SlideShare a Scribd company logo

13_CES_DO-178B.pdf

A
AbdulQadeerKhan72

Avionics systems

Engineering
1 of 43
Download to read offline
Budapest University of Technology and Economics Department of Measurement and Information Systems Standards in Avionics System Development (Overview on DO-178B) Ákos Horváth Dept. of Measurement and Information Systems
Abstract  DO-178B (and DO-278) are used to assure safety of avionics software. These documents provide guidance in the areas of SW development, configuration management, verification and the interface to approval authorities (e.g., FAA, EASA) 2
Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 3
Overview  DO-178B - Software Considerations in Airborne Systems and Equipment Certification  Standard of RTCA Incorporation (in Europe it is ED- 12B and standard of EUROCAE)  Represents the avionics industry consensus to ensure software safety  Acceptable by FAA and EASA certification authorities  „The FAA and the civil aviation community recognize RTCA’S DO-178B as an acceptable means of compliance to the FAA regulations for SW aspects of certification.” 4
History of avionics SW complexity 5 0 50 100 150 200 250 300 350 400 MIPS LOC Mbyte/10 Digital links A-310 (1983) A-320 (1988) A-340 (1993) Exponential Growth Both A380 and B 787 have 100’s of millions LOC Ref: Subra de Salafa and Paquier
History  DO-178 in 1982 o Basic concepts of SW design assurance o Three levels of SW safety  DO-178A in 1985 o Concentrates on testing and configuration management  DO-178B in 1992 o Five levels of SW safety o From Testing focus  requirement-based  DO-278 in 2002 o Interprets DO-178B to ground and space based-systems  DO-178C in 2012 o Incorporates modern SW development and analysis techniques 6
DO178B Document Structure 7 SW Life Cycle Process System Aspects Relating To Software Development (Sec 2.) Overview of Aircraft and Engine Certification (Sec. 10.) Integral Process SW Verification (Sec. 6.) SW Configuration Mgt (Sec. 7.) SW Quality Assurance (Sec. 8.) Ceritfication Liasison (Sec. 9.) SW Life Cycle (Sec. 3.) SW Planning (Sec. 4.) SW Development (Sec. 5.) SW Life Cycle Data(Sec. 11.) Additional Considration (Sec. 12.) ANNEX A & B (FAA checklists) Appendices
Software Levels in DO-178B  Different failure conditions require different software conditions  5 levels 8
Examples DO-178B Safety Levels  Safety-Critical Levels C&D o Anti-missile defense o Data mining o Health monitoring o Mission planning and implementation o Mission simulation and training o Network-centric operation o Real-time data recording and analysis o Self-healing communication networks o Telemetry o Weapons targeting  Safety-Critical Levels A&B o Fly-by-wire controls o Auto-pilot o Air-traffic Separation Control o Glass Cockpit Information Display o Radar o Jet Engine Control o IFF (friend or foe) o Missile guidance o Missile launch o Missile self-destruct 9
Objectives for Safety Levels 10  Different levels of safety requires different objectives to be fulfilled o e.g., Level A 66, Level B 65  Defined by 10 tables in ANNEX A  Example: Table A-6 Objective 3. Objective Applicability by SW Level Output Control Category by SW Level Description Ref A B C D Descriptions Ref. A B C D Executable Object Code compiles with low-level requirements 6.4.2.1. 6.4.3. ●●○ Software Verification Cases and Procedures Software Verification Results 11.13 11.14 1 2 1 2 2 2
Objectives for Safety Levels 11  Different levels of safety requires different objectives to be fulfilled o e.g., Level A 66, Level B 65  Defined by 10 tables in ANNEX A  Example: Table A-6 Objective 3. Objective Applicability by SW Level Output Control Category by SW Level Description Ref A B C D Descriptions Ref. A B C D Executable Object Code compiles with low-level requirements 6.4.2.1. 6.4.3. ●●○ Software Verification Cases and Procedures Software Verification Results 11.13 11.14 1 2 1 2 2 2 Independence is required (full means yes) How to store the evidence
Objectives Distribution in DO-178B 12 0 5 10 15 20 25 30 35 40 45 Planning Dev. Verif. CM QA Cert. Level A (66) Level B (65) Level C (57) Level D (28)
Objectives Distribution in DO-178B 13 0 5 10 15 20 25 30 35 40 45 Planning Dev. Verif. CM QA Cert. Level A (66) Level B (65) Level C (57) Level D (28) Statement Coverage is required (the only obj. difference) Not just testing  assuring the correctness (reviews, testing and analysis)
Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 14
Typical Development road plan 15
System Development Process
System Aspects and System Safety  System requirements „have to be trusted”  start all over if changed  Failure Condition Categories (Catastrophic, major, etc.)  System Safety Assessment based on SAE ARP 4761 o Fault Tree Analysis, Dependence Diagram, Markov Analysis, Failure mode and Effect analysis, Common Cause and mode Analysis, etc.  SW requirements derived from System requirements  however, certain SW requirements can have impact on System requirements! 17
SW Safety  SW Safety level based on potential failure conditions o Level A  „failure in the SW would result in catastrophic failure condition the aircraft”  DO-178B defines the interface with the systems  DO-178B software classes o User-modifiable software • Entertainment software o Option-selectable software • Cartography software o Commercial Off-The-Shelf software • RTOS o Field-Loadable software • Maintenance software 18
Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management o Planning o Development  Certification Artifacts and Techniques  Future: DO-178C 19
Software Life Cycle  Planning should proceed all development activity  Four building blocks : o Define Requirements (R) o Design the program (D) o Code the program (C) o Integrate the program (I)  Allows various development sequences 20 Example processes: R-D-C-I  Waterfall R-C-I-C-I-C-I-R-D-C-I  Rapid prototyping R-I  Previous designed SW
The plans  Five different plans o SW Development Plan o SW Verification Plan o SW Quality Assurance Plan o SW Configuration Plan o SW Aspects of Certification  Verification, management, quality assurance and certification are overlaid on the defined development process 21
Software Planning  Transition criteria o „the minimum conditions, as defined by the software planning process, to be satisfied to enter a process” o Tells when you are done and can proceed o Good characteristics: quantifiable, documented   Additional considerations o COTS o Previously developed components  Environments o Methods and notations o Language with any constraints o Development and verification tools 22
Software Planning  SW development standards o SW requirements standard • Language to be used (e.g., plain 500 English) o SW design standards • Complexity limits, exclusion of recursion, dynamic memory allocation o SW Code standards • Syntax, semantics and constraints 23
SW Development 24  High-Level requirements o Based on system analysis and safety assessment o Black-box view of the software component o System level considerations o Functional requirements by mode of operation o Performance criteria o Timing requirements o Memory size constraints o HW and SW interfaces
SW Development 25  Low-Level requirements and Software Architecture o SW requirements o Derived from High-Level requirements o Design constraints • Task allocation • Algorithms • Data Structures o Input/output definitions o Data and Control flows o Resource management and scheduling (e.g., partition scheduling in ARINC 653) o Design Methods
SW Development 26  Source Code o Usually collection of „high- level” language and assembly o Includes linker files, compile commands etc.  Executable o Completely target computer specific o „machine readable”  Final output is the integrated system on the target platform
Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques o Verification o Configuration Management o Quality Assurance o Certification/Approval Liaison  Future: DO-178C 27
Integral Process - Verification  Two purposes o Demonstrate intended function o Demonstrate (to the extent possible) the absence of unintended function  Consists of o Reviews o Analysis o Testing  Important: The FAA or EASA representative needs to accept all part of the verification process. (e.g., test cases) 28
Integral Process - Verification  Reviews o Qualitative assessment of the process or product o Typical implementation: checklist o Applied on all SW Development process step (HLR, LLR, SA, SC, Test cases, etc.)  Analysis o Provide repeatable evidence of correctness o Typical implementation: timing, stack analysis, data flow and call-tree 29
Traceability DO-178B  Through the complete product life-cycle (30+ years)  From requirements to byte code (Level A)  Essential for maintainability  Back-annotation of errors  Typical implementation: o Excel  o Rational RequisitePro o Rational Doors  Code generators usually gives extensive support  Hard in case of multiple development tools REQ_HLR_SAFE_4_3_2_12: The take-off angle cannot be more than 55° REQ_LLR_TOM_3_67: in the eps_line method the calculated s1 variable represents the angle of attack Traceability
Integral Process – Verification Software Testing 32
Integral Process – Verification Software Testing  Categories of Tests o Normal range o Robustness (abnormal range)  Typical approaches o Equivalence Classes and Boundary Values o Multiple Iteration testing for time related functions o Testing State Transitions o Initialization with abnormal conditions o Failure modes of input data o Boundary values in loops, protection mechanisms 33
Integral Process – Verification Software Testing  Structural Coverage o Determine what software structure were not exercised  Levels: o Decision Coverage o Statement Coverage o Modified Decision Condition Coverage (MCDC) • Each decision tries every possible outcome • Each condition in a decision takes on every possible outcome • Each entry and exit point is invoked • Each condition in a decision is shown to independently affect the outcome of the decision  Gaps o Complier induced code (e.g., array bound checks) o Deactivated code o Dead code  Performed on source code, o except Level A • Correspondence must be shown • Complier optimization can introduce new code  In addition, coverage of data and control coupling is required 34
Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 IF(C AND( A OR B)) THEN Foo();  Statement Coverage (SC) Level C o Each statement is executed at least once statement
Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 Decision 2 4 or 6 or 8 + Any NO IF(C AND( A OR B)) THEN Foo();  Decision Condition Coverage (DC) Level B o Each decision tries every possible outcome o Each entry and exit point is invoke decision
Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 Decision 2 4 or 6 or 8 + Any NO MCDC 4 2,3,4, and 6 OR 2,4,5 and 6 IF(C AND( A OR B)) THEN Foo();  Modified Decision Condition Coverage (MCDC) Level A o Each decision tries every possible outcome o Each condition in a decision takes on every possible outcome o Each entry and exit point is invoked o Each condition in a decision is shown to independently affect the outcome of the decision condition
Integral Process – Certification/Approval Liaison  Communication between application developer and certification authority  Proposes compliance and obtain agreement on the plan  Software Accomplishment Summary o Covers all areas o Legal issues also (if something goes wrong the developer is responsible!) 42
Development Tool SW Development Tools(DO-178B)  Software Development Tools o Can introduce errors into the final system o Same objectives as the development process  verified on the same level as the developed application! o E.g., Scade Suite, Matlab Stateflow, Wind River Diab compiler
Development Tool V&V tools (DO-178B)  Software Verification Tools o Can only fail to detect errors o Tool operation req. Must be satisfied under normal operating conditions o e.g., static source code analyzer ASTRÉE, CAVEAT
Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 46
DO-178C  DO-178C - Software Considerations in Airborne Systems and Equipment Certification  Awaited in 2011  New certification for avionics software development  Incorporates ”novel” development and verification techniques  Core is almost the same as DO-178B but  Dedicated subgroups o SG3: Tool Qualification o SG4: Model Based Design and Verification o SG5: Object-Oriented Technology o SG6: Formal Methods 47
DO-178C  Object Oriented Technology o C++ and Ada o Safety Critical Java o Restricted use (deterministic behavior)  Tool Qualification o Special rules for tools o More than two categories  Model Based Design and Verification o Use of models for source code synthesis and verification o Early model based validation o Matlab Simulink (already used), AADL o Largest and most cumbersome subgroup  48
DO-178C  Formal methods o Already used in many projects o Mature technologies available o Defines how certification credits can be earned by its use o Can be part of the Development process o Typical tools • Model checker • Static code analyzers • Theorem provers (only in limited scenarios) 49

Recommended

Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
DO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSDO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSAdaCore
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyAversan Inc.
 
Case Study on IV&V of Attitude and Heading Reference System
Case Study on IV&V of Attitude and Heading Reference SystemCase Study on IV&V of Attitude and Heading Reference System
Case Study on IV&V of Attitude and Heading Reference SystemOak Systems
 
Nishar_Resume
Nishar_ResumeNishar_Resume
Nishar_ResumeMD NISHAR
 
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Swamy Shettru
 
Nishar resume
Nishar resumeNishar resume
Nishar resumeMD NISHAR
 
Case study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentCase study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentOak Systems
 

Recommended

Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
DO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSDO 178C Upcoming Guidance for OOS
DO 178C Upcoming Guidance for OOSAdaCore
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyAversan Inc.
 
Case Study on IV&V of Attitude and Heading Reference System
Case Study on IV&V of Attitude and Heading Reference SystemCase Study on IV&V of Attitude and Heading Reference System
Case Study on IV&V of Attitude and Heading Reference SystemOak Systems
 
Nishar_Resume
Nishar_ResumeNishar_Resume
Nishar_ResumeMD NISHAR
 
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...
Introduction to DO-178B - Software Considerations in Airborne Systems and Equ...Swamy Shettru
 
Nishar resume
Nishar resumeNishar resume
Nishar resumeMD NISHAR
 
Case study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentCase study - IV&V of Standby Engine Instrument
Case study - IV&V of Standby Engine InstrumentOak Systems
 
Avionics Software Standards
Avionics Software StandardsAvionics Software Standards
Avionics Software StandardsSushma Reddy
 
Srinivas avioinics 6yrs
Srinivas avioinics 6yrsSrinivas avioinics 6yrs
Srinivas avioinics 6yrsSrinivas KV
 
Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Seapine Software
 
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixBeyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixSeapine Software
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshopmatteobordinadacore
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah S
 
Webinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycleWebinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycleStork
 
Software Development for Safety Critical Systems
Software Development for Safety Critical SystemsSoftware Development for Safety Critical Systems
Software Development for Safety Critical SystemsÁkos Horváth
 
65sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.0965sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.09flau3388
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocessAktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocessInboundLabs (ex mon.ki inc)
 
Rajeshkanna_Resume
Rajeshkanna_ResumeRajeshkanna_Resume
Rajeshkanna_ResumeRajeshkanna Venugopal
 
CV Nagaraju Sreeram
CV Nagaraju SreeramCV Nagaraju Sreeram
CV Nagaraju Sreeramnagaraju sreeram
 
Model-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptModel-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptRajuRaju183149
 
DO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 TrailerDO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 TrailerDMAP
 
Using Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A SimplifiedUsing Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A Simplifiedcbb010
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development ProcessSabahtHussein
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development ProcessSabahtHussein
 
LTTechServices_Surya
LTTechServices_SuryaLTTechServices_Surya
LTTechServices_Suryasuryakant pallai
 
5.13 Software management control
5.13 Software management control5.13 Software management control
5.13 Software management controllpapadop
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

More Related Content

Similar to 13_CES_DO-178B.pdf

Avionics Software Standards
Avionics Software StandardsAvionics Software Standards
Avionics Software StandardsSushma Reddy
 
Srinivas avioinics 6yrs
Srinivas avioinics 6yrsSrinivas avioinics 6yrs
Srinivas avioinics 6yrsSrinivas KV
 
Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Seapine Software
 
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixBeyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixSeapine Software
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah S
 
Webinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycleWebinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycleStork
 
Software Development for Safety Critical Systems
Software Development for Safety Critical SystemsSoftware Development for Safety Critical Systems
Software Development for Safety Critical SystemsÁkos Horváth
 
65sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.0965sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.09flau3388
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocessAktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocessInboundLabs (ex mon.ki inc)
 
Model-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptModel-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptRajuRaju183149
 
DO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 TrailerDO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 TrailerDMAP
 
Using Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A SimplifiedUsing Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A Simplifiedcbb010
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development ProcessSabahtHussein
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development ProcessSabahtHussein
 
5.13 Software management control
5.13 Software management control5.13 Software management control
5.13 Software management controllpapadop
 

Similar to 13_CES_DO-178B.pdf (20)

Avionics Software Standards
Avionics Software StandardsAvionics Software Standards
Avionics Software Standards
 
Srinivas avioinics 6yrs
Srinivas avioinics 6yrsSrinivas avioinics 6yrs
Srinivas avioinics 6yrs
 
Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)
 
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixBeyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshop
 
Yakaiah_Resume_9Yrs
Yakaiah_Resume_9YrsYakaiah_Resume_9Yrs
Yakaiah_Resume_9Yrs
 
Webinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycleWebinar | APM Best Practices - Effectively managing the safety lifecycle
Webinar | APM Best Practices - Effectively managing the safety lifecycle
 
Software Development for Safety Critical Systems
Software Development for Safety Critical SystemsSoftware Development for Safety Critical Systems
Software Development for Safety Critical Systems
 
65sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.0965sp3 Rdidp Milestones.07.23.09
65sp3 Rdidp Milestones.07.23.09
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdf
 
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocessAktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
Aktuelle BPM-Erfahrungen aus komplexen Branchen. Rainer Elvermann, cbprocess
 
Rajeshkanna_Resume
Rajeshkanna_ResumeRajeshkanna_Resume
Rajeshkanna_Resume
 
CV Nagaraju Sreeram
CV Nagaraju SreeramCV Nagaraju Sreeram
CV Nagaraju Sreeram
 
Model-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptModel-Based Design & Analysis.ppt
Model-Based Design & Analysis.ppt
 
DO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 TrailerDO254 DMAP Training 2011 Trailer
DO254 DMAP Training 2011 Trailer
 
Using Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A SimplifiedUsing Doors® And Taug2® To Support A Simplified
Using Doors® And Taug2® To Support A Simplified
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development Process
 
Software Development Process
Software Development ProcessSoftware Development Process
Software Development Process
 
LTTechServices_Surya
LTTechServices_SuryaLTTechServices_Surya
LTTechServices_Surya
 
5.13 Software management control
5.13 Software management control5.13 Software management control
5.13 Software management control
 

Recently uploaded

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture designssuser87fa0c1
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 

Recently uploaded (20)

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture design
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 

13_CES_DO-178B.pdf

  • 1. Budapest University of Technology and Economics Department of Measurement and Information Systems Standards in Avionics System Development (Overview on DO-178B) Ákos Horváth Dept. of Measurement and Information Systems
  • 2. Abstract  DO-178B (and DO-278) are used to assure safety of avionics software. These documents provide guidance in the areas of SW development, configuration management, verification and the interface to approval authorities (e.g., FAA, EASA) 2
  • 3. Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 3
  • 4. Overview  DO-178B - Software Considerations in Airborne Systems and Equipment Certification  Standard of RTCA Incorporation (in Europe it is ED- 12B and standard of EUROCAE)  Represents the avionics industry consensus to ensure software safety  Acceptable by FAA and EASA certification authorities  „The FAA and the civil aviation community recognize RTCA’S DO-178B as an acceptable means of compliance to the FAA regulations for SW aspects of certification.” 4
  • 5. History of avionics SW complexity 5 0 50 100 150 200 250 300 350 400 MIPS LOC Mbyte/10 Digital links A-310 (1983) A-320 (1988) A-340 (1993) Exponential Growth Both A380 and B 787 have 100’s of millions LOC Ref: Subra de Salafa and Paquier
  • 6. History  DO-178 in 1982 o Basic concepts of SW design assurance o Three levels of SW safety  DO-178A in 1985 o Concentrates on testing and configuration management  DO-178B in 1992 o Five levels of SW safety o From Testing focus  requirement-based  DO-278 in 2002 o Interprets DO-178B to ground and space based-systems  DO-178C in 2012 o Incorporates modern SW development and analysis techniques 6
  • 7. DO178B Document Structure 7 SW Life Cycle Process System Aspects Relating To Software Development (Sec 2.) Overview of Aircraft and Engine Certification (Sec. 10.) Integral Process SW Verification (Sec. 6.) SW Configuration Mgt (Sec. 7.) SW Quality Assurance (Sec. 8.) Ceritfication Liasison (Sec. 9.) SW Life Cycle (Sec. 3.) SW Planning (Sec. 4.) SW Development (Sec. 5.) SW Life Cycle Data(Sec. 11.) Additional Considration (Sec. 12.) ANNEX A & B (FAA checklists) Appendices
  • 8. Software Levels in DO-178B  Different failure conditions require different software conditions  5 levels 8
  • 9. Examples DO-178B Safety Levels  Safety-Critical Levels C&D o Anti-missile defense o Data mining o Health monitoring o Mission planning and implementation o Mission simulation and training o Network-centric operation o Real-time data recording and analysis o Self-healing communication networks o Telemetry o Weapons targeting  Safety-Critical Levels A&B o Fly-by-wire controls o Auto-pilot o Air-traffic Separation Control o Glass Cockpit Information Display o Radar o Jet Engine Control o IFF (friend or foe) o Missile guidance o Missile launch o Missile self-destruct 9
  • 10. Objectives for Safety Levels 10  Different levels of safety requires different objectives to be fulfilled o e.g., Level A 66, Level B 65  Defined by 10 tables in ANNEX A  Example: Table A-6 Objective 3. Objective Applicability by SW Level Output Control Category by SW Level Description Ref A B C D Descriptions Ref. A B C D Executable Object Code compiles with low-level requirements 6.4.2.1. 6.4.3. ●●○ Software Verification Cases and Procedures Software Verification Results 11.13 11.14 1 2 1 2 2 2
  • 11. Objectives for Safety Levels 11  Different levels of safety requires different objectives to be fulfilled o e.g., Level A 66, Level B 65  Defined by 10 tables in ANNEX A  Example: Table A-6 Objective 3. Objective Applicability by SW Level Output Control Category by SW Level Description Ref A B C D Descriptions Ref. A B C D Executable Object Code compiles with low-level requirements 6.4.2.1. 6.4.3. ●●○ Software Verification Cases and Procedures Software Verification Results 11.13 11.14 1 2 1 2 2 2 Independence is required (full means yes) How to store the evidence
  • 12. Objectives Distribution in DO-178B 12 0 5 10 15 20 25 30 35 40 45 Planning Dev. Verif. CM QA Cert. Level A (66) Level B (65) Level C (57) Level D (28)
  • 13. Objectives Distribution in DO-178B 13 0 5 10 15 20 25 30 35 40 45 Planning Dev. Verif. CM QA Cert. Level A (66) Level B (65) Level C (57) Level D (28) Statement Coverage is required (the only obj. difference) Not just testing  assuring the correctness (reviews, testing and analysis)
  • 14. Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 14
  • 17. System Aspects and System Safety  System requirements „have to be trusted”  start all over if changed  Failure Condition Categories (Catastrophic, major, etc.)  System Safety Assessment based on SAE ARP 4761 o Fault Tree Analysis, Dependence Diagram, Markov Analysis, Failure mode and Effect analysis, Common Cause and mode Analysis, etc.  SW requirements derived from System requirements  however, certain SW requirements can have impact on System requirements! 17
  • 18. SW Safety  SW Safety level based on potential failure conditions o Level A  „failure in the SW would result in catastrophic failure condition the aircraft”  DO-178B defines the interface with the systems  DO-178B software classes o User-modifiable software • Entertainment software o Option-selectable software • Cartography software o Commercial Off-The-Shelf software • RTOS o Field-Loadable software • Maintenance software 18
  • 19. Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management o Planning o Development  Certification Artifacts and Techniques  Future: DO-178C 19
  • 20. Software Life Cycle  Planning should proceed all development activity  Four building blocks : o Define Requirements (R) o Design the program (D) o Code the program (C) o Integrate the program (I)  Allows various development sequences 20 Example processes: R-D-C-I  Waterfall R-C-I-C-I-C-I-R-D-C-I  Rapid prototyping R-I  Previous designed SW
  • 21. The plans  Five different plans o SW Development Plan o SW Verification Plan o SW Quality Assurance Plan o SW Configuration Plan o SW Aspects of Certification  Verification, management, quality assurance and certification are overlaid on the defined development process 21
  • 22. Software Planning  Transition criteria o „the minimum conditions, as defined by the software planning process, to be satisfied to enter a process” o Tells when you are done and can proceed o Good characteristics: quantifiable, documented   Additional considerations o COTS o Previously developed components  Environments o Methods and notations o Language with any constraints o Development and verification tools 22
  • 23. Software Planning  SW development standards o SW requirements standard • Language to be used (e.g., plain 500 English) o SW design standards • Complexity limits, exclusion of recursion, dynamic memory allocation o SW Code standards • Syntax, semantics and constraints 23
  • 24. SW Development 24  High-Level requirements o Based on system analysis and safety assessment o Black-box view of the software component o System level considerations o Functional requirements by mode of operation o Performance criteria o Timing requirements o Memory size constraints o HW and SW interfaces
  • 25. SW Development 25  Low-Level requirements and Software Architecture o SW requirements o Derived from High-Level requirements o Design constraints • Task allocation • Algorithms • Data Structures o Input/output definitions o Data and Control flows o Resource management and scheduling (e.g., partition scheduling in ARINC 653) o Design Methods
  • 26. SW Development 26  Source Code o Usually collection of „high- level” language and assembly o Includes linker files, compile commands etc.  Executable o Completely target computer specific o „machine readable”  Final output is the integrated system on the target platform
  • 27. Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques o Verification o Configuration Management o Quality Assurance o Certification/Approval Liaison  Future: DO-178C 27
  • 28. Integral Process - Verification  Two purposes o Demonstrate intended function o Demonstrate (to the extent possible) the absence of unintended function  Consists of o Reviews o Analysis o Testing  Important: The FAA or EASA representative needs to accept all part of the verification process. (e.g., test cases) 28
  • 29. Integral Process - Verification  Reviews o Qualitative assessment of the process or product o Typical implementation: checklist o Applied on all SW Development process step (HLR, LLR, SA, SC, Test cases, etc.)  Analysis o Provide repeatable evidence of correctness o Typical implementation: timing, stack analysis, data flow and call-tree 29
  • 30. Traceability DO-178B  Through the complete product life-cycle (30+ years)  From requirements to byte code (Level A)  Essential for maintainability  Back-annotation of errors  Typical implementation: o Excel  o Rational RequisitePro o Rational Doors  Code generators usually gives extensive support  Hard in case of multiple development tools REQ_HLR_SAFE_4_3_2_12: The take-off angle cannot be more than 55° REQ_LLR_TOM_3_67: in the eps_line method the calculated s1 variable represents the angle of attack Traceability
  • 31. Integral Process – Verification Software Testing 32
  • 32. Integral Process – Verification Software Testing  Categories of Tests o Normal range o Robustness (abnormal range)  Typical approaches o Equivalence Classes and Boundary Values o Multiple Iteration testing for time related functions o Testing State Transitions o Initialization with abnormal conditions o Failure modes of input data o Boundary values in loops, protection mechanisms 33
  • 33. Integral Process – Verification Software Testing  Structural Coverage o Determine what software structure were not exercised  Levels: o Decision Coverage o Statement Coverage o Modified Decision Condition Coverage (MCDC) • Each decision tries every possible outcome • Each condition in a decision takes on every possible outcome • Each entry and exit point is invoked • Each condition in a decision is shown to independently affect the outcome of the decision  Gaps o Complier induced code (e.g., array bound checks) o Deactivated code o Dead code  Performed on source code, o except Level A • Correspondence must be shown • Complier optimization can introduce new code  In addition, coverage of data and control coupling is required 34
  • 34. Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 IF(C AND( A OR B)) THEN Foo();  Statement Coverage (SC) Level C o Each statement is executed at least once statement
  • 35. Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 Decision 2 4 or 6 or 8 + Any NO IF(C AND( A OR B)) THEN Foo();  Decision Condition Coverage (DC) Level B o Each decision tries every possible outcome o Each entry and exit point is invoke decision
  • 36. Integral Process – Verification Software Testing # A B C Foo Executed 1 0 0 0 NO 2 0 0 1 NO 3 0 1 0 NO 4 0 1 1 YES 5 1 0 0 NO 6 1 0 1 YES 7 1 1 0 NO 8 1 1 1 YES Coverage Type Minimum # of Test Cases Possible Combinations Statement 1 4 or 6 or 8 Decision 2 4 or 6 or 8 + Any NO MCDC 4 2,3,4, and 6 OR 2,4,5 and 6 IF(C AND( A OR B)) THEN Foo();  Modified Decision Condition Coverage (MCDC) Level A o Each decision tries every possible outcome o Each condition in a decision takes on every possible outcome o Each entry and exit point is invoked o Each condition in a decision is shown to independently affect the outcome of the decision condition
  • 37. Integral Process – Certification/Approval Liaison  Communication between application developer and certification authority  Proposes compliance and obtain agreement on the plan  Software Accomplishment Summary o Covers all areas o Legal issues also (if something goes wrong the developer is responsible!) 42
  • 38. Development Tool SW Development Tools(DO-178B)  Software Development Tools o Can introduce errors into the final system o Same objectives as the development process  verified on the same level as the developed application! o E.g., Scade Suite, Matlab Stateflow, Wind River Diab compiler
  • 39. Development Tool V&V tools (DO-178B)  Software Verification Tools o Can only fail to detect errors o Tool operation req. Must be satisfied under normal operating conditions o e.g., static source code analyzer ASTRÉE, CAVEAT
  • 40. Agenda  Introduction to DO-178B  System Aspects  Software Lifecycle Management  Certification Artifacts and Techniques  Future: DO-178C 46
  • 41. DO-178C  DO-178C - Software Considerations in Airborne Systems and Equipment Certification  Awaited in 2011  New certification for avionics software development  Incorporates ”novel” development and verification techniques  Core is almost the same as DO-178B but  Dedicated subgroups o SG3: Tool Qualification o SG4: Model Based Design and Verification o SG5: Object-Oriented Technology o SG6: Formal Methods 47
  • 42. DO-178C  Object Oriented Technology o C++ and Ada o Safety Critical Java o Restricted use (deterministic behavior)  Tool Qualification o Special rules for tools o More than two categories  Model Based Design and Verification o Use of models for source code synthesis and verification o Early model based validation o Matlab Simulink (already used), AADL o Largest and most cumbersome subgroup  48
  • 43. DO-178C  Formal methods o Already used in many projects o Mature technologies available o Defines how certification credits can be earned by its use o Can be part of the Development process o Typical tools • Model checker • Static code analyzers • Theorem provers (only in limited scenarios) 49