EN 
DE 1. Introduction
Virtually all functional safety standards require that a safety-critical product is developed according to the V-model of system development. Fig. 1 shows how the V-model is implemented by the autoConform® methodology and software.
Fig. 1: System development V-model of the autoConform® methodology and software
In this V-model, on the left side of the V,
- a design specification,
- one or more security analyses as well as
- a requirements specification
are created in that order at every product hierarchy level, starting from the top. On the right side of the V, verification and validation specifications, plus the associated test reports, form the „counterparts“ of the requirement specifications on the left.
Within a product architecture level, the technical requirements in the requirements specification are generated semi-automatically from the design specification and the safety analyses. The traceability of each individual generated requirement to the sources in the design specification and in the safety analyses of the same product architecture level is ensured because the autoConform® software creates these links automatically.
Similarly, the traceability of all verification and validation test specifications to the associated technical requirements is given, because the test specifications are derived from the requirements semi-automatically, and the links between requirements and test specifications are created automatically in this process.
What remains to be clarified is how the traceability of design decisions and requirements between neighbouring product architecture levels can be established automatically. Section 2 describes the linking of design decisions and Section 3 does the same for technical requirements. Section 4 summarizes the essential prerequisites for automated traceability of requirements, design decisions and tests.
2. Automated Linking of Design Decisions of Different Product Architecture Levels
Each specification document describes a "parent" and the parent‘s "child elements".
The links between the entries of hierarchically adjacent specification documents can be automated because
- the specification documents are structured in the same way at every product architecture level,
- a "parent" in the specification document of a particular product architecture level had already been introduced as a "child element" in the specification document one product architecture level above, and
- the link between "parent" and "child element" (as well as between "parent functions" and "child element functions") is described in each specification document.
If the specification documents of all product architecture levels have been created with the help of the autoConform® software and the information just described is contained in the specification documents, then the autoConform® software can automatically link design decisions, i.e. the autoConform® software can link entries in the specification documents of adjacent product architecture levels.
3. Automated Linking of Technical Requirements of Different Product Architecture Levels
The automatic linking of the technical requirements of adjacent product architecture levels exploits the fact that
a) the autoConform® software generates the technical requirements from the specification document of the respective product architecture level in the same way at every product architecture level,
b) the names introduced in the specification document for parent and child elements as well as their functions, interfaces and signals are „re-used“ without any modifications in the technical requirements
and furthermore
c) the specification documents of adjacent product architecture levels are linked to each other (see Section 2 above).
Under these conditions, the autoConform® software can automatically link technical requirements, i.e. the autoConform® software can link entries in the requirements documents of adjacent product architecture levels.
