(DO-178b)
Software Considerations in Airborne Systems and Equipment Certification
SC-167
Notes on:
(DO-178b)
|
|
|
RTCA/DO-178B: Software Considerations in Airborne Systems and Equipment
Certification, Document, Committee SC-167/Eurocae WG-12,
RTCA, Washington DC, 1992. (85 pages+)
I DON'T SELL this document -- the only place I know that you can order it from
is RTCA. See: http://www.rtca.org/downloads/doclist.html
This document, often referred to as "DO-178B" provides guidance for software planning, development, verification, configuration management, quality assurance, certification, and maintenance. It is used to guide development for flight-critical software for commercial aviation. As such, it represents the epitome of traditional process-centric software development (which is, in fact, the current state-of-the-art in providing safe software). It is an excellent starting place for software developers who have extreme software safety requirements.
The commercial aviation environment is in some ways the most demanding environment for software safety. Aircraft are now built with "full authority digital control", meaning that computers control aspects of flight with no mechanical backup mechanisms. Some aircraft are even "fly-by-wire", meaning that only computers link the aircraft controls to the flying control surfaces. Additionally, events can change very quickly in flight, especially during takeoff and landing. Therefore, there may be little time for the aircraft crew to recover from a software glitch. Because commercial are widely deployed and really are quite safe, this process arguably results in the most robust software that can be produced in a commercial development environment. Nonetheless, the resultant software is not perfect.
Related Information:
Topic coverage: (***=emphasized; **=discussed with some detail; *=mentioned)
| ** | Dependability | Electronic Hardware | ** | Requirements | |||||
| *** | Safety | *** | Software | *** | Design | ||||
| Security | Electro-Mechanical Hardware | *** | Manufacturing | ||||||
| Scalability | Control Algorithms | ** | Deployment | ||||||
| Latency | Humans | ** | Logistics | ||||||
| Affordability | Society/Institutions | Retirement |
Other topics: software development process, aviation.
Excerpt from the Introduction:
Purpose:
The purpose of this document is to provide guidelines for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements. These guidelines are in the form of:
- Objectives for software life cycle processes.
- Descriptions of activities and design considerations for achieving those objectives.
- Descriptions of the evidence that indicate that the objectives have been satisfied.
Scope:
This document discusses those aspects of airworthiness certification that pertain to the production of software for airborne systems and equipment used on aircraft or engines. In discussing those aspects, the system life cycle and its relationship with the software life cycle is described to aid in the understanding of the certification process. A complete description of the system life cycle processes, including the system safety assessment and validation processes, or aircraft and engine certification process is not intended.
Since certification issues are discussed only in relation to the software life cycle, the operational aspects of the resulting software are not discussed. For example, the certification aspects of user-modifiable data are beyond the scope of this document.
This document does not provide guidelines concerning the structure of the applicants organization, the relationships between the applicant and its suppliers, or how the responsibilities are divided. Personnel qualification criteria are also beyond the scope of this document.
1.0 INTRODUCTION 1
1.1 Purpose 1
1.2 Scope 1
1.3 Relationship to Other Documents 1
1.4 How to Use This Document 1
1.5 Document Overview 3
2.0 SYSTEM ASPECTS RELATING TO SOFTWARE DEVELOPMENT 5
2.1 Information Flow Between System and Software
Life Cycle Processes 5
2.1.1 Information Flow from System Processes to
Software Processes 6
2.1.2 Information Flow from Software Processes
to System Processes 6
2.2 Failure Condition and Software Level 6
2.2.1 Failure Condition Categorization 7
2.2.2 Software Level Definitions 7
2.2.3 Software Level Determination 8
2.3 System Architectural Considerations 8
2.3.1 Partitioning 9
2.3.2 Multiple-Version Dissimilar Software 9
2.3.3 Safety Monitoring 9
2.4 System Considerations for User-Modifiable
Software, Option-Selectable Software
and Commercial Off-The-Shelf Software 10
2.5 System Design Considerations for Field-Loadable
Software 10
2.6 System Requirements Considerations for Software
Verification 11
2.7 Software Considerations in System Verification 11
3.0 SOFTWARE LIFE CYCLE 13
3.1 Software Life Cycle Processes 13
3.2 Software Life Cycle Definition 13
3.3 Transition Criteria Between Processes 14
4.0 SOFTWARE PLANNING PROCESS 15
4.1 Software Planning Process Objectives 15
4.2 Software Planning Process Activities 15
4.3 Software Plans 16
4.4 Software Life Cycle Environment Planning 16
4.4.1 Software Development Environment 17
4.4.2 Language and Compiler Considerations 17
4.4.3 Software Test Environment 18
4.5 Software Development Standards 18
4.6 Review and Assurance of the Software Planning
Process 18
5.0 SOFTWARE DEVELOPMENT PROCESSES 19
5.1 Software Requirements Process 19
5.1.1 Software Requirements Process Objectives 19
5.1.2 Software Requirements Process Activities 19
5.2 Software Design Process 20
5.2.1 Software Design Process Objectives 20
5.2.2 Software Design Process Activities 20
5.2.3 Designing for User-Modifiable Software 21
5.3 Software Coding Process 21
5.3.1 Software Coding Process Objectives 21
5.3.2 Software Coding Process Activities 22
5.4 Integration Process 22
5.4.1 Integration Process Objectives 22
5.4.2 Integration Process Activities 22
5.4.3 Integration Considerations 23
5.5 Traceability 23
6.0 SOFTWARE VERIFICATION PROCESS 25
6.1 Software Verification Process Objectives 25
6.2 Software Verification Process Activities 26
6.3 Software Reviews ind Analyses 26
6.3.1 Reviews and Analyses of the High-Level
Requirements 27
6.3.2 Reviews and Analyses of the Low-Level
Requirements 27
6.3.3 Reviews and Analyses of the Software
Architecture 28
6.3.4 Reviews and Analyses of the Source Code 28
6.3.5 Reviews and Analyses of the Outputs of the
Integration Process 29
6.3.6 Reviews and Analyses of the Test Cases,
Procedures and Results 29
6.4 Software Testing Process 29
6.4.1 Test Environment 30
6.4.2 Requirements-Based Test Case Selection 30
6.4.2.1 Normal Range Test Cases 31
6.4.2.2 Robustness Test Cases 31
6.4.3 Requirements-Based Testing Methods 31
6.4.4 Test Coverage Analysis 33
6.4.4.1 Requirements-Based Test Coverage
Analysis 33
6.4.4.2 Structured Coverage Analysis 33
6.4.4.3 Structural Coverage Analysis
Resolution 33
7.0 SOFTWARE CONFIGURATION MANAGEMENT PROCESS 35
7.1 Software Configuration Management Process
Objectives 35
7.2 Software Configuration Management Process
Activities 35
7.2.1 Configuration Identification 35
7.2.2 Baselines and Traceability 36
7.2.3 Problem Reporting, Tracking and Corrective
Action 36
7.2.4 Change Control 37
7.2.5 Change Review 37
7.2.6 Configuration Status Accounting 37
7.2.7 Archive, Retrieval and Release 38
7.2.8 Software Load Control 38
7.2,.9 Software Life Cycle Environment Control 39
7.3 Data Control Categories 39
8.0 SOFTWARE QUALITY ASSURANCE PROCESS 41
8.1 Software Quality Assurance Process Objectives 41
8.2 Software Quality Assurance Process Activities 41
8.3 Software Conformity Review 42
9.0 CERTIFICATION LIAISON PROCESS 43
9.1 Means of Compliance and Planning 43
9.2 Compliance Substantiation 43
9.3 Minimum Software Life Cycle Data That Is
Submitted to Certification Authority 43
9.4 Software Life Cycle Data Related to Type Design 44
10.0 OVERVIEW OF AIRCRAFT AND ENGINE CERTIFICATION 45
10.1 Certification Basis 45
10.2 Software Aspects of Certification 45
10.3 Compliance Determination 45
11.0 SOFTWARE LIFE CYCLE DATA 47
11.1 Plan for Software Aspects of Certification 48
11.2 Software Development Plan 48
11.3 Software Verification Plan 49
11.4 Software Configuration Management Plan 50
11.5 Software Quality Assurance Plan 51
11.6 Software Requirements Standards 51
11.7 Software Design Standards 51
11.8 Software Code Standards 52
11.9 Software Requirements Data 52
11.10 Design Description 52
11.11 Source Code 53
11.12 Executable Object Code 53
11.13 Software Verification Cases and Procedures 53
11.14 Software Verification Results 53
11.15 Software Life Cycle Environment Configuration
Index 53
11.16 Software Configuration Index 54
11.17 Problem Reports 54
11.18 Software Configuration Management Records 55
11.19 Software Quality Assurance Records 55
11.20 Software Accomplishment Summary 55
12.0 ADDITIONAL CONSIDERATIONS 57
12.1 Use of Previously Developed Software 57
12.1.1 Modifications to Previously Developed
Software 57
12.1.2 Change of Aircraft Installation 57
12.1.3 Change of Application or Development
Environment 57
12.1.4 Upgrading A Development Baseline 58
12.1.5 Software Configuration Management
Considerations 59
12.1.6 Software Quality Assurance Considerations 59
12.2 Tool Qualification 59
12.2.1 Qualification Criteria for Software
Development Tools 60
12.2.2 Qualification Criteria for Software
Verification Tools 61
12.2.3 Tool Qualification Data 61
12.2.3.1 Tool Qualification Plan 61
12.2.3.2 Tool Operational Requirements 61
12.2.4 Tool Qualification Agreement 62
12.3 Alternative Methods 62
12.3.1 Formal Methods 62
12.3.2 Exhaustive Input Testing 63
12.3.3 Considerations for Multiple-Version
Dissimilar Software Verification 63
12.3.3.1 Independence of Multiple-Version
Dissimilar Software 64
12.3.3.2 Multiple Processor-Related
Verification 64
12.3.3.3 Multiple-Version Source Code
Verification 65
12.3.3.4 Tool Qualification for Multiple-
Version Dissimilar Software 65
12.3.3.5 Multiple Simulators and Verification 65
12.3.4 Software Reliability Models 65
12.3.5 Product Service History 65
ANNEX A PROCESS OBJECTIVES AND OUTPUTS BY SOFTWARE
LEVEL 67
ANNEX B ACRONYMS AND GLOSSARY OF TERMS 79
Acronyms 79
Glossary 80
APPENDIX A BACKGROUND OF DOCUMENT DO-178 A - I
1.0 Prior Document Version History
2.0 RTCA / EUROCAE Committee Activities in the
Production of This Document
3.0 Summary Of Differences between DO-178B and
DO-178A
APPENDIX B COMMITTEE MEMBERSHIP B - I
APPENDIX C INDEX OF TERMS C - I
APPENDIX D IMPROVEMENT SUGGESTION FORM D - I
Go to: other books | resource page
Philip Koopman: koopman@cmu.edu