验证结果由软件验证过程活动产生。 软件验证结果应该:The Software Verification Results are produced by the software verification process activities. Software Verification Results should:
a. 对于每次审查、分析和测试,请指出活动期间通过或失败的每个程序以及最终通过/失败结果。For each review, analysis, and test, indicate each procedure that passed or failed during the activities and the final pass/fail results.
b. 识别已评审、分析或测试的配置项或软件版本。Identify the configuration item or software version reviewed, analyzed, or tested.
c. 包括测试、评审和分析的结果,包括覆盖率分析和可追溯性分析。Include the results of tests, reviews, and analyses, including coverage analyses and traceability analyses.
发现的任何差异都应通过问题报告进行记录和跟踪。Any discrepancies found should be recorded and tracked via problem reporting.
此外,为支持系统过程对软件过程提供的信息进行评估而提供的证据(参见 2.2.1.f 和 2.2.1.g)应被视为软件验证结果。Additionally, evidence provided in support of the system processes’ assessment of information provided by the software processes (see 2.2.1.f and 2.2.1.g) should be considered to be Software Verification Results.
11.15 软件生命周期环境配置索引 Software Life Cycle Environment Configuration Index
软件生命周期环境配置索引(SECI)标识软件生命周期环境的配置。 编写该索引是为了帮助重现硬件和软件生命周期环境,以进行软件重新生成、重新验证或软件修改,并且应该:The Software Life Cycle Environment Configuration Index (SECI) identifies the configuration of the software life cycle environment. This index is written to aid reproduction of the hardware and software life cycle environment for software regeneration, reverification, or software modification, and should:
a. 识别软件生命周期环境硬件及其操作系统软件。Identify the software life cycle environment hardware and its operating system software.
b. 确定软件开发过程中要使用的工具。 示例包括编译器、链接编辑器、加载器、数据完整性工具(例如计算和嵌入校验和或循环冗余检查的工具)以及任何自动代码生成器及其相关选项。Identify the tools to be used during the development of the software. Examples include compilers, linkage editors, loaders, data integrity tools such as tools that calculate and embed checksums or cyclical redundancy checks, and any autocode generator with its associated options.
c. 确定用于验证软件产品的测试环境,例如软件测试和分析工具。Identify the test environment used to verify the software product, for example, the software testing and analysis tools.
d. 识别合格的工具及其相关的工具资格数据。Identify qualified tools and their associated tool qualification data.
注意:此数据可能包含在软件配置索引中。
Note: This data may be included in the Software Configuration Index.
11.16 软件配置索引 Software Configuration Index
软件配置索引(SCI)标识软件产品的配置。 应提供具体的配置标识符和版本标识符。
The Software Configuration Index (SCI) identifies the configuration of the software product. Specific configuration identifiers and version identifiers should be provided.
注意:SCI 可以包含一个数据项或一组(层次结构)数据项。 SCI 可以包含下面列出的项目,或者它可以引用另一个 SCI 或指定各个项目及其版本的其他配置标识数据。
Note: The SCI can contain one data item or a set (hierarchy) of data items. The SCI can contain the items listed below or it may reference another SCI or other configuration identified data that specifies the individual items and their versions.
SCI 应确定:The SCI should identify:
a. 软件产品。The software product.
b. 可执行目标码和参数数据项文件(如果有)。Executable Object Code and Parameter Data Item Files, if any.
c. 每个源代码组件。Each Source Code component.
d. 软件产品中以前开发的软件(如果使用)。Previously developed software in the software product, if used.
e. 软件生命周期数据。Software life cycle data.
f. 存档和发布媒介。Archive and release media.
g. 构建可执行目标码和参数数据项文件的说明(如果有),包括例如用于编译和链接的指令和数据; 以及用于恢复软件以进行重新生成、测试或修改的过程。Instructions for building the Executable Object Code and Parameter Data Item Files, if any, including, for example, instructions and data for compiling and linking; and the procedures used to recover the software for regeneration, testing, or modification.
h. 如果单独打包,请参考软件生命周期环境配置索引(参见 11.15)。Reference to the Software Life Cycle Environment Configuration Index (see 11.15), if it is packaged separately.
i. 可执行目标码(如果使用)的数据完整性检查。Data integrity checks for the Executable Object Code, if used.
j. 对用户可修改软件进行修改的程序、方法和工具(如果有)。Procedures, methods, and tools for making modifications to the user-modifiable software, if any.
k. 将软件加载到目标硬件中的过程和方法。Procedures and methods for loading the software into the target hardware.
注意:SCI 可以针对一个软件产品版本生成,也可以扩展为包含多个替代或连续软件产品版本的数据。
Note: The SCI may be produced for one software product version or it may be extended to contain data for several alternative or successive software product versions.
11.17 问题报告 Problem Reports
问题报告是一种识别和记录软件产品异常行为、不符合软件计划和标准的流程以及软件生命周期数据缺陷的解决方案的方法。 问题报告应包括:Problem Reports are a means to identify and record the resolution to software product anomalous behavior, process non-compliance with software plans and standards, and deficiencies in software life cycle data. Problem Reports should include:
a. 识别发现问题的配置项和/或软件生命周期过程活动。Identification of the configuration item and/or the software life cycle process activity in which the problem was observed.
b. 要修改的配置项的标识或要更改的流程的描述。Identification of the configuration item(s) to be modified or a description of the process to be changed.
c. 使问题能够被理解和解决的问题描述。 问题描述应包含足够的细节,以方便评估问题的潜在安全性或功能影响。A problem description that enables the problem to be understood and resolved. The problem description should contain sufficient detail to facilitate the assessment of the potential safety or functional effects of the problem.
d. 为解决所报告的问题而采取的纠正措施的描述。A description of the corrective action taken to resolve the reported problem.
11.18 软件配置管理记录 Software Configuration Management Records
SCM 流程活动的结果记录在 SCM 记录中。 示例包括配置标识列表、基线或软件库记录、变更历史报告、存档记录和发布记录。 这些示例并不意味着需要生成这些特定类型的记录。The results of the SCM process activities are recorded in SCM Records. Examples include configuration identification lists, baseline or software library records, change history reports, archive records, and release records. These examples do not imply that records of these specific types need to be produced.
注意:由于 SCM 流程的整体性质,其输出通常会作为其他软件生命周期数据的一部分包含在内。
Note: Due to the integral nature of the SCM process, its outputs will often be included as parts of other software life cycle data.
11.19 软件质量保证记录 Software Quality Assurance Records
SQA 流程活动的结果记录在 SQA 记录中。 这些可能包括 SQA 审查或审计报告、会议纪要、授权过程偏差记录或软件合格性审查记录。The results of the SQA process activities are recorded in SQA Records. These may include SQA review or audit reports, meeting minutes, records of authorized process deviations, or software conformity review records.
11.20 软件完结综述 Software Accomplishment Summary
软件完结综述是显示遵守软件方面认证计划的主要数据项。 该摘要应包括:The Software Accomplishment Summary is the primary data item for showing compliance with the Plan for Software Aspects of Certification. This summary should include:
a. 系统概述:本节提供系统概述,包括其功能及其对硬件和软件的分配、架构、使用的处理器、硬件/软件接口和安全功能的描述。 本节还描述了与软件方面认证计划中的系统概述的任何差异。System overview: This section provides an overview of the system, including a description of its functions and their allocation to hardware and software, the architecture, the processor(s) used, the hardware/software interfaces, and safety features. This section also describes any differences from the system overview in the Plan for Software Aspects of Certification.
b. 软件概述:本节简要描述软件功能,重点强调所使用的安全和分区概念,并解释与《软件方面认证计划》中提出的软件概述的差异。Software overview: This section briefly describes the software functions with emphasis on the safety and partitioning concepts used, and explains differences from the software overview proposed in the Plan for Software Aspects of Certification.
c. 认证注意事项:本节重申了软件认证方面计划中描述的认证注意事项并描述了任何差异。Certification considerations: This section restates the certification considerations described in the Plan for Software Aspects of Certification and describes any differences.
d. 软件生命周期:本节总结了实际的软件生命周期,并解释了软件生命周期和软件认证计划中提出的软件生命周期过程的差异。Software life cycle: This section summarizes the actual software life cycle(s) and explains differences from the software life cycle and software life cycle processes proposed in the Plan for Software Aspects of Certification.
e. 软件生命周期数据:本节描述了与《软件方面认证计划》中针对所产生的软件生命周期数据提出的建议的任何差异、数据之间的关系以及与定义系统的其他数据之间的关系,以及向认证机构提供这些数据的方式。本节通过配置标识符和版本明确引用适用的软件配置索引和软件生命周期环境配置索引。软件配置索引中提供了有关配置标识符和软件生命周期数据的特定版本的详细信息。Software life cycle data: This section describes any differences from the proposals made in the Plan for Software Aspects of Certification for the software life cycle data produced, the relationship of the data to each other and to other data defining the system, and the means by which the data was made available to the certification authority. This section explicitly references, by configuration identifiers and version, the applicable Software Configuration Index and Software Life Cycle Environment Configuration Index. Detailed information regarding configuration identifiers and specific versions of software life cycle data is provided in the Software Configuration Index.
f. 其他注意事项:本节总结了可能需要认证机构注意的任何具体注意事项。 它解释了与软件方面认证计划中包含的关于此类考虑因素的建议的任何差异。 应参考适用于这些事项的数据项,例如议题文件或特殊条件。Additional considerations: This section summarizes any specific considerations that may warrant the attention of the certification authority. It explains any differences from the proposals contained in the Plan for Software Aspects of Certification regarding such considerations. Reference should be made to data items applicable to these matters, such as issue papers or special conditions.
g. 供应商监督:本节描述供应商流程和输出如何符合计划和标准。Supplier oversight: This section describes how supplier processes and outputs comply with plans and standards.
h. 软件标识:本节通过部件号和版本标识软件配置。Software identification: This section identifies the software configuration by part number and version.
i. 软件特性:本节规定了可执行目标代码的大小、时序裕度(包括最坏情况的执行时间)、内存裕度、资源限制以及用于测量每个特性的方法。Software characteristics: This section states the Executable Object Code size, timing margins including worst-case execution time, memory margins, resource limitations, and the means used for measuring each characteristic.
j. 变更历史记录:如果适用,本节包括软件变更摘要,重点关注因影响安全的故障而进行的变更,并标识自上次认证以来软件生命周期流程的任何变更和改进。Change history: If applicable, this section includes a summary of software changes with attention to changes made due to failures affecting safety, and identifies any changes from and improvements to the software life cycle processes since the previous certification.
k. 软件状态:本节包含认证时未解决的问题报告摘要。 问题报告摘要包括对每个问题和任何相关错误的描述、功能限制、操作限制、对安全的潜在不利影响以及允许问题报告保持开放的理由,以及已经或需要进行实施的任何缓解措施的详细信息。Software status: This section contains a summary of Problem Reports unresolved at the time of certification. The Problem Report summary includes a description of each problem and any associated errors, functional limitations, operational restrictions, potential adverse effect(s) on safety together with a justification for allowing the Problem Report to remain open, and details of any mitigating action that has been or needs to be carried out.
l. 合规性声明:本节包括符合本文档的声明以及用于证明符合软件计划中指定标准的方法摘要。 本节还讨论了认证机构做出的其他裁决以及与软件计划、标准和本文档的任何偏差,这些偏差在软件成就摘要的其他部分中未涵盖。Compliance statement: This section includes a statement of compliance with this document and a summary of the methods used to demonstrate compliance with criteria specified in the software plans. This section also addresses additional rulings made by the certification authority and any deviations from the software plans, standards, and this document not covered elsewhere in the Software Accomplishment Summary.
11.21 跟踪数据 Trace Data
跟踪数据建立生命周期数据项内容之间的关联。 应提供跟踪数据来证明以下之间的双向关联:Trace Data establishes the associations between life cycle data items contents. Trace Data should be provided that demonstrates bi-directional associations between:
a. 系统需求分配给软件和高级需求。System requirements allocated to software and high-level requirements.
b. 高级需求和低级需求。High-level requirements and low-level requirements.
c. 低级需求和源码。 Low-level requirements and Source Code.
d. 软件需求和测试用例。 Software Requirements and test cases.
e. 测试用例和测试程序。 Test cases and test procedures.
f. 测试程序和测试结果。 Test procedures and test results.
11.22 参数数据项文件 Parameter Data Item File
参数数据项文件由目标计算机的处理单元直接使用的数据形式组成。The Parameter Data Item File consists of a form of data that is directly usable by the processing unit of the target computer.
应为参数数据项的每个实例生成软件生命周期数据。 如果单独打包,该数据应包括对相关可执行目标代码的软件完成摘要的引用。Software life cycle data should be produced for each instantiation of a Parameter Data Item. If packaged separately, this data should include a reference to the Software Accomplishment Summary of the associated Executable Object Code.