RTCA DO-178C “Software Considerations in Airborne Systems and Equipment Certification” Brock Greenhow March 21, 2013
Jan 02, 2016
RTCA DO-178C“Software Considerations in Airborne Systems
and Equipment Certification”
Brock GreenhowMarch 21, 2013
Software mishaps in Aerospace Engineering
Ariane Five rocket explosion
Southern Airways 242
Gimli Glider
Patriot Missile
Future of Safety Critical Software
Increased lines of code
Increased complexity
Increased criticality
Technology changes
More with less
Increased outsourcing and offshoring
Attrition of experienced engineers
Lack of available training
Background of DO-1781982 – DO-178
1985 – DO-178A
1992 – DO-178B
2001 – DO-248B
2011 – DO-178C and supplemental material
2011 – DO-248C
Differences from DO-178B to C
Added examples and explanations
Used clearer language and terminology
Added more objectives
Bi-directional tracing
Parameter Data Item Files
Technology Supplements
ARP4754A System Development
System RequirementsAllocate requirements to softwareValidate requirements
Communication
Plan for changes to come from software
ARP4761 Aircraft and System Safety
Safety Program PlanFHA and SFHA’sPASA and PSSA’s
Software Safety Improves with timeErrors are not as obviousNeed specific requirements Involve safety and systems in software
requirement reviews
Safety continuedSeverity
ClassificationPotential Failure Condition Effect Assuranc
e Level
Catastrophic Failures would result in multiple fatalities and possible complete loss of the airplane.
A
Hazardous/Severe major
Failures would reduce the abilities of airplane or crewmembers to deal with conditions that could result in reduction of safety margins, distress and excessive workload, or even serious or fatal injuries to a small number of people.
B
Major Failures would cause similar to issues to the Hazardous/Severe major, but not as severe and likely only injuries and not casualties.
C
Minor Failures would not significantly reduce airplane safety, and only slight increase of workload and minimal discomfort.
D
No safety effect Failures have no effect on the safety of the aircraft. E
Safety Continued
Level Objective Count Objectives with independence
E 0 0
D 26 2
C 62 5
B 69 18
A 71 30
Overview of DO-178C Software Planning
Software Requirements
Software Design
Software Integration
Software Verification
Software Configuration Management
Software Quality Assurance
Software Certification
Software PlanningFive Plans
PSACSDPSVPSCMPSQAP
Three StandardsSoftware Requirement StandardsSoftware Design StandardsSoftware Coding Standards
Software RequirementsFoundation to good software
Refine Systems Requirements
Allocate enough time
Software Requirement Cycle
Bi-Directional Tracing
Baseline SWRD
Software DesignArchitecture
Structural-basedObject-oriented
Low-level RequirementsBi-Directional Tracing
SWDD
Software ImplementationCoding
Languages and compilersGood programmingStandardsTraceability
IntegrationBuild processLoad processAnalyze memory and addresses
Software VerificationReviews
Plans, requirements, design, test data
AnalysesCode and integrationCoverageOther
TestsRBTs, integrationCases, procedures, resultsTracing
Software Verification Continued
Verification of VerificationSCA, MC/DCTest data reviews
Problem ReportingFailures become PR or CRPR or CR processCIA
SVCP
Software Configuration Management
Beginning to End
All life cycle data CC1 or CC2
SCILife cycle data and versions
SLECI and Problem Reporting
Software Quality Assurance
Customer’s needs
Review plans and write SQAP
Life cycle data audits and approval
Reviews
Witness tests, builds, and loads
Problem reporting
Conformity review
Document activities for records
Software CertificationDevelop and submit PSAC
PSAC approval
Submittal and approval of SCI and SAS
SOIs
Supplemental MaterialsDO-330 Software Tool Qualification
DO-331 Model-Based Development and Verification
DO-332 Object-Oriented Technology
DO-333 Formal Methods
Software Tool QualificationSeparate Document compared to DO-178B
Three criteria
TQL
Life Cycle similar to whole software
Tool verificationReviewsRBTs
Model-Based Development and Verification
2 types of ModelsSpecificationDesign
Benefits
Potential Risks
Object-Oriented Technology
Most popular
Additional/Modified objectivesPlansDevelopmentVerification
Vulnerability guidance
Formal MethodsChanges
PlansVerification objectives
Benefits
Challenges
Sources Pictures
http://blog.copdfoundation.org/wp-content/uploads/2012/09/C-Users-sschlegel-Pictures-Question-Mark-Man.jpg
Information Rierson, L. (2013). Developing safety-critical software. Boca Raton, FL: CRC
Press.
Jacklin, S. A. NASA, (2012). Certification of safety-critical software under do-178c and do-278a . Retrieved from Ames Research Center website: http://ntrs.nasa.gov/search.jsp?R=20120016835
Arnold, D. (2000, August 23). The explosion of the ariane 5. Retrieved from http://www.ima.unm.edu/~ arnold/disasters/ariane.html
Arnold, D. (2000, August 23). The patriot missile failure. Retrieved from http://www.ima.unm.edu/~ arnold/disasters/patriot.html
Nelson, W. H. (1997). The gimli glider. Retrieved from http://www.wadenelson.com/gimli.html
Fleury, M. K. (2009, April 29). Crash of southern airways flight 242, georgia. Retrieved from http://suite101/article/crash-of-southern-airways-flight-242-a113420
Questions?