PPRuNe Forums - View Single Post - BOI into the 2012 Tornado Collision over the Moray Firth
Thread: BOI into the 2012 Tornado Collision over the Moray Firth
View Single Post
Old 8th Feb 2015, 05:41
  #391 (permalink)  
tucumseh
 
Join Date: Feb 2003
Location: uk
Posts: 3,225
Received 172 Likes on 65 Posts
PeregrineW

Your words will be ringing bells with those old hands familiar with the Mull of Kintyre case. Here is an extract from the main submission to Lord Philip's review, which he accepted. It seeks to establish that MoD lied about Boscombe and Static Code Analysis, and MoD were less than amused that the actual policy author came forward to confirm MoD lied.


Extract.... (sorry, formatting may be odd) (Discussing MoD's claims....)

Boscombe Down Tasking


It is therefore wrong to say;


Boscombe Down wished to verify the software in the FADEC system using their preferred method known as Static Code Analysis.”


It is irrelevant what Boscombe “wished” to do; the responsibility to reconcile the FADEC specification, contract terms and conditions, Trials, Evaluation and Acceptance Plan, Boscombe Down tasking and their ability to carry out that tasking lay entirely with MoD. It failed in this duty.


The following is also wrong.

The Department chose to terminate the EDS-SCICON contract at this point because the requirement for Static Code Analysis was an internal Boscombe Down policy, not supported by Defence Standards.”

Clearly, the requirement to conduct SCA was enshrined in MoD policy, which (obviously) sits above Defence Standards in the standards hierarchy. In fact, the policy specifically warns, at Annex A, A8.2 (Standards), that RTCA DO 178A and Def Stan 00-31 are less than rigorous as they do not include SCA. RTCA DO 178A was the standard against which FADEC was developed. Such a specific warning in the policy should have raised alarm.


(and a little later...........)



Summary


DUS(DP)’s policy invokes Static Code Analysis. Subsequently, Def Stan 00-55 confirmed and detailed two basic approaches to safety critical software:


· The use of formal methods (correct by design), and,
· The static analysis of the code (conformance with the design)


The nature of FADEC software required (in the words of DUS(DP)’s policy) “sophisticated mathematical proving”. SCA is such a methodology and, to this end, Boscombe Down was provided with MALPAS and SPADE.
tucumseh is offline  
Reply