VEROCEL

What Sets Verocel apart?

Verocel�s Extensive Safety Critical Expertise:

� Verocel�s History

� Verocel�s Management Team

The Verocel Tool Suite:

� VeroTrace

� VeroStyle

� VerOCode

� VerOLink

Verocel has developed a set of plans and standards that support the most stringent criticality level � the RTCA�s DO-178B Level A. We augment these plans with project-specific supplements to support your particular process or methodology. Verocel reviews your existing plans and standards, and provides our experience and recommendations so your project can achieve compliance with DO-178B objectives.

Verocel undertakes the development of all verification materials � analysis and reviews of design, code, and tests. We review the software requirements, add low-level requirements as necessary, and develop tests against those requirements.

The Software Life Cycle Data for certifiable software consists of requirements, designs, source code, tests, test results, and other components identified as part of the certification materials. Development of the high-level requirements, design, and source code are part of the software development process, and are the responsibility of the domain experts. The review, analysis, and testing of this software and its related components must be performed independently by verification experts, such as Verocel can provide.

Our Software Certification Life Cycle diagram shown below is a high-level description of our review, analysis, testing, and verification processes for safety critical software. Each process is further expanded to describe the process details.

Link to printable version of this diagram

The Verocel Tool Suite

Our tools automate the labor-intensive, manual processes required for software certification and approval. Our tools can automatically generate additional traceability artifacts and documents, and manage all these related artifacts in a Configuration Management (CM) system.

Verocel�s innovative tool suite has received praise from FAA Designated Engineering Representatives (DERs) for its ability to automate traceability artifacts and documents, making their auditing job much easier.

Examples of VeroTrace outputs are used to illustrate traceability in the RTCA / DO-178B Practitioners Course taught by Michael DeWalt and others from Certification Services, Inc (CSI).

VeroTrace		manages the production and review of certification traceability data.
	A number of requirement gathering and maintenance programs are available: - Some are document-based. The disadvantages are that all requirements in the document must be baselined before you can move to the next phase; for example, from the requirements phase to the design phase. *VeroTrace* allows you to baseline any subset of requirements, so you can move to each next phase in stages as requirements are ready. - Some provide limited traceability between requirements and artifacts. *VeroTrace* automatically generates hyperlinked traceability between all requirements and all artifacts. - Some provide linkage to a Configuration Management (CM) system. *VeroTrace* automatically extracts baselined artifacts from CM for review; automatically generates review checklists upon completion of the artifact review; and automatically checks in the completed review into CM. Click here for more information about *VeroTrace*.
VeroStyle		renders the XML data generated by *VeroTrace* into a document using a "stylesheet".
	*VeroTrace* uses *VeroStyle* to automatically generate online review checklists for requirements and software artifacts. Once an online review in *VeroTrace* has been passed, *VeroTrace* can automatically generate a review checklist from a template of your design using *VeroStyle. VeroStyle* is also used by *Verocel* to create a number of process and certification artifact documents; for example, functional test procedure templates; the System and Software Requirement Specifications; the Software Configuration Index; and the Requirements Traceability document. Click here for more information about *VeroStyle*.
VerOCode		measures structural coverage on the target computer at the object code level without instrumenting the source code or using special hardware.
	A number of coverage measuring tools are available. They fall into four categories: tools that instrument the code, tools that use special hardware, instruction level simulators, and instruction monitors. - Tools that instrument the code assume that the differences in the code�s behavior is unaffected by additional trace calls that are added. Modern optimizing compilers can change the code significantly, depending on control and data flow within a program. Data flow is altered by code insertion, and analysis must show that this does not compromise the capture of coverage. Many of these tools do not support assembly level instrumentation, which complicates the coverage of low-level interfacing code. - Tools that use special hardware may be available, providing that the target processor supports the tool's interfaces. Such tools are expensive. - Instruction level simulators for the target computer may be available, and may be used to support instruction level coverage if such an option is offered. These simulators are usually slow, and must be qualified before they can be used for credit. *VerOCode* is a qualified tool that uses instruction monitoring done on the target hardware itself, without instrumenting the code. Because instruction monitoring is performed at the instruction code level, *VerOCode* is particularly proficient for Level A certification. If source code coverage is shown for Level A code, then traceability between the source code and object code must be analyzed. *VerOCode* shows coverage on an assembly code listing that also displays the corresponding source code; therefore, this DO-178B objective is automatically accomplished. By using simple coding conventions in the source code, the Multiple Condition Decision Coverage (MCDC) objectives are explicitly shown. Click here for more information about *VerOCode*.
VerOLink		satisfies the control coupling objectives of DO-178B.
	The control coupling objectives of DO-178B can be particularly problematic to achieve. Control coupling is a measure of the correctness of the integration of many independently compiled object files, which form a single executable image. *VerOLink* verifies that the function calls within an executable image have been resolved correctly when the linker combines the object modules. *VerOLink* checks that the address of a called function in the executable image corresponds to the start address of the function being invoked. This in essence verifies the links produced by the system linker between function calls in separately compiled units. Click here for more information about *VerOLink*.