A Practitioner's Guide to DO-178B, Certification and the Emerging DO-178C

Standard

Shinto JosephOperations Director,

LDRA Technology Pvt. LtdBangalore

Software TechnologySoftware Technology

Click to edit Master title style

• Introduction• DO-178B Overview• Verification Activities

– Review– Testing– Analysis

• What’s Coming with DO-178C?– DO-178C Structure– Software Development Landscape– Traceability

• Indian Scenario• Summary

Agenda

Click to edit Master title style Agenda

DO-178B Overview

Click to edit Master title styleDO-178’s Timeline

• DO-178, November 1981– Basic guidance

• DO-178A, March 1985– 3 failure conditions / software levels

• critical/1, essential/2, non-essential/3– Development/verification steps

• DO-178B, December 1992– 5 failure conditions / software levels

• Catastrophic/A, Hazardous/B, Major/C, Minor/D, no effect/E

– Objectives-based• DO-178C, 2011?

– A modest update to DO-178B (If C based development)

– Adds guidance on model-based development, formal methods, object-oriented technology & tool

qualification

Click to edit Master title styleF-16 Falcon

Unstable airframe

Click to edit Master title styleF-16 Falcon

Unstable airframeFlipped crossing 0o

Click to edit Master title style

?• What failures

can occur

Result - System level Safety Integrity Level (SIL)

Hazard Analysis

• Severity

• Probability

Click to edit Master title style

Software Level

Impact of Failure

Probability of Failure(per operating hour)*

A Catastrophic 10-9

B Hazardous 10-7

C Major 10-5

D Minor 10-3

E No effect N/A

*FAA System Safety Handbook, Chapter 3: Principles of System Safety; December 30, 2000

DO-178B Safety Integrity Levels

Click to edit Master title style

Safety Assessment Process Guidelines & Methods (ARP 4761)

Aircraft and System Development Processes(ARP 4754)

Guidance for Integrated Modular Avionics (DO-297)

Electronics Hardware Development Lifecycle

(DO-254)

Software Development Lifecycle (DO-178B)

System Design InformationSafety InformationIntendedAircraftFunctions

Electronics Hardware Development Lifecycle

(DO-254)

Electronics Hardware Development Lifecycle

(DO-254)

DO-178B process

Click to edit Master title style…..DO-178B process

• Intended to ensure that avionics software performs its intended function with an appropriate level of confidence in safety.• Defines 5 processes:

– Planning, development, verification, configuration management and quality assurance

• Defines 5 levels of design assurance and 66 objectives:– Level A: 66 objectives (25 with independence)– Level B: 65 objectives (14 with independence)– Level C: 57 objectives – Level D: 28 objectives– Level E: no objectives

• Provides guidelines for implementing these processes and meeting these objectives.

Click to edit Master title styleDO-178B (cont.)

• Certifiable Software became central goal – Deterministic Verification Techniques

Software Level

Impact of Failure

Structural Coverage Technique

A Catastrophic MC/DC

B Hazardous Decision

C Major Statement

• MC/DC code coverage ensures that all conditions that independently affect a programmatic result have been tested

Click to edit Master title styleVerification Process

• Purpose: Detect and report errors that have been introduced during the software development process.

• Objectives: SystemRequirements

SoftwareRequirements

SoftwareArchitecture

SourceCode

ExecutableObject Code

satisfies

satisfies satisfiessatisfies

satisfies

Click to edit Master title styleVerification Activities

• Review− A qualitative assessment of accuracy,

completeness consistency and correctness.• Testing

− Demonstrate that the software satisfies its requirements.

− Demonstrate, to an appropriate degree of confidence, that errors that could lead to unacceptable failure conditions have been removed.

• Analysis− A quantitative assessment of accuracy,

completeness consistency and correctness.

Click to edit Master title styleReview

• A review provides a qualitative assessment of accuracy, completeness consistency and correctness.

if (x < 0) then z = y – 2;else z = y + 2;

- IP boilerplate- Comments- Indentation- Complexity- …

ReviewResult

- Compliance with requirements- Compliance with architecture- Verifiability- Accuracy and consistency- …

sourcecode

standards checklist

Click to edit Master title styleTesting

• Testing demonstrates, to an appropriate degree of confidence, that software satisfies its requirements and that errors that could lead to unacceptable failure conditions have been removed.

− Requirements-based tests: verify implementation of requirements.

− HW/SW integration tests: verify correct operation in the target computer environment.

− SW/SW integration tests: verify software interfaces and interrelationships.

Click to edit Master title style

• Test success− Proceed

• Test failure− Incorrect software behavior− Incorrect requirement− Incorrect test case/procedure− Incorrect test environment/setup

Test Result Analysis

Click to edit Master title styleTraceability Analysis

• Objectives− Verify that every requirement is implemented.− Verify that every requirement is tested.− Verify that every line of code has “a reason to be”.

• Common gaps− Requirement has no associated tests:

o Missing trace information, missing tests.− Requirement has no associated source code:

o Missing trace information, missing code, extraneous requirement.

− Source code doesn’t trace to requirements:o Missing trace information, extraneous code.

Requirements

Code Tests

Click to edit Master title style

Moving from DO-178B to C: The Essentials

Click to edit Master title style

Core DocumentIncluding DO-178B &Revised Processes

DO-178C

Click to edit Master title style

Core DocumentIncluding DO-178B &Revised Processes

Formal Methods

Supplement

Model-Based Development Supplement

Object- Oriented

Technologies Supplement

DO-178C

Click to edit Master title style

Core DocumentIncluding DO-178B &Revised Processes

Formal Methods

Supplement

Model-Based Development Supplement

Object- Oriented

Technologies Supplement

Tools Supplement

DO-178C

Click to edit Master title style

Software Development Landscape

DO-178C

Click to edit Master title styleTier 1Tier 1 High Level

Requirements

Click to edit Master title style

Software SpecsHand Code

Formal MethodsModelling Tools

High LevelRequirements

Tier 2

Tier 1

Click to edit Master title style

Implementation(Source Code / Assembly )

Software SpecsHand Code

Formal MethodsModelling Tools

High LevelRequirements

Tier 3

Tier 2

Tier 1

Click to edit Master title style

Host Tier(Node 1 – n)

Implementation(Source Code / Assembly )

Software SpecsHand Code

Formal MethodsModelling Tools

High LevelRequirements

Tier 4

Tier 3

Tier 2

Tier 1

Click to edit Master title style

Target Tier(Node 1 – n)

Host Tier(Node 1 – n)

Implementation(Source Code / Assembly )

Software SpecsHand Code

Formal MethodsModelling Tools

High LevelRequirements

Tier 5

Tier 4

Tier 3

Tier 2

Tier 1Tier 1

Click to edit Master title style

Test Results& Defects

Target Tier(Node 1 – n)

Host Tier(Node 1 – n)

Implementation(Source Code / Assembly )

Software SpecsHand Code

Formal Methods

High LevelRequirements

Test Results& Defects

Test Casesto LL Reqs

Test Casesto LL Reqs

LL Reqsto HL Reqs

Code to LL Reqs

Code &QualityReviewdefects

DesignReviewdefects

Requirements Traceability Matrix

Requirements Traceability Matrix

Requirements Traceability Matrix

Requirements Traceability Matrix

Tier 5

Tier 4

Tier 3

Tier 2

Tier 1

Modelling Tools

Click to edit Master title style

Traceability:Complex

Click to edit Master title styleComplexity: Sources

Dynamic aspects:Coverage must be performed on target

& combined with static traces to assure completeness

Formal Methods

Model-Based Development

Object- Oriented

Technologies

Low Level Requirements, or design?

Click to edit Master title style

System requirements allocated to Software

High-Level Requirements

Low-Level Requirements

Source Code

Executable Object Code

Test Cases

Test Procedures

Test ResultsReview and

Analysis Results

SW Architecture

DO-178C Traces

Level A, B,C and D

Click to edit Master title style

Source Code

Executable Object Code

Test Cases

Test Procedures

Test Results

Level A, B and CLevel A, B,C and D

Review and Analysis Results

SW Architecture

DO-178C Traces

System requirements allocated to Software

High-Level Requirements

Low-Level Requirements

Click to edit Master title style

Source Code

Executable Object Code

Test Cases

Test Procedures

Test Results

Level A Level A, B and CLevel A, B,C and D

Review and Analysis Results

SW Architecture

DO-178C Traces

System requirements allocated to Software

High-Level Requirements

Low-Level Requirements

Click to edit Master title style

Target Tier(Node 1 – n)

Host Tier(Node 1 – n)

Implementation(Source Code / Assembly)

Software SpecsHand Code

Formal MethodsModelling Tools

High LevelRequirements

Requirements Traceability Matrix

Requirements Traceability Matrix

Requirements Traceability Matrix

Requirements Traceability Matrix

TBreq®

RequirementsTraceability

TBmanager®

System TestManagement

TBmanager®

Unit TestManagement

TBvision®

Code ReviewDefects

LDRA Testbed®

Design ReviewDefects

TBrun®

HostTesting

TBrun®

TargetTesting

IBM® Rational® DOORS®

& Visure IRQA...

Click to edit Master title style Indian Scenario

-Lack of safety awareness -Gap between local and global practices -Sudden demand for aerospace skills -Need for a healthy ecosystem, backed by long term govt. policies -Committed engineers ready to work on Indian projects -Role of technology vendors -Regulatory framework- Defense and Civilian

Click to edit Master title styleSummary Summary

• Verification is an important component of DO-178− Review− Testing− Analysis

• Bottom line− Detect and report errors that have been

introduced during the software development process.

− Ensure that the software performs its intended function to an appropriate degree of confidence.

Click to edit Master title style ......Summary

…Requirements management / traceability paradigm no longer adequate

• Future:− Should accommodate emerging technologies,

methodologies − Requires distributed, collaborative, bidirectional

traceability mechanism− Security− India- an aerospace powerhouse…..

Click to edit Master title style

www.ldra.com

india@ldra.com

shinto.joseph@ldra.com

Software TechnologySoftware Technology

Copyright © 2011 Liverpool Data Research Associates Limited