Notes on:

(DO-178b)
Software Considerations in Airborne Systems and Equipment Certification

SC-167

     

RTCA/DO-178B: Software Considerations in Airborne Systems and Equipment Certification, Document, Committee SC-167/Eurocae WG-12, RTCA, Washington DC, 1992. (85 pages+)
I DON'T SELL this document -- the only place I know that you can order it from is RTCA. See: http://www.rtca.org/downloads/doclist.html

This document, often referred to as "DO-178B" provides guidance for software planning, development, verification, configuration management, quality assurance, certification, and maintenance. It is used to guide development for flight-critical software for commercial aviation. As such, it represents the epitome of traditional process-centric software development (which is, in fact, the current state-of-the-art in providing safe software). It is an excellent starting place for software developers who have extreme software safety requirements.

The commercial aviation environment is in some ways the most demanding environment for software safety. Aircraft are now built with "full authority digital control", meaning that computers control aspects of flight with no mechanical backup mechanisms. Some aircraft are even "fly-by-wire", meaning that only computers link the aircraft controls to the flying control surfaces. Additionally, events can change very quickly in flight, especially during takeoff and landing. Therefore, there may be little time for the aircraft crew to recover from a software glitch. Because commercial are widely deployed and really are quite safe, this process arguably results in the most robust software that can be produced in a commercial development environment. Nonetheless, the resultant software is not perfect.

Related Information:


Topic coverage: (***=emphasized; **=discussed with some detail; *=mentioned)

** Dependability Electronic Hardware ** Requirements
*** Safety *** Software *** Design
Security Electro-Mechanical Hardware *** Manufacturing
Scalability Control Algorithms ** Deployment
Latency Humans ** Logistics
Affordability Society/Institutions Retirement

Other topics: software development process, aviation.


Excerpt from the Introduction:

Purpose:
The purpose of this document is to provide guidelines for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements. These guidelines are in the form of:

Scope:

This document discusses those aspects of airworthiness certification that pertain to the production of software for airborne systems and equipment used on aircraft or engines. In discussing those aspects, the system life cycle and its relationship with the software life cycle is described to aid in the understanding of the certification process. A complete description of the system life cycle processes, including the system safety assessment and validation processes, or aircraft and engine certification process is not intended.

Since certification issues are discussed only in relation to the software life cycle, the operational aspects of the resulting software are not discussed. For example, the certification aspects of user-modifiable data are beyond the scope of this document.

This document does not provide guidelines concerning the structure of the applicants organization, the relationships between the applicant and its suppliers, or how the responsibilities are divided. Personnel qualification criteria are also beyond the scope of this document.


Contents:

1.0 INTRODUCTION                                       1
   1.1 Purpose                                         1

   1.2 Scope                                           1

   1.3 Relationship to Other Documents                 1
   1.4 How to Use This Document                        1
   1.5 Document Overview                               3

2.0 SYSTEM ASPECTS RELATING TO SOFTWARE DEVELOPMENT    5
   2.1 Information Flow Between System and Software
         Life Cycle Processes                          5
      2.1.1 Information Flow from System Processes to
         Software Processes                            6
      2.1.2 Information Flow from Software Processes
         to System Processes                           6
   2.2 Failure Condition and Software Level            6
      2.2.1 Failure Condition Categorization           7
      2.2.2 Software Level Definitions                 7
      2.2.3 Software Level Determination               8
   2.3 System Architectural Considerations             8
      2.3.1 Partitioning                               9
      2.3.2 Multiple-Version Dissimilar Software       9
      2.3.3 Safety Monitoring                          9
   2.4 System Considerations for User-Modifiable
         Software, Option-Selectable Software
         and Commercial Off-The-Shelf Software         10
   2.5 System Design Considerations for Field-Loadable
         Software                                      10
   2.6 System Requirements Considerations for Software
         Verification                                  11
   2.7 Software Considerations in System Verification  11

3.0 SOFTWARE LIFE CYCLE                                13
   3.1 Software Life Cycle Processes                   13
   3.2 Software Life Cycle Definition                  13
   3.3 Transition Criteria Between Processes           14

4.0 SOFTWARE PLANNING PROCESS                          15
   4.1 Software Planning Process Objectives            15
   4.2 Software Planning Process Activities            15
   4.3 Software Plans                                  16
   4.4 Software Life Cycle Environment Planning        16
      4.4.1 Software Development Environment           17
      4.4.2 Language and Compiler Considerations       17
      4.4.3 Software Test Environment                  18

   4.5 Software Development Standards                  18
   4.6 Review and Assurance of the Software Planning
         Process                                       18

5.0 SOFTWARE DEVELOPMENT PROCESSES                     19
   5.1 Software Requirements Process                   19
      5.1.1 Software Requirements Process Objectives   19
      5.1.2 Software Requirements Process Activities   19
   5.2 Software Design Process                         20
      5.2.1 Software Design Process Objectives         20
      5.2.2 Software Design Process Activities         20
      5.2.3 Designing for User-Modifiable Software     21
   5.3 Software Coding Process                         21
      5.3.1 Software Coding Process Objectives         21
      5.3.2 Software Coding Process Activities         22
   5.4 Integration Process                             22
      5.4.1 Integration Process Objectives             22
      5.4.2 Integration Process Activities             22
      5.4.3 Integration Considerations                 23
   5.5 Traceability                                    23

6.0 SOFTWARE VERIFICATION PROCESS                      25
   6.1 Software Verification Process Objectives        25
   6.2 Software Verification Process Activities        26
   6.3 Software Reviews ind Analyses                   26
      6.3.1 Reviews and Analyses of the High-Level
         Requirements                                  27
      6.3.2 Reviews and Analyses of the Low-Level
         Requirements                                  27
      6.3.3 Reviews and Analyses of the Software
         Architecture                                  28
      6.3.4 Reviews and Analyses of the Source Code    28
      6.3.5 Reviews and Analyses of the Outputs of the
         Integration Process                           29
      6.3.6 Reviews and Analyses of the Test Cases,
         Procedures and Results                        29
   6.4 Software Testing Process                        29
      6.4.1 Test Environment                           30
      6.4.2 Requirements-Based Test Case Selection     30
         6.4.2.1 Normal Range Test Cases               31
         6.4.2.2 Robustness Test Cases                 31
      6.4.3 Requirements-Based Testing Methods         31
      6.4.4 Test Coverage Analysis                     33
         6.4.4.1 Requirements-Based Test Coverage
            Analysis                                   33
         6.4.4.2 Structured Coverage Analysis          33
         6.4.4.3 Structural Coverage Analysis
            Resolution                                 33

7.0 SOFTWARE CONFIGURATION MANAGEMENT PROCESS          35
   7.1 Software Configuration Management Process
         Objectives                                    35
   7.2 Software Configuration Management Process
         Activities                                    35
      7.2.1 Configuration Identification               35
      7.2.2 Baselines and Traceability                 36
      7.2.3 Problem Reporting, Tracking and Corrective
         Action                                        36
      7.2.4 Change Control                             37
      7.2.5 Change Review                              37
      7.2.6 Configuration Status Accounting            37
      7.2.7 Archive, Retrieval and Release             38
      7.2.8 Software Load Control                      38
      7.2,.9 Software Life Cycle Environment Control   39
   7.3 Data Control Categories                         39

8.0 SOFTWARE QUALITY ASSURANCE PROCESS                 41
   8.1 Software Quality Assurance Process Objectives   41
   8.2 Software Quality Assurance Process Activities   41
   8.3 Software Conformity Review                      42

9.0 CERTIFICATION LIAISON PROCESS                      43
   9.1 Means of Compliance and Planning                43
   9.2 Compliance Substantiation                       43
   9.3 Minimum Software Life Cycle Data That Is
         Submitted to Certification Authority          43
   9.4 Software Life Cycle Data Related to Type Design 44

10.0 OVERVIEW OF AIRCRAFT AND ENGINE CERTIFICATION     45
   10.1 Certification Basis                            45
   10.2 Software Aspects of Certification              45
   10.3 Compliance Determination                       45

11.0 SOFTWARE LIFE CYCLE DATA                          47
   11.1 Plan for Software Aspects of Certification     48
   11.2 Software Development Plan                      48
   11.3 Software Verification Plan                     49
   11.4 Software Configuration Management Plan         50
   11.5 Software Quality Assurance Plan                51
   11.6 Software Requirements Standards                51
   11.7 Software Design Standards                      51
   11.8 Software Code Standards                        52
   11.9 Software Requirements Data                     52
   11.10 Design Description                            52
   11.11 Source Code                                   53
   11.12 Executable Object Code                        53
   11.13 Software Verification Cases and Procedures    53
   11.14 Software Verification Results                 53
   11.15 Software Life Cycle Environment Configuration
         Index                                         53
   11.16 Software Configuration Index                  54
   11.17 Problem Reports                               54
   11.18 Software Configuration Management Records     55
   11.19 Software Quality Assurance Records            55
   11.20 Software Accomplishment Summary               55

12.0 ADDITIONAL CONSIDERATIONS                         57
   12.1 Use of Previously Developed Software           57
      12.1.1 Modifications to Previously Developed
         Software                                      57
      12.1.2 Change of Aircraft Installation           57
      12.1.3 Change of Application or Development
         Environment                                   57
      12.1.4 Upgrading A Development Baseline          58
      12.1.5 Software Configuration Management
         Considerations                                59
      12.1.6 Software Quality Assurance Considerations 59
   12.2 Tool Qualification                             59
      12.2.1 Qualification Criteria for Software
         Development Tools                             60
      12.2.2 Qualification Criteria for Software
         Verification Tools                            61
      12.2.3 Tool Qualification Data                   61
         12.2.3.1 Tool Qualification Plan              61
         12.2.3.2 Tool Operational Requirements        61
      12.2.4 Tool Qualification Agreement              62
   12.3 Alternative Methods                            62
      12.3.1 Formal Methods                            62
      12.3.2 Exhaustive Input Testing                  63
      12.3.3 Considerations for Multiple-Version
           Dissimilar Software Verification            63
         12.3.3.1 Independence of Multiple-Version
            Dissimilar Software                        64
         12.3.3.2 Multiple Processor-Related
            Verification                               64
         12.3.3.3 Multiple-Version Source Code
            Verification                               65
         12.3.3.4 Tool Qualification for Multiple-
            Version Dissimilar Software                65
         12.3.3.5 Multiple Simulators and Verification 65
      12.3.4 Software Reliability Models               65
      12.3.5 Product Service History                   65

ANNEX A PROCESS OBJECTIVES AND OUTPUTS BY SOFTWARE
   LEVEL                                               67

ANNEX B ACRONYMS AND GLOSSARY OF TERMS                 79
   Acronyms                                            79

Glossary                                               80

APPENDIX A BACKGROUND OF DOCUMENT DO-178               A - I
   1.0 Prior Document Version History
   2.0 RTCA / EUROCAE Committee Activities in the
      Production of This Document
   3.0 Summary Of Differences between DO-178B and
      DO-178A
APPENDIX B COMMITTEE MEMBERSHIP                        B - I
APPENDIX C INDEX OF TERMS                              C - I
APPENDIX D IMPROVEMENT SUGGESTION FORM                 D - I

Go to: other books | resource page

Philip Koopman: koopman@cmu.edu