RTCA DO178 C Software Considerations in Airborne Systems
RTCA DO-178 C “Software Considerations in Airborne Systems and Equipment Certification” Brock Greenhow March 21, 2013
Software mishaps in Aerospace Engineering Ariane Five rocket explosion Southern Airways 242 Gimli Glider Patriot Missile
Future of Safety Critical Software Increased lines of code Increased complexity Increased criticality Technology changes More with less Increased outsourcing and offshoring Attrition of experienced engineers Lack of available training
Background of DO-178 1982 – DO-178 1985 – DO-178 A 1992 – DO-178 B 2001 – DO-248 B 2011 – DO-178 C and supplemental material 2011 – DO-248 C
Differences from DO-178 B to C Added examples and explanations Used clearer language and terminology Added more objectives Bi-directional tracing Parameter Data Item Files Technology Supplements
ARP 4754 A System Development System Requirements Allocate requirements to software Validate requirements Communication Plan for changes to come from software
ARP 4761 Aircraft and System Safety Program Plan FHA and SFHA’s PASA and PSSA’s Software Safety Improves with time Errors are not as obvious Need specific requirements Involve safety and systems in software requirement reviews
Safety continued Severity Classification Potential Failure Condition Effect Assurance Level Catastrophic Failures would result in multiple fatalities and possible complete loss of the airplane. A Hazardous/Severe major Failures would reduce the abilities of airplane or crewmembers to deal with conditions that could result in reduction of safety margins, distress and excessive workload, or even serious or fatal injuries to a small number of people. B Major Failures would cause similar to issues to the Hazardous/Severe major, but not as severe and likely only injuries and not casualties. C Minor Failures would not significantly reduce airplane safety, and only slight increase of workload and minimal discomfort. D Failures have no effect on the safety of the aircraft. E No safety effect
Safety Continued Level Objective Count Objectives with independence E 0 0 D 26 2 C 62 5 B 69 18 A 71 30
Overview of DO-178 C Software Planning Software Requirements Software Design Software Integration Software Verification Software Configuration Management Software Quality Assurance Software Certification
Software Planning Five Plans PSAC SDP SVP SCMP SQAP Three Standards Software Requirement Standards Software Design Standards Software Coding Standards
Software Requirements Foundation to good software Refine Systems Requirements Allocate enough time Software Requirement Cycle Bi-Directional Tracing Baseline SWRD
Software Design Architecture Structural-based Object-oriented Low-level Requirements Bi-Directional Tracing SWDD
Software Implementation Coding Languages and compilers Good programming Standards Traceability Integration Build process Load process Analyze memory and addresses
Software Verification Reviews Plans, requirements, design, test data Analyses Code and integration Coverage Other Tests RBTs, integration Cases, procedures, results Tracing
Software Verification Continued Verification of Verification SCA, MC/DC Test data reviews Problem Reporting Failures become PR or CR process CIA SVCP
Software Configuration Management Beginning to End All life cycle data CC 1 or CC 2 SCI Life cycle data and versions SLECI and Problem Reporting
Software Quality Assurance Customer’s needs Review plans and write SQAP Life cycle data audits and approval Reviews Witness tests, builds, and loads Problem reporting Conformity review Document activities for records
Software Certification Develop and submit PSAC approval Submittal and approval of SCI and SAS SOIs
Supplemental Materials DO-330 Software Tool Qualification DO-331 Model-Based Development and Verification DO-332 Object-Oriented Technology DO-333 Formal Methods
Software Tool Qualification Separate Document compared to DO-178 B Three criteria TQL Life Cycle similar to whole software Tool verification Reviews RBTs
Model-Based Development and Verification 2 types of Models Specification Design Benefits Potential Risks
Object-Oriented Technology Most popular Additional/Modified objectives Plans Development Verification Vulnerability guidance
Formal Methods Changes Plans Verification objectives Benefits Challenges
Sources Pictures http: //blog. copdfoundation. org/wp-content/uploads/2012/09/C-Users-sschlegel. Pictures-Question-Mark-Man. jpg Information Rierson, L. (2013). Developing safety-critical software. Boca Raton, FL: CRC Press. Jacklin, S. A. NASA, (2012). Certification of safety-critical software under do-178 c and do 278 a. Retrieved from Ames Research Center website: http: //ntrs. nasa. gov/search. jsp? R=20120016835 Arnold, D. (2000, August 23). The explosion of the ariane 5. Retrieved from http: //www. ima. unm. edu/~arnold/disasters/ariane. html Arnold, D. (2000, August 23). The patriot missile failure. Retrieved from http: //www. ima. unm. edu/~arnold/disasters/patriot. html Nelson, W. H. (1997). The gimli glider. Retrieved from http: //www. wadenelson. com/gimli. html Fleury, M. K. (2009, April 29). Crash of southern airways flight 242, georgia. Retrieved from http: //suite 101/article/crash-of-southern-airways-flight-242 -a 113420
Questions?
- Slides: 26