Notes on:
(DO-178b)
|
|
RTCA/DO-178B: Software Considerations in Airborne Systems and Equipment
Certification, Document, Committee SC-167/Eurocae WG-12,
RTCA, Washington DC, 1992. (85 pages+)
I DON'T SELL this document -- the only place I know that you can order it from
is RTCA. See: http://www.rtca.org/downloads/doclist.html
This document, often referred to as "DO-178B" provides guidance for software planning, development, verification, configuration management, quality assurance, certification, and maintenance. It is used to guide development for flight-critical software for commercial aviation. As such, it represents the epitome of traditional process-centric software development (which is, in fact, the current state-of-the-art in providing safe software). It is an excellent starting place for software developers who have extreme software safety requirements.
The commercial aviation environment is in some ways the most demanding environment for software safety. Aircraft are now built with "full authority digital control", meaning that computers control aspects of flight with no mechanical backup mechanisms. Some aircraft are even "fly-by-wire", meaning that only computers link the aircraft controls to the flying control surfaces. Additionally, events can change very quickly in flight, especially during takeoff and landing. Therefore, there may be little time for the aircraft crew to recover from a software glitch. Because commercial are widely deployed and really are quite safe, this process arguably results in the most robust software that can be produced in a commercial development environment. Nonetheless, the resultant software is not perfect.
Related Information:
Topic coverage: (***=emphasized; **=discussed with some detail; *=mentioned)
** | Dependability | Electronic Hardware | ** | Requirements | |||||
*** | Safety | *** | Software | *** | Design | ||||
Security | Electro-Mechanical Hardware | *** | Manufacturing | ||||||
Scalability | Control Algorithms | ** | Deployment | ||||||
Latency | Humans | ** | Logistics | ||||||
Affordability | Society/Institutions | Retirement |
Other topics: software development process, aviation.
Excerpt from the Introduction:
Purpose:
The purpose of this document is to provide guidelines for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements. These guidelines are in the form of:
- Objectives for software life cycle processes.
- Descriptions of activities and design considerations for achieving those objectives.
- Descriptions of the evidence that indicate that the objectives have been satisfied.
Scope:
This document discusses those aspects of airworthiness certification that pertain to the production of software for airborne systems and equipment used on aircraft or engines. In discussing those aspects, the system life cycle and its relationship with the software life cycle is described to aid in the understanding of the certification process. A complete description of the system life cycle processes, including the system safety assessment and validation processes, or aircraft and engine certification process is not intended.
Since certification issues are discussed only in relation to the software life cycle, the operational aspects of the resulting software are not discussed. For example, the certification aspects of user-modifiable data are beyond the scope of this document.
This document does not provide guidelines concerning the structure of the applicants organization, the relationships between the applicant and its suppliers, or how the responsibilities are divided. Personnel qualification criteria are also beyond the scope of this document.
1.0 INTRODUCTION 1 1.1 Purpose 1 1.2 Scope 1 1.3 Relationship to Other Documents 1 1.4 How to Use This Document 1 1.5 Document Overview 3 2.0 SYSTEM ASPECTS RELATING TO SOFTWARE DEVELOPMENT 5 2.1 Information Flow Between System and Software Life Cycle Processes 5 2.1.1 Information Flow from System Processes to Software Processes 6 2.1.2 Information Flow from Software Processes to System Processes 6 2.2 Failure Condition and Software Level 6 2.2.1 Failure Condition Categorization 7 2.2.2 Software Level Definitions 7 2.2.3 Software Level Determination 8 2.3 System Architectural Considerations 8 2.3.1 Partitioning 9 2.3.2 Multiple-Version Dissimilar Software 9 2.3.3 Safety Monitoring 9 2.4 System Considerations for User-Modifiable Software, Option-Selectable Software and Commercial Off-The-Shelf Software 10 2.5 System Design Considerations for Field-Loadable Software 10 2.6 System Requirements Considerations for Software Verification 11 2.7 Software Considerations in System Verification 11 3.0 SOFTWARE LIFE CYCLE 13 3.1 Software Life Cycle Processes 13 3.2 Software Life Cycle Definition 13 3.3 Transition Criteria Between Processes 14 4.0 SOFTWARE PLANNING PROCESS 15 4.1 Software Planning Process Objectives 15 4.2 Software Planning Process Activities 15 4.3 Software Plans 16 4.4 Software Life Cycle Environment Planning 16 4.4.1 Software Development Environment 17 4.4.2 Language and Compiler Considerations 17 4.4.3 Software Test Environment 18 4.5 Software Development Standards 18 4.6 Review and Assurance of the Software Planning Process 18 5.0 SOFTWARE DEVELOPMENT PROCESSES 19 5.1 Software Requirements Process 19 5.1.1 Software Requirements Process Objectives 19 5.1.2 Software Requirements Process Activities 19 5.2 Software Design Process 20 5.2.1 Software Design Process Objectives 20 5.2.2 Software Design Process Activities 20 5.2.3 Designing for User-Modifiable Software 21 5.3 Software Coding Process 21 5.3.1 Software Coding Process Objectives 21 5.3.2 Software Coding Process Activities 22 5.4 Integration Process 22 5.4.1 Integration Process Objectives 22 5.4.2 Integration Process Activities 22 5.4.3 Integration Considerations 23 5.5 Traceability 23 6.0 SOFTWARE VERIFICATION PROCESS 25 6.1 Software Verification Process Objectives 25 6.2 Software Verification Process Activities 26 6.3 Software Reviews ind Analyses 26 6.3.1 Reviews and Analyses of the High-Level Requirements 27 6.3.2 Reviews and Analyses of the Low-Level Requirements 27 6.3.3 Reviews and Analyses of the Software Architecture 28 6.3.4 Reviews and Analyses of the Source Code 28 6.3.5 Reviews and Analyses of the Outputs of the Integration Process 29 6.3.6 Reviews and Analyses of the Test Cases, Procedures and Results 29 6.4 Software Testing Process 29 6.4.1 Test Environment 30 6.4.2 Requirements-Based Test Case Selection 30 6.4.2.1 Normal Range Test Cases 31 6.4.2.2 Robustness Test Cases 31 6.4.3 Requirements-Based Testing Methods 31 6.4.4 Test Coverage Analysis 33 6.4.4.1 Requirements-Based Test Coverage Analysis 33 6.4.4.2 Structured Coverage Analysis 33 6.4.4.3 Structural Coverage Analysis Resolution 33 7.0 SOFTWARE CONFIGURATION MANAGEMENT PROCESS 35 7.1 Software Configuration Management Process Objectives 35 7.2 Software Configuration Management Process Activities 35 7.2.1 Configuration Identification 35 7.2.2 Baselines and Traceability 36 7.2.3 Problem Reporting, Tracking and Corrective Action 36 7.2.4 Change Control 37 7.2.5 Change Review 37 7.2.6 Configuration Status Accounting 37 7.2.7 Archive, Retrieval and Release 38 7.2.8 Software Load Control 38 7.2,.9 Software Life Cycle Environment Control 39 7.3 Data Control Categories 39 8.0 SOFTWARE QUALITY ASSURANCE PROCESS 41 8.1 Software Quality Assurance Process Objectives 41 8.2 Software Quality Assurance Process Activities 41 8.3 Software Conformity Review 42 9.0 CERTIFICATION LIAISON PROCESS 43 9.1 Means of Compliance and Planning 43 9.2 Compliance Substantiation 43 9.3 Minimum Software Life Cycle Data That Is Submitted to Certification Authority 43 9.4 Software Life Cycle Data Related to Type Design 44 10.0 OVERVIEW OF AIRCRAFT AND ENGINE CERTIFICATION 45 10.1 Certification Basis 45 10.2 Software Aspects of Certification 45 10.3 Compliance Determination 45 11.0 SOFTWARE LIFE CYCLE DATA 47 11.1 Plan for Software Aspects of Certification 48 11.2 Software Development Plan 48 11.3 Software Verification Plan 49 11.4 Software Configuration Management Plan 50 11.5 Software Quality Assurance Plan 51 11.6 Software Requirements Standards 51 11.7 Software Design Standards 51 11.8 Software Code Standards 52 11.9 Software Requirements Data 52 11.10 Design Description 52 11.11 Source Code 53 11.12 Executable Object Code 53 11.13 Software Verification Cases and Procedures 53 11.14 Software Verification Results 53 11.15 Software Life Cycle Environment Configuration Index 53 11.16 Software Configuration Index 54 11.17 Problem Reports 54 11.18 Software Configuration Management Records 55 11.19 Software Quality Assurance Records 55 11.20 Software Accomplishment Summary 55 12.0 ADDITIONAL CONSIDERATIONS 57 12.1 Use of Previously Developed Software 57 12.1.1 Modifications to Previously Developed Software 57 12.1.2 Change of Aircraft Installation 57 12.1.3 Change of Application or Development Environment 57 12.1.4 Upgrading A Development Baseline 58 12.1.5 Software Configuration Management Considerations 59 12.1.6 Software Quality Assurance Considerations 59 12.2 Tool Qualification 59 12.2.1 Qualification Criteria for Software Development Tools 60 12.2.2 Qualification Criteria for Software Verification Tools 61 12.2.3 Tool Qualification Data 61 12.2.3.1 Tool Qualification Plan 61 12.2.3.2 Tool Operational Requirements 61 12.2.4 Tool Qualification Agreement 62 12.3 Alternative Methods 62 12.3.1 Formal Methods 62 12.3.2 Exhaustive Input Testing 63 12.3.3 Considerations for Multiple-Version Dissimilar Software Verification 63 12.3.3.1 Independence of Multiple-Version Dissimilar Software 64 12.3.3.2 Multiple Processor-Related Verification 64 12.3.3.3 Multiple-Version Source Code Verification 65 12.3.3.4 Tool Qualification for Multiple- Version Dissimilar Software 65 12.3.3.5 Multiple Simulators and Verification 65 12.3.4 Software Reliability Models 65 12.3.5 Product Service History 65 ANNEX A PROCESS OBJECTIVES AND OUTPUTS BY SOFTWARE LEVEL 67 ANNEX B ACRONYMS AND GLOSSARY OF TERMS 79 Acronyms 79 Glossary 80 APPENDIX A BACKGROUND OF DOCUMENT DO-178 A - I 1.0 Prior Document Version History 2.0 RTCA / EUROCAE Committee Activities in the Production of This Document 3.0 Summary Of Differences between DO-178B and DO-178A APPENDIX B COMMITTEE MEMBERSHIP B - I APPENDIX C INDEX OF TERMS C - I APPENDIX D IMPROVEMENT SUGGESTION FORM D - I
Go to: other books | resource page
Philip Koopman: koopman@cmu.edu