RTCA DO-178C “Software Considerations in Airborne Systems and Equipment Certification”

RTCA DO-178C“Software Considerations in Airborne Systems

and Equipment Certification”

Brock GreenhowMarch 21, 2013

Software mishaps in Aerospace Engineering

Ariane Five rocket explosion

Southern Airways 242

Gimli Glider

Patriot Missile

Future of Safety Critical Software

Increased lines of code

Increased complexity

Increased criticality

Technology changes

More with less

Increased outsourcing and offshoring

Attrition of experienced engineers

Lack of available training

Background of DO-1781982 – DO-178

1985 – DO-178A

1992 – DO-178B

2001 – DO-248B

2011 – DO-178C and supplemental material

2011 – DO-248C

Differences from DO-178B to C

Added examples and explanations

Used clearer language and terminology

Added more objectives

Bi-directional tracing

Parameter Data Item Files

Technology Supplements

ARP4754A System Development

System RequirementsAllocate requirements to softwareValidate requirements

Communication

Plan for changes to come from software

ARP4761 Aircraft and System Safety

Safety Program PlanFHA and SFHA’sPASA and PSSA’s

Software Safety Improves with timeErrors are not as obviousNeed specific requirements Involve safety and systems in software

requirement reviews

Safety continuedSeverity

ClassificationPotential Failure Condition Effect Assuranc

e Level

Catastrophic Failures would result in multiple fatalities and possible complete loss of the airplane.

A

Hazardous/Severe major

Failures would reduce the abilities of airplane or crewmembers to deal with conditions that could result in reduction of safety margins, distress and excessive workload, or even serious or fatal injuries to a small number of people.

B

Major Failures would cause similar to issues to the Hazardous/Severe major, but not as severe and likely only injuries and not casualties.

C

Minor Failures would not significantly reduce airplane safety, and only slight increase of workload and minimal discomfort.

D

No safety effect Failures have no effect on the safety of the aircraft. E

Safety Continued

Level Objective Count Objectives with independence

E 0 0

D 26 2

C 62 5

B 69 18

A 71 30

Overview of DO-178C Software Planning

Software Requirements

Software Design

Software Integration

Software Verification

Software Configuration Management

Software Quality Assurance

Software Certification

Software PlanningFive Plans

PSACSDPSVPSCMPSQAP

Three StandardsSoftware Requirement StandardsSoftware Design StandardsSoftware Coding Standards

Software RequirementsFoundation to good software

Refine Systems Requirements

Allocate enough time

Software Requirement Cycle

Bi-Directional Tracing

Baseline SWRD

Software DesignArchitecture

Structural-basedObject-oriented

Low-level RequirementsBi-Directional Tracing

SWDD

Software ImplementationCoding

Languages and compilersGood programmingStandardsTraceability

IntegrationBuild processLoad processAnalyze memory and addresses

Software VerificationReviews

Plans, requirements, design, test data

AnalysesCode and integrationCoverageOther

TestsRBTs, integrationCases, procedures, resultsTracing

Software Verification Continued

Verification of VerificationSCA, MC/DCTest data reviews

Problem ReportingFailures become PR or CRPR or CR processCIA

SVCP

Software Configuration Management

Beginning to End

All life cycle data CC1 or CC2

SCILife cycle data and versions

SLECI and Problem Reporting

Software Quality Assurance

Customer’s needs

Review plans and write SQAP

Life cycle data audits and approval

Reviews

Witness tests, builds, and loads

Problem reporting

Conformity review

Document activities for records

Software CertificationDevelop and submit PSAC

PSAC approval

Submittal and approval of SCI and SAS

SOIs

Supplemental MaterialsDO-330 Software Tool Qualification

DO-331 Model-Based Development and Verification

DO-332 Object-Oriented Technology

DO-333 Formal Methods

Software Tool QualificationSeparate Document compared to DO-178B

Three criteria

TQL

Life Cycle similar to whole software

Tool verificationReviewsRBTs

Model-Based Development and Verification

2 types of ModelsSpecificationDesign

Benefits

Potential Risks

Object-Oriented Technology

Most popular

Additional/Modified objectivesPlansDevelopmentVerification

Vulnerability guidance

Formal MethodsChanges

PlansVerification objectives

Benefits

Challenges

Sources Pictures

http://blog.copdfoundation.org/wp-content/uploads/2012/09/C-Users-sschlegel-Pictures-Question-Mark-Man.jpg

Information Rierson, L. (2013). Developing safety-critical software. Boca Raton, FL: CRC

Press.

Jacklin, S. A. NASA, (2012). Certification of safety-critical software under do-178c and do-278a . Retrieved from Ames Research Center website: http://ntrs.nasa.gov/search.jsp?R=20120016835

Arnold, D. (2000, August 23). The explosion of the ariane 5. Retrieved from http://www.ima.unm.edu/~ arnold/disasters/ariane.html

Arnold, D. (2000, August 23). The patriot missile failure. Retrieved from http://www.ima.unm.edu/~ arnold/disasters/patriot.html

Nelson, W. H. (1997). The gimli glider. Retrieved from http://www.wadenelson.com/gimli.html

Fleury, M. K. (2009, April 29). Crash of southern airways flight 242, georgia. Retrieved from http://suite101/article/crash-of-southern-airways-flight-242-a113420

Questions?