DO-178B

From Wikipedia, the free encyclopedia

DO-178B / ED-12B
Software Considerations in Airborne Systems and Equipment Certification
Latest Revision	December 1, 1992
Prepared by	RTCA SC-167 EUROCAE WG-12

DO-178B, Software Considerations in Airborne Systems and Equipment Certification is a standard for software development published by RTCA, Incorporated. The standard was developed by RTCA and EUROCAE. The FAA accepts use of DO-178B as a means of certifying software in avionics.

Contents 1 Software level 2 Processes and documents 2.1 Planning 2.2 Development 2.3 Verification 2.4 Configuration management 2.5 Quality assurance 2.6 Certification liaison 3 Certification in Europe 4 Tools 4.1 Requirements management 4.2 Development Environments 4.3 Real-time operating systems and other commercial off the shelf software 4.4 Test, verification and analysis tools 4.5 Configuration management 4.6 Traceability tools 5 Resources 6 See also 7 References 8 External links

[edit] Software level

The required level is determined from the safety assessment process and hazard analysis by examining the effects of a failure condition in the system. The failure conditions are categorized by their effects on the aircraft, crew, and passengers.

• Catastrophic - Failure may cause a crash.
• Hazardous - Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the plane due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers.
• Major - Failure is significant, but has a lesser impact that a Hazardous failure (for example, leads to passenger discomfort rather than injuries).
• Minor - Failure is noticeable, but has a lesser impact than a Major failure (for example, causing passenger inconvenience or a routine flight plan change)
• No Effect - Failure has no impact on safety, aircraft operation, or crew workload.

The number of objectives to be satisfied (with independence) is determined by the software level. In the standard, "with independence" refers to a separation of responsibilities where the person(s) who verify an objective must not be the developers of the item in question. In some cases, an automated tool may be equivalent to independence^[1].

Level	Failure condition	Objectives	With independence
A	Catastrophic	66	25
B	Hazardous	65	14
C	Major	57	2
D	Minor	28	2
E	No effect	0	0

[edit] Processes and documents

Processes are intended to support the objectives, according to the software level (A through E). Processes are described as abstract areas of work in DO-178B, and it is up to the planners of a real project to define and document the specifics of how a process will be carried out. Therefore, on a real project, the actual activities that will be done in the context of a process must be shown to support the objectives. In fact, these activities are defined by the project planners as part of the Planning process.

This objective-based nature of DO-178B allows a great deal of flexibility in regards to following different styles of software life cycle. However, once an activity within a process has been defined, it is generally expected that the project respect that documented activity within its process. Furthermore, processes (and their concrete activities) must have well defined entry and exit criteria, according to DO-178B, and a project must show that it is respecting those criteria as it performs the activities in the process.

The flexible nature of DO-178B's processes and entry/exit criteria make it difficult to implement the first time, because these aspects are abstract and there is no "base set" of activities from which to work. The intention of DO-178B was not to be prescriptive. Therefore, there are many possible and acceptable ways for a real project to define these aspects. This can be difficult the first time a company attempts to develop a civil avionics system under this standard, and has created a niche market for DO-178B training and consulting.

The processes, activities and documents described here reflect naming and structure from DO-178B. This can be different in a real-life project.

[edit] Planning

Output documents from this process:

• Plan for software aspects of certification (PSAC)
• Software development plan (SDP)
• Software verification plan (SVP)
• Software configuration management plan (SCMP)
• Software quality assurance plan (SQAP)
• System requirements
• Software requirements standard (SRS)
• Software design standard (SDS)
• Software code standard (SCS)

System requirements are typically input to the entire project.

The last 3 documents (standards) are not required for software level D.

[edit] Development

This process can be divided into sub-processes: requirements, design, code and integration.

The development process output documents:

• Software requirements data (SRD)
• Software design description (SDD)
• Source code
• Executable object code

Traceability from system requirements to all source code or executable object code is typically required (depending on software level).

Typically used software development process:

• Waterfall model
• Spiral model
• V model

[edit] Verification

Document outputs made by this process:

• Software verification cases and procedures (SVCP)
• Software verification results (SVR):
  • Review of all requirements, design and code
  • Testing of executable object code
  • Code coverage analysis

Analysis of all code and traceability from tests and results to all requirements is typically required (depending on software level).

This process typically also involves:

• Requirements based test tools
• Code coverage analyser tools

Other names for tests performed in this process can be:

• Unit testing
• Integration testing
• Black box and acceptance testing

[edit] Configuration management

Documents maintained by the configuration management process:

• Software configuration index (SCI)
• Software life cycle environment configuration index (SECI)

This process handles problem reports, changes and related activities. The configuration management process typically provides archive and revision identification of:

• Source code development environment
• Other development environments (for e.g. test/analysis tools)
• Software integration tool
• All other documents, software and hardware

[edit] Quality assurance

Output documents from the quality assurance process:

• Software quality assurance records (SQAR)
• Software conformity review (SCR)
• Software accomplishment summary (SAS)

This process performs reviews and audits to show compliance with DO-178B. The interface to the certification authority is also handled by the quality assurance process.

[edit] Certification liaison

• Typically a Designated Engineering Representative (DER) working for e.g. FAA in an airplane manufacturing company.

[edit] Certification in Europe

• Replace FAA with EASA, JAA or CAA
• Replace FAR with JAR or CS
• Replace AC with AMJ

[edit] Tools

This part contains examples of software which can be used to automate, assist or otherwise handle or help in the DO-178B processes.

[edit] Requirements management

• DOORS from Telelogic
• IBM Rational RequisitePro from IBM
• Reqtify from TNI-software
• VeroTrace from Verocel, Inc.

[edit] Development Environments

• Simulink, Stateflow and Real-Time Workshop Embedded Coder from The MathWorks
• SCORE from DDC-I
• Wind River Platform for Safety Critical DO-178B from Wind River Systems
• MULTI from Green Hills Software
• SCADE and DO-178B Code Generator from Esterel Technologies.

[edit] Real-time operating systems and other commercial off the shelf software

• GL Studio® DO-178B (Graphics Display Development) from DiSTI
• INTEGRITY-178B RTOS from Green Hills Software
• LynxOS-178 from LynuxWorks
• QNX® Neutrino® RTOS from QNX Software Systems
• Seawind®/178 Certifiable OpenGL drivers from Seaweed Systems
• uC/OS-II from Micrium Inc.
• VAPS Qualifiable Code Generator (safety-critical embedded graphics tools) from Engenuity Technologies

[edit] Test, verification and analysis tools

• Simulink Verification and Validation from The MathWorks
• SystemTest from The MathWorks
• The ADvantage Framework from ADI
• Cantata++ and AdaTEST from IPL
• CodeTest from Metrowerks
• The LDRA tool suite from LDRA
• McCabe IQ from McCabe Software
• PolySpace Verifier from PolySpace Technologies
• Test RealTime from Rational
• T-VEC from T-VEC Technologies
• VectorCAST from Vector Software
• Understand from Scitools
• VerOCode and VerOLink from Verocel, Inc.

[edit] Configuration management

• A problem management tool can provide traceability for changes.
• SCI and SECI can be created from logs in a revision control tool.

[edit] Traceability tools

• Reqtify from TNI-Software
• VeroTrace from Verocel, Inc.

[edit] Resources

• FAR Part 23/25 §1301/§1309
• FAR Part 27/29
• AC 23/25.1309
• AC 20-115B
• RTCA DO-178B
• FAA Order 8110.49 Software Approval Guidelines

[edit] See also

• Avionics software
• ARP4761 (Safety assessment process)
• ARP4754 (System development process)
• DO-248B (Final Report for clarification of DO-178B)
• DO-254 (similar to DO-178B, but for hardware)
• Requirements management (too general to be "directly applied" to DO-178B)
• IEC 61508

[edit] References

[edit] External links

• AC 25.1309-1A
• AC 20-115B
• FAA Order 8110.49