Software Technology
A Practitioner's Guide to DO-178B,
Certification and the Emerging DO-178C
Standard
Shinto Joseph
Operations Director,
LDRA Technology Pvt. Ltd
Bangalore
Click to edit Master title style
Agenda
• Introduction
• DO-178B Overview
• Verification Activities
– Review
– Testing
– Analysis
• What’s Coming with DO-178C?
– DO-178C Structure
– Software Development Landscape
– Traceability
• Indian Scenario
• Summary
Click to edit Master title style Agenda
DO-178B Overview
Click to edit
Master title style
DO-178’s
Timeline
• DO-178, November 1981
– Basic guidance
• DO-178A, March 1985
– 3 failure conditions / software levels
• critical/1, essential/2, non-essential/3
– Development/verification steps
• DO-178B, December 1992
– 5 failure conditions / software levels
• Catastrophic/A, Hazardous/B, Major/C, Minor/D,
no effect/E
– Objectives-based
• DO-178C, 2011?
– A modest update to DO-178B (If C based
development)
– Adds guidance on model-based development,
formal methods, object-oriented technology & tool
qualification
Click Falcon
to edit Master title style
F-16
Unstable airframe
Click Falcon
to edit Master title style
F-16
Unstable airframe
Flipped crossing 0o
Click to Analysis
edit Master title style
Hazard
• What failures
can occur
• Severity
• Probability
Result - System level Safety Integrity Level (SIL)
Click to edit
Master
title style
DO-178B
Safety
Integrity
Levels
Software
Impact
Level
of Failure
A
Catastrophic
B
Hazardous
C
Major
D
Minor
E
No effect
*FAA
Probability of Failure
(per operating hour)*
10-9
10-7
10-5
10-3
N/A
System Safety Handbook, Chapter 3: Principles of System Safety; December 30,
2000
Click to edit
Master title style
DO-178B
process
Safety Assessment Process
Guidelines & Methods (ARP 4761)
Intended
Aircraft
Functions
Safety Information
System Design Information
Aircraft and System Development Processes
(ARP 4754)
Guidance for Integrated
Modular Avionics (DO-297)
Electronics Hardware
Development Lifecycle
(DO-254)
Software Development
Lifecycle (DO-178B)
Click to edit Master
title style
…..DO-178B
process
• Intended to ensure that avionics software performs its
intended function with an appropriate level of confidence in
safety.
• Defines 5 processes:
– Planning, development, verification, configuration
management and quality assurance
• Defines 5 levels of design assurance and 66 objectives:
– Level A: 66 objectives (25 with independence)
– Level B: 65 objectives (14 with independence)
– Level C: 57 objectives
– Level D: 28 objectives
– Level E: no objectives
• Provides guidelines for implementing these processes
and meeting these objectives.
Click to edit
Master title style
DO-178B
(cont.)
• Certifiable Software became central goal
– Deterministic Verification Techniques
Software
Impact
Level
of Failure
A
Catastrophic
B
Hazardous
C
Major
Structural Coverage
Technique
MC/DC
Decision
Statement
• MC/DC code coverage ensures that all conditions
that independently affect a programmatic result have
been tested
Click
to edit Process
Master title style
Verification
• Purpose: Detect and report errors that have been
introduced during the software development process.
• Objectives:
System
Requirements
satisfies
Software
Requirements
satisfies
Executable
Object Code
satisfies
satisfies
Software
Architecture
satisfies
Source
Code
Click
to edit Activities
Master title style
Verification
•
Review
− A qualitative assessment of accuracy,
completeness consistency and correctness.
•
Testing
− Demonstrate that the software satisfies its
requirements.
− Demonstrate, to an appropriate degree of
confidence, that errors that could lead to
unacceptable failure conditions have been
removed.
•
Analysis
− A quantitative assessment of accuracy,
completeness consistency and correctness.
Click to edit Master title style
Review
• A review provides a qualitative assessment of
accuracy, completeness consistency and
correctness.
standards
source
code
if (x < 0) then
z = y – 2;
else
z = y + 2;
- IP boilerplate
- Comments
- Indentation
- Complexity
-…
- Compliance with requirements
- Compliance with architecture
- Verifiability
- Accuracy and consistency
-…
Review
Result
checklist
Click to edit Master title style
Testing
• Testing demonstrates, to an appropriate
degree of confidence, that software satisfies
its requirements and that errors that could
lead to unacceptable failure conditions have
been removed.
− Requirements-based tests: verify implementation
of requirements.
− HW/SW integration tests: verify correct operation
in the target computer environment.
− SW/SW integration tests: verify software
interfaces and interrelationships.
ClickResult
to edit Analysis
Master title style
Test
• Test success
− Proceed
• Test failure
−
−
−
−
Incorrect software behavior
Incorrect requirement
Incorrect test case/procedure
Incorrect test environment/setup
Click to edit Analysis
Master title style
Traceability
Requirements
Code
Tests
• Objectives
− Verify that every requirement is implemented.
− Verify that every requirement is tested.
− Verify that every line of code has “a reason to be”.
• Common gaps
− Requirement has no associated tests:
o Missing trace information, missing tests.
− Requirement has no associated source code:
o Missing trace information, missing code,
extraneous requirement.
− Source code doesn’t trace to requirements:
o Missing trace information, extraneous code.
Click to edit Master title style
Moving from DO-178B to C:
The Essentials
Click to edit Master title style
DO-178C
Core Document
Including DO-178B &
Revised Processes
Click to edit Master title style
DO-178C
Core Document
Including DO-178B &
Revised Processes
Formal
Methods
Supplement
Model-Based
Development
Supplement
ObjectOriented
Technologies
Supplement
Click to edit Master title style
DO-178C
Core Document
Including DO-178B &
Revised Processes
Formal
Methods
Supplement
Model-Based
Development
Supplement
Tools Supplement
ObjectOriented
Technologies
Supplement
Click to edit Master title style
DO-178C
Software Development
Landscape
Click to edit Master title style
High Level
Tier 1
Requirements
Click to edit Master title style
High Level
Tier 1
Tier 2
Requirements
Modelling Tools
Formal Methods
Software Specs
Hand Code
Click to edit Master title style
High Level
Tier 1
Tier 2
Tier 3
Requirements
Modelling Tools
Formal Methods
Software Specs
Hand Code
Implementation
(Source Code / Assembly )
Click to edit Master title style
High Level
Tier 1
Tier 2
Requirements
Modelling Tools
Formal Methods
Software Specs
Hand Code
Tier 3
Implementation
(Source Code / Assembly )
Tier 4
Host Tier
(Node 1 – n)
Click to edit Master title style
High Level
Tier 1
Tier 2
Requirements
Modelling Tools
Formal Methods
Software Specs
Hand Code
Tier 3
Implementation
(Source Code / Assembly )
Tier 4
Host Tier
(Node 1 – n)
Tier 5
Target Tier
(Node 1 – n)
Click to edit Master title style
High Level
Tier 1
Requirements
LL Reqs
to HL Reqs
Tier 2
Modelling Tools
Code to
LL Reqs
Tier 3
Test Results
& Defects
Tier 4
Test Results
& Defects
Tier 5
Requirements Traceability Matrix
Formal Methods
Software Specs
Hand Code
Requirements Traceability Matrix
Implementation
(Source Code / Assembly )
Design
Review
defects
Code &
Quality
Review
defects
Requirements Traceability Matrix
Host Tier
(Node 1 – n)
Test Cases
to LL Reqs
Requirements Traceability Matrix
Test Cases
to LL Reqs
Target Tier
(Node 1 – n)
Click to edit Master title style
Traceability:
Complex
Click to edit Master
title style Sources
Complexity:
Formal
Methods
Model-Based
Development
ObjectOriented
Technologies
Low Level Requirements,
or design?
Dynamic aspects:
Coverage must be performed on target
& combined with static traces to assure completeness
Click to edit Master
title style Traces
DO-178C
Level A, B,C and D
System requirements allocated to Software
High-Level Requirements
Test Cases
Low-Level Requirements
Test Procedures
Source Code
Review and
Analysis Results
Executable Object Code
SW Architecture
Test Results
Click to edit Master
title style Traces
DO-178C
Level A, B,C and D
Level A, B and C
System requirements allocated to Software
High-Level Requirements
Test Cases
Low-Level Requirements
Test Procedures
Source Code
Review and
Analysis Results
Executable Object Code
SW Architecture
Test Results
Click to edit Master
title style Traces
DO-178C
Level A, B,C and D
Level A, B and C
Level A
System requirements allocated to Software
High-Level Requirements
Test Cases
Low-Level Requirements
Test Procedures
Source Code
Review and
Analysis Results
Executable Object Code
SW Architecture
Test Results
DOORS
Click IBM
to&Rational
edit
Master
title style
High Level
Visure IRQA...
®
®
®
Requirements
Requirements Traceability Matrix
TBreq®
Requirements
Traceability
Modelling Tools
Formal Methods
Software Specs
Hand Code
Requirements Traceability Matrix
TBmanager®
System Test
Management
Implementation
(Source Code / Assembly)
TBvision®
Code Review
Defects
Requirements Traceability Matrix
Host Tier
(Node 1 – n)
TBmanager®
Unit Test
Management
LDRA Testbed®
Design Review
Defects
Requirements Traceability Matrix
Target Tier
(Node 1 – n)
TBrun®
Host
Testing
TBrun®
Target
Testing
Click toScenario
edit Master title style
Indian
-Lack of safety awareness
-Gap between local and global practices
-Sudden demand for aerospace skills
-Need for a healthy ecosystem, backed by
long term govt. policies
-Committed engineers ready to work on
Indian projects
-Role of technology vendors
-Regulatory framework- Defense and Civilian
Click to edit Master title style
Summary
• Verification is an important component of
DO-178
− Review
− Testing
− Analysis
•
Bottom line
− Detect and report errors that have been
introduced during the software development
process.
− Ensure that the software performs its intended
function to an appropriate degree of confidence.
Click to edit Master title style
......Summary
…Requirements management / traceability
paradigm no longer adequate
• Future:
− Should accommodate emerging technologies,
methodologies
− Requires distributed, collaborative, bidirectional
traceability mechanism
− Security
− India- an aerospace powerhouse…..
Click to edit Master title style
Software Technology
www.ldra.com
[email protected]
[email protected]
Copyright © 2011 Liverpool Data Research Associates Limited