

# 7

## Agenda

- FSW Development Process Overview
- FSW Subsystem Level Process
  - Requirements Phase
  - Proof of Concept and Prototyping
  - Design Phase
  - Implementation Phase
  - Version Control
  - Verification Phase
  - Delivery Review
  - Change Requests and Maintenance

#### Component Level Process

- Component Requirements Development
- Component Design
- Component Block Diagram and Ports List
- Component Implementation
- Component Unit Testing
- Integrated Testing
- Component Closeout
- Checklists
- · Status Reports
  - Weekly Progress Summary
  - Issue Tracking





## **FSW Development Process Overview**

Why is it important to have a development process?

Enables a higher chance of success by providing backing for adjusting scope and schedule.

- Scope creep
- Delays and issues with receivables
- Unavailability of items required for development and test
- Communicating risks

Improves quality: -

- Reliability
- Testability
- Maintainability
- Portability

Waterfall model fits in line with deadline driven development

The right level of process is important

- Too much process can bog you down
- Too little process makes it impossible to manage a complex project
- · Either can lead to bad outcomes



Waterfall Model (Peter Kemp / Paul Smith [CC BY 3.0])



## **FSW Development Process Overview**

#### **Development Phases**

Requirements

- Provide measurable constraints and characteristics from concept of operations

Design

- Provides blue print for software implementation given a set of requirements

Implementation

- Provides a testable product for verification

Verification

- Ensures implementation functionality and correctness

• Each phase has a review to ensure readiness for the next phase and address any issues



### **Requirements Phase**

- Why is it important to gather requirements: -
  - Map from concept of operations to specific capabilities that can be designed and implemented
  - Manages assumptions
  - Heads off disagreements/misunderstanding between designers/implementors and their stakeholders
    - "That's not what I wanted you to build!" Or
    - "That's not how I assumed it would work!"
  - Provides the structure for
    - Measuring progress of design and implementation
    - Verifying that we have built/delivered what is needed





#### **Requirements Derivation**

- Understand project level requirements and concept of operations (ConOps) i.e. what is needed for the project
  - Decompose into various software components at high level
  - Functional breakdown rather than design
- Most sub-system requirements are expected to be derived from a parent requirement, but some may be self-derived
- Artifact: Requirements specification document
- · Conduct requirements review

#### Example requirement



What makes a good requirement?





#### Proof of concept and Prototyping

- Target OS and hardware platform
- Compile and execute software on target
- Communicate over planned interfaces
- Data bandwidth and performance analysis







**MCFSW Releases** 

MCFSW Rel-2.0

MCFSW Rel-1.0

#### **Design Phase**

- Trade studies and prototyping
- Develop list of components with functionality description
  - Services
  - Communication
  - Hardware managers
  - · Hardware drivers
  - · Guidance and control
  - Science
  - Fault protection and mode management
- · List of planned releases by components



prm

FPGA GPIO

Coyote Hw

Mem Scrub

Svc Time

Drv Tme

Coyote OS

Comm

Trap Registry

FSW Util v1

MCC Interface

SIPC SPW

Buffer Manager

Watchdog

RT1553 Comm

Deframer

Framer

OCM

MCFSW Components by Release



Error v1

Jun. 2024

Aug. 2023



#### **Design Phase**

- Design Artifacts
  - Context diagrams
  - Interconnect block diagrams (topologies)
  - Sequence diagrams
  - · Data flow diagrams
  - · Component block diagrams
- Define ports and types to be used across components
- Analyze resource utilization and performance
  - Memory, CPU, I/O
- Address any concurrency issues
- · Artifacts:
  - Software architecture and design documentation
  - Trade study results
  - Resource utilization and performance analysis
  - · Receivables and deliverables list
  - · FSW release delivery schedule
  - Budget and staffing plan
- · Conduct design review





#### Implementation Phase

- Conduct component level reviews requirements, design, implementation and unit-test, integrated test results, closeout
- With good design, this should not be too complicated
- May require some design updates, but majority of design expected to be completed in design phase
- Deployment
  - Functional integration of software components
- Development test venues
  - Simulation
  - Prototype/development hardware
  - Testbed
  - EM





#### Implementation Phase

- FSW builds
  - Prototype
  - Internal releases
  - External releases to support sub-system proof of concept
- Artifacts:
  - FSW release package
    - FSW binaries, non-volatile parameter or config files
    - Documentation, build environment, config etc.
    - Dictionaries
  - Test reports
  - Preliminary requirements verification and validation matrix
- Conduct delivery review





#### **Version Control**







#### **Verification Phase**

- Critical to overall software functionality and mission success
- Catching bugs early is cheaper and easier to fix
- Driven by requirements verification
  - · Performed using test scripts executed against a release deployment
- FSW builds
  - External releases
- Development test venues
  - Simulation
  - Testbed
  - EM
  - FM





#### **Verification Phase**

- Artifacts
  - FSW release package
    - FSW binaries, non-volatile parameter or config files
    - Documentation, build environment, config etc.
    - Dictionaries
  - Test reports
  - · Requirements verification and validation matrix
- Conduct delivery review / SRCR

#### Requirements verification and validation matrix

| REQ ID                 | Short Title                  | Level 4<br>Requirement                                                                                                                        | Rationale                                                                                | L3<br>Parent          | V&V<br>Strategy | Status | V&V IDs                                          |
|------------------------|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|-----------------------|-----------------|--------|--------------------------------------------------|
| NEASC-<br>L4-<br>FSW-3 | Data<br>Storage<br>Interface | The FSW shall interface with the non-volatile data storage memory on board the flight CDH unit for read/write access for atleast 4 GB] bytes. | FSW needs<br>access to<br>this memory<br>to manage<br>science and<br>engineering<br>data | NEAS-<br>FS-L3-<br>32 | Test            | PASS   | jpl_ffs-VI-1 thru<br>jpl_ffs-VI-7,<br>prmDb-VI-1 |





#### **Delivery Review**

- Release description document (RDD)
  - · Change log
  - Version Identification
  - Project Overview and Release Description
  - Controlling Documents
  - Test Reports
  - Requirements Verification Summary
  - Idiosyncrasies and Known Issues
  - Problem Disposition
  - Detailed Contents
- Users guide
  - · Operational constraints
  - Usage guidelines
- Software design documents





### Change Requests and Maintenance







#### Component Requirements Development

- List assumptions relevant to component design
- Develop component requirements table
  - Requirement ID for traceability in unit testing
  - Requirement description and rationale
  - Indicate verification method: unit-test, inspection or analysis
  - Link to parent FSW sub-system level requirement
- Conduct component requirements review

#### 1.1. Assumptions

- · This component's cycle input port is invoked in interrupt context
- · This component's cycle input port handler is ISR safe
- This component's cycle input port is driven by a hardware triggered ISR at 512Hz per TBD requirement.
- A main loop runs forever and watches for events such as 512Hz cycle count increment and receive of new 1553 high priority command and heartbeat messages as captured in TBD requirement.
- There are 8 512Hz cycles within a 64Hz RTI, numbered 0 through 7, that are sync'd with the 64Hz RTI in hardware to guarantee
  occurrence of exactly 8 512Hz cycles within a 64Hz time slice as captured in TBD requirement.
- The 512Hz cycle number (0 through 7) is maintained in a SIPC FPGA register and available for software to read each 512Hz cycle within a 64Hz RTI per TBD requirement.
- The 512Hz interrupt is guaranteed to be generated by hardware at the expected rate throughout MCFSW execution per TBD requirement.
- The 1553 64Hz RTI MCFSW heartbeat messages are guaranteed to be received at the expected rate throughout MCFSW execution per TBD requirement.

#### 2. Requirements

| Requirement            | Description                                                                                                                                                                                       | Rationale                                                                                                                                                               | Verification<br>Method | Parent<br>Requirement |
|------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|-----------------------|
| MCFSW-SVC-<br>MAIN-001 | The MCFSW::Svc::Main component shall implement a continuous loop which forever watches for events including updates in the 512Hz cycle counter value and receive of a 1553 high priority command. | Implementation for main event<br>loop driving each 512Hz cycle<br>behavior and servicing high<br>priority commands.                                                     | Unit Test              | L4-MCFSW-<br>1010     |
| MCFSW-SVC-<br>MAIN-002 | The MCFSW::Svc::Main component shall implement an ISR handler function that increments the 512Hz cycle count by 1 for each consecutive execution of the ISR.                                      | Track number of 512Hz cycles that occur in a U32 integer that keeps incrementing by 1 for each 512Hz interrupt and rolls back to 0 automatically upon integer overflow. | Unit Test              | L4-MCFSW-<br>1010     |
| MCFSW-SVC-<br>MAIN-003 | On each iteration of its main loop, the MCFSW::Svc::Main component shall, at the start of each loop iteration, poll for a new 1553 high priority command.                                         | Check for 1553 high priority commands in each iteration of the main loop.                                                                                               | Unit Test              | L4-MCFSW-<br>1100     |





#### **Component Design**

- Develop component software design document (SDD)
  - · Component overview
  - Assumptions
  - Component level requirements
  - Design
    - Component block diagram
    - Sequence, dataflow, state transition, class diagrams
    - Port List
    - Custom data types
    - State
    - Port Behaviors
  - Commands , telemetry, events and parameters
- Reference datasheets and other technical documents as applicable
- Component and port models (FPP)
- Conduct component design review
- Design checklist walkthrough





## Component Block Diagram and Ports List

Illustrates component model (FPP)

#### 3.1. Component Diagram

The MCFSW::Svc::Main component has the following component block description diagram (BDD) diagram:



#### 3.2. Ports

The MCFSW::Svc::Main component uses the following port types:

| Kind       | Name               | Port Type                | Usage                                                        |
|------------|--------------------|--------------------------|--------------------------------------------------------------|
| output     | errorOut           | Error                    | Port to report errors.                                       |
| output     | cmdLoadOut         | CmdLoad                  | Port to load and validate commands.                          |
| output     | cmdDispatchOut     | CmdDispatch              | Port to dispatch a command.                                  |
| output     | cmdSetErrorOut     | CmdSetError              | Port to disable normal priority command dispatching.         |
| sync input | cycleIn            | Svc.Cycle                | Port to increment cycle counter in ISR context               |
| sync input | tlmGetIn           | TlmGet                   | Port to get periodic telemetry items                         |
| output     | get1553DataOut     | MCFSW_Drv.RT1553RxBufGet | Port to get new 1553 data if available                       |
| output     | strkWDogOut        | Svc.Sched                | Port to stroke GR712 and Coyote watchdog timers              |
| output     | pollGseOut         | Svc.Sched                | Port to poll for GSE uplink commands                         |
| output     | updtEEPR0M0ut      | Svc.Sched                | Port to trigger EEPROM update                                |
| output     | updtMotCtlOut      | Svc.Sched                | Port to trigger motor control update                         |
| output     | memScrubTriggerOut | Svc.Sched                | Port to trigger memory scrubbing cycle                       |
| output     | memScrubReportOut  | MemScrubReport           | Port to trigger reporting of memory scrubbing results (CMEs) |
| output     | updtTlmOut         | UpdtTlm                  | Port to trigger telemetry update                             |
| output     | rt1553PingPongOut  | MCFSW_Drv.RT1553PingPong | Port to perform 1553 ping-pong                               |





#### **Component Implementation**

- Use auto-coded component implementation template files as starting point
- · Review JPL C-Coding Standard (JPL Rules DocID 78115) and code checklist being used by the project for coding guidelines
- Reference other mature F' components for C++ coding style
- Code development
  - · Port handler behaviors
  - State management
  - Command handlers
  - Telemetry & events
  - Parameters
- Component compilation for all targets
- Static analysis (SCRUB tool GCC, Coverity, Code Sonar)
- · Conduct code review
- Code checklist walkthrough





#### **Component Unit Testing**

- Component unit tests are developed using F' unit test harness
  - Provides interfaces for invoking component ports and commands
  - · Provides macros for verifying expected behavior, telemetry and events
  - Can be executed as part of an automated regression test-suite
- Traceability of each test-case to component level requirements
- Code coverage analysis
- Unit test output and coverage results
- Conduct unit test review
- Unit test checklist walkthrough





## **Integrated Testing**

- Test component functionality with the integrated FSW build
- Test venues
  - Simulation
  - Hardware
- Test scripts
  - Send commands and verify telemetry/events
- Test reports
  - Test as-runs
  - Telemetry and event logs
- Requirements V&V
  - FSW sub-system level requirements V&V
  - Traceability for each requirement to all test-cases verifying that requirement
  - Traceability for each test case to all requirements being tested in that test case

|    |          | ↑ 🗔                                                                                                                                                                                      | ტ. დ <u>+</u>                                                                                                                            |                                                                                                                                                |                                                                                       |                       | _pwr_switch_                                                                                                       | mgi.xis [Co                                                   | працын                                                                | ymodej                                   |                |
|----|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------|-----------------------|--------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|-----------------------------------------------------------------------|------------------------------------------|----------------|
| 1  | Home     |                                                                                                                                                                                          |                                                                                                                                          | Layout Formulas [                                                                                                                              | Data R                                                                                | eview                 | View                                                                                                               |                                                               |                                                                       |                                          |                |
| 10 | 0        | * × ~                                                                                                                                                                                    | fx                                                                                                                                       |                                                                                                                                                |                                                                                       |                       |                                                                                                                    |                                                               |                                                                       |                                          |                |
|    | A        | В                                                                                                                                                                                        | С                                                                                                                                        |                                                                                                                                                | D                                                                                     | E                     |                                                                                                                    | F                                                             |                                                                       | G                                        | Н              |
|    |          | REQUIREMENT                                                                                                                                                                              |                                                                                                                                          | RQMT_DESC                                                                                                                                      | STATUS                                                                                | VENUE                 |                                                                                                                    | TEST_DESC                                                     |                                                                       | DATE (ERT)                               | DATE           |
|    | VI-1     | L4-FSW-6                                                                                                                                                                                 | The FSW shall independently switch power to each<br>subsystem not in the<br>electronics stack via the [GPI0] or the [SPI]<br>interface). |                                                                                                                                                | PASS                                                                                  | TESTSET               | current platform:<br>- turn on power, of                                                                           | channel that is des<br>check power state<br>check power state |                                                                       | 2022-089T21:05:34.000                    | 03/30/2022 21  |
|    | VI-2     | L4-FSW-6                                                                                                                                                                                 | The FSW shall independently switch power to each subsystem not in the electronics stack via the [GPIO] or the [SPI] interface).          |                                                                                                                                                | PASS                                                                                  | TESTSET               | For some channel that is not allowed:<br>- turn on power, check power state<br>- turn off power, check power state |                                                               | 2022-089T21:05:52.000                                                 | 03/30/2022 21                            |                |
|    | VI-3     | L4-FSW-6                                                                                                                                                                                 | The FSW shall independently switch power to each<br>subsystem not in the<br>electronics stack via the [GPIO] or the [SPI]<br>interface). |                                                                                                                                                | PASS                                                                                  | TESTSET               | cycled, and confi                                                                                                  | that are supposed<br>rm that they are<br>I. Confirm that cha  |                                                                       | 2022-089T21:12:20.000                    | 03/30/2022 21  |
|    |          | L4-FSW-6<br>L4-FSW-25                                                                                                                                                                    | subsystem not in the electronics stack visinterface).  The FSW shall confide the by reading value.                                       | a the [GPIO] or the [SPI]  trol the thermal subsystem at 0.1 es from , via the ADC interface, and                                              | PASS                                                                                  | TESTSET               |                                                                                                                    |                                                               | 2022-089T21:15:47.000                                                 | 0 03/30/2022 21:                         |                |
|    | Test Nan | Status=PASSED                                                                                                                                                                            | Venue=TESTBED                                                                                                                            |                                                                                                                                                | Hostname=                                                                             | Session Id=           | FSW Version=NE                                                                                                     | ASc-Rel-6.0-RC3                                               | _31f73c6a_2                                                           | 0 Date_Time=03/30/2022 2                 | TestScriptPath |
|    |          | REQ ID                                                                                                                                                                                   | Short Title                                                                                                                              | Level 4 Requirement                                                                                                                            | Ra                                                                                    | tionale               | L3<br>Parent                                                                                                       | V&V<br>Strategy                                               | Status                                                                | V&V IDs                                  |                |
|    |          | NEASC-<br>L4-<br>FSW-3                                                                                                                                                                   | Data<br>Storage<br>Interface                                                                                                             | The FSW shall interface with the non-volatile data storage memory on board the flight CDH unit for read/write access for at least 4 GB] bytes. | FSW needs<br>access to this<br>memory to<br>manage science<br>and engineering<br>data |                       | 32                                                                                                                 | Test                                                          | PASS                                                                  | jpl_ffs-VI-1 thru jp<br>VI-8, prmDb-VI-1 | ol_ffs-        |
|    |          | NEASC- L4- FSW-6  NEASC- L4- FSW-6  NEASC- Switch Control Interface  The FSW shall independently switch power to each subsystem not in the electronics stack via the [GPIO] or the [SPI] |                                                                                                                                          | power                                                                                                                                          | endent<br>switch<br>ol for each                                                       | NEAS-<br>L3-FS-<br>23 | Test                                                                                                               | PASS                                                          | pwr_eps-VI-7, pw<br>VI-8, pwr_switch_<br>VI-1 thru<br>pwr_switch_mgr- | _mgr-                                    |                |



#### **Component Closeout**

- · Verify all component requirements have been verified
- Verify any additional design and code updates have been reviewed with checklist updates
- · Verify all other component checklists have been completed
  - Design
  - Code
  - Unit Test
- Generate component metrics
  - Source lines of code (SLOC)
  - Number of commands, telemetry, events, parameters
- Conduct component closeout review
- Closeout checklist walkthrough





#### Checklists

- Can be tailored per the project's risk posture
  - Class D / CubeSats
    - May use a single simple checklist for the entire component development process
  - Type 1 Missions
    - Separate detailed checklist for each component phase including design, code, unit-test and close-out



| Component: FSW/Components/FSWImageManager                                                    |        |              |
|----------------------------------------------------------------------------------------------|--------|--------------|
| Component Owner: John                                                                        |        |              |
| Component Contributors: Mike, Peter                                                          |        |              |
|                                                                                              | Status | Notes        |
| Modeling                                                                                     |        |              |
| Model generated in MagicDraw with interfaces defined                                         | YES    |              |
| Component auto-coded using component autocoder                                               | YES    |              |
| Auto-coded component builds successfully for SPHINX platform                                 | YES    |              |
| Implementation                                                                               |        |              |
| Behaviors, states, commands, telemetry, and events implemented                               | YES    |              |
| Component builds with the topology                                                           | YES    |              |
| Deployment                                                                                   |        |              |
| Static analysis of code performed using SCRUB                                                | YES    |              |
| Component Unit Tested                                                                        | YES    |              |
| Executes with topology on SPHINX platform without any issues                                 | YES    |              |
| Close-Out                                                                                    |        |              |
| SDD generated                                                                                | YES    |              |
| Component reviewed by peer(s)                                                                | YES    | Peers: David |
| All open issues and action items related to the component have been addressed and closed out | YES    |              |

|                          | ent Unit-Test Peer Review                             | ٧.                      |                    |      |
|--------------------------|-------------------------------------------------------|-------------------------|--------------------|------|
| Software Component Name  | 21                                                    |                         |                    | Т    |
| Component Developer      |                                                       |                         |                    |      |
| Component Peer Reviewers |                                                       |                         |                    |      |
| Software Type            |                                                       |                         |                    |      |
| Review Date              |                                                       |                         |                    |      |
|                          |                                                       |                         |                    | _    |
| Question Number          | Subject                                               | Developer<br>Assessment | Peer<br>Assessment | c    |
| 8                        | Verify all requirements have been tested in unit test | Yes                     | Yes                | I    |
|                          | Unit-1                                                | Test Regressionability  |                    | lin. |
| 9                        | Has the peer re-run the unit-test suite?              | Yes                     | Yes                | Т    |
| 10                       | Are all output results repeatable?                    | Yes                     | Yes                |      |
| 11                       | Are the output results understandable?                | Yes                     | Yes                | Г    |
| 12                       | Is the unit test an automated regression style test?  |                         | Yes                | Т    |

|                                                                    | Component Code P                                                                             | eer Review              |                    |   |
|--------------------------------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------|--------------------|---|
| oftware Component Name                                             | ,                                                                                            |                         |                    |   |
| Component Developer                                                |                                                                                              |                         |                    |   |
| Component Peer<br>Reviewers                                        |                                                                                              |                         |                    |   |
| Software Type                                                      |                                                                                              |                         |                    |   |
| Review Date                                                        |                                                                                              |                         |                    |   |
| Question Number                                                    | Subject                                                                                      | Developer<br>Assessment | Peer<br>Assessment | c |
|                                                                    | Prior Phase Con                                                                              | pletion                 |                    | à |
| 1 Have all action items from the design review been closed?        |                                                                                              | Yes                     | Yes                | г |
| 2                                                                  | Do all non-closed actions items have NO code impact?                                         | Yes                     | Yes                | Г |
| 3                                                                  | Are all open SPRs for this module incorporated into the code?                                | Yes                     | Yes                | Г |
|                                                                    | Package Comple                                                                               | eteness                 |                    |   |
| 4                                                                  | Has the entire component been committed to the remote delivery branch of the Git repository. | Yes                     | Yes                | г |
| 5                                                                  | Does the reviewed software have a git hash code of the last commit?                          | Yes                     | Yes                | Г |
| 6 Does the unit compile without warnings for all required targets? |                                                                                              | Yes                     | Yes                |   |





### Weekly Progress Summary

- Highlight accomplishments and progress
- Indicate delays in receivables
- Describe pending items
- Report estimated upcoming release delivery date
- Describe current progress against development plan schedule
- Communicate problems to stakeholders early on to facilitate timely action





#### **Issue Tracking**

- · Track current progress using percent complete metric for each task
  - Compute sum of all earned completion points
- Estimate delivery dates and forecast delivery slips early on



**Completion Points** 



ZenHub Pipelines





## **Issue Tracking**



Total Planned Completion = Points for Rel-1.0





### **Earned Value Management**

- Measuring planned work against actual work completed
- Schedule variance
- Cost variance





# Questions

