Safety-Critical V&V for Space
If it were to be suggested to an audience that spacecraft are launched before being tested, it might well trigger a strong sense of surprise and disbelief. Such reactions would be well-justified because the suggestion is not entirely true. However, it is also not completely in opposition to the facts. As surprising as it may seem, and contrary to common practice in other industries, spacecraft are not fully tested before being launched, and neither are test flights, except for rockets and other very specific missions.
But, there are good reasons for this lack of testing. The first is that it is simply not possible to fully test a spacecraft before launch, because we cannot fully replicate the conditions of space on the ground. The second reason is that launching a spacecraft just for the sake of testing it makes for a test case that is far too expensive to be economically viable.
The fact that spacecraft cannot be fully tested on the ground makes V&V activities even more challenging. Having participated in over fifteen space missions to date, CRITICAL Software is well aware of this challenge, and well versed on how to combine software-in-the-loop (SIL), model-in-the-loop (MIL) and hardware-in-the-loop (HIL) to achieve maximum V&V coverage on the ground, in the most efficient way.
Though testing in space is, in general, not viable, lessons can and must be learned from previous missions. Which errors occurred in the past? How were they detected and overcome? Which architectures were most and least effective? Which specification flaws or deficiencies were present? Experience is paramount in addressing all these questions and more.
CRITICAL Software’s V&V services for space include:
- Independent software Verification & Validation (ISVV): including, but not limited to, ISVV according to the mission-specific tailoring of ESA's ISVV Guide, a document that CRITICAL Software originally contributed to.
- On-board software validation (TS/RB Validation): where the scope may include the validation of the entire on-board software (OBSW), specific functional blocks only, or otherwise start from an incomplete validation state.
- AIT support: support to functional verification and/or AIT including: functional testing of central software in FV/AIT test bench, functional testing of equipment (e.g. Star Tracker), and support to proto-flight model (PFM) tests. Some of CRITICAL Software’s case studies include the CryoSat-2 mission (AIT and PFM support), ExoMars TGO (FV support including interfacing between FV, AIT and OBSW teams) and, to a lesser extent, S2 (interface between OBSW and AIT).
- On-board software V&V support: execution of specific V&V activities across the OBSW life cycle, either extending or complementing the costumer project team already in place. This service can be instantiated to respond to a project peak, contingency situation or simple outsourcing of a range of V&V activities.