|
|
 The following are common questions addressed by our company's formal DO-178B training classes. |
|
|
|
A brief response to these most popular DO-178B questions is provided below; for additional DO-178B answers please contact us or attend our formal DO-178B training classes. |
What is RTCA/ DO-178B? What is DO178B? What is Do-178B? What is DO/178? What is D0178B? What is DO178? These are all popular terms for the same document: RTCA/DO-178B: Software Considerations in Airborne Systems and Equipment Certification. RTCA is the acronym for Radio Technical Commission for Aeronautics and is located at 1828 L Street, NW, Suite 805, Washington, D.C. 20036. RTCA/DO-178B was developed by the commercial avionics industry to establish software guidelines for avionics software developers. The first version, DO-178 covered the basic avionics software lifecycle. The second version, DO-178A, added avionics software criticality level details and emphasized software component testing to obtain quality. The current version, DO-178B, evolved avionics software quality via added planning, continuous quality monitoring, and testing in real-world conditions. Technically, DO-178B is merely a guideline. In reality, it is a strict requirement. At merely 100 pages, DO-178B is all things to all people, which means it is quite broad in nature and requires in-depth understanding of intent, voluminous ancillary documentation, and case studies to be properly used.
What is DO-254? DO-254 (also known as DO254, D0254 and Eurocae ED-80) is a formal avionics standard which provides guidance for design assurance of airborne electronic hardware. DO-254 provides certification information from project conception, planning, design, implementation, testing, and validation, including DO-254 Tool Qualification considerations. DO-254 and DO-178B are actually quite similar, with both having major contributions via personnel with formal software process expertise. Until recently, avionics hardware certification did not require the same strict avionics certification standards as did software via DO-178B. But, avionics systems are comprised of both hardware and software, with each have near-equal affect upon airworthiness. Now, most avionics projects come under a DO-254 certification or compliance mandate. Additional information can be found via our formal DO-254 training provided in 1-day and 2-day formats.
What is a DER? A DER (Designated Engineering Representative) is an appointed engineering resource who has the authority to pass judgment on aviation-related design/development. An avionics software Designated Engineering Representative may be appointed to act as a Company DER and/or a Consultant DER. A Company DER can act as a Designated Engineering Representative for his/her employer and may only approve or recommend approval of technical data to the FAA for that company. A Consultant DER is an individual appointed to act as an independent consultant DER to approve or recommend approval of technical data to the FAA. Our DO-178B training provides additional details.
What is DO-178C? RTCA DO-178C will be the latest revision to DO-178B; DO178C was initiated in March 2005 with formal publication planned for 2008. HighRely’s DERs have provided input to DO178C and also participate in the ongoing committee meetings. D0-178C will have the following key attributes which differ, or clarify DO-178B: improved clarification on avionics object oriented technology, formal avionics software modeling, avionics systems versus software boundaries, more consistency across the avionics software lifecycle, and consolidate various RTCA avionics documents. Otherwise, D0178C will maintain most of the principles of its predecessor. HighRely’s DO-178C training provides all the information necessary to succeed with your DO178C software project. 
What is the added DO-178B cost? DO-178B is often thought to add 50-200% to avionics software development. In reality, actual additional DO-178B cost should be on the order of 25%-40%, presuming basic high-reliability (SEI CMM and CMMI Level 2 or 3) software engineering principles are used from the onset. Our RTCA/DO-178B courses show how to minimize avionics software development costs (info<at>highrely-dot-com).
What are the DO-178B benefits? In addition to being necessary for flight products, DO-178B benefits include: verifiable software quality, higher reliability, consistency, greater re-usability, lower lifecycle costs, decreased maintenance cost, faster hardware integration, and greater portability.
What are the top ten DO-178B certification risks? Simply, doing too much work ($), and neglecting key artifacts/steps, cause cost overruns averaging 40%. With expert DO-178B Training and FAA Training, this is unnecessary. Specific risks are: 1) inadequate DO-178B low-level software requirements; 2) vagueness within the five key DO-178B process plans prior to initiating those lifecycles; 3) insufficient independence of DO-178B reviews; 4) insufficient DO-178B checklists for reviews; 5) inadequate DO-178B traceability between components; 6) insufficient advance FAA coordination/approvals; 7) incomplete DO-178B structural coverage for decision condition and MCDC coverage; 8) over doing DO-178B tool qualification; 9) not applying DO-254 to hardware; 9.5) avionics outsourcing without a clear DO-178B Project Plan covering details for the avionic outsource team; and 10) reading the DO-178B document word-for-word and not understanding the true intent ?
Can you apply DO-178B reverse engineering to your existing software? Yes, while DO-178B applies principally to new, custom software, there are provisions to apply DO-178B reverse-engineering to previously developed software, preserving most of the already completed work.
What is DO-178B Tool Qualification? Software development requires many tools including design tools, code generation tools, compilers/linkers, libraries, test tools, and structural coverage tools. DO-178B tool qualification pertains to development and testing tools. Different qualification criteria apply to each and most tools do NOT need to be qualified. When required, DO-178B tool qualification utilizes a subset of DO-178B.
What is DO-178B GAP Analysis? DO178B Gap Analysis is an evaluation of your current avionics software engineering process and artifacts as contrasted to those required by DO-178B. While DO-178B was principally written to cover original, custom developed avionics software, there is recognition that previously developed software can be DO-178B certified. In many cases, particularly military avionics software, DO-178B Compliance is used instead of DO-178B certification. DO-178B Compliance is near-certification but does not require FAA involvement and several of the formal DO-178B requirements are lessened. DO-178B Gap Analysis is typically performed by trained DO-178B consultants or Designated Engineering Representatives. The resultant DO-178B Gap Analysis RoadMap assesses all of the software processes and artifacts; it provides details for filling the gap to meet DO-178B compliance or certification requirements.
What is MC/DC? The official definition of MCDC, Modified Condition/Decision Coverage) is Every point of entry and exit in the program has been invoked at least once, every condition in a decision in the program has taken on all possible outcomes at least once, and each condition has been shown to affect that decision outcome independently. A condition is shown to affect a decisions outcome independently by varying just that decision while holding fixed all other possible conditions. The key to successful, and accurate, MCDC testing is to analyze each sourcecode construct for potential MCDC applicability and then develop sufficient test cases to ensure that each condition in that construct is independently verified per the aforementioned MC/DC definition. Today, most MC/DC testing is done with the assistance of DO-178B qualified structural coverage tools, particularly MCDC tools.
What is avionics dead code? DO-178B dead code is executable (binary) software that will never be executed during runtime operations. D0178B generally does not allow for the presence of dead code: it must be removed. Dead code does not trace to any software requirements, hence does not perform any required functionality. Note that unreferenced variables or functions which are not called (hence are unreferenced) elsewhere in the program are usually removed via the compiler or linker; since they are not present in the binary executable load image, they are not dead code per DO-178B. Our DO178 training provides additional details for handling dead code.
What is avionics deactivated code? DO-178B deactivated code is executable (binary) software that will not be executed during runtime operations of a particular software version within a particular avionics box; however, the code may be executed during maintenance or special operations, or be executed within a different or future version of the software within a different configuration or avionics box. Unlike dead code (see above), deactivated code may be left in the source baseline. Special DO-178B deactivated code aspects must be followed; these are fully described in our DO-178B classes.
What is DO-178B Requirements Traceability? D0178B requirements traceability pertains to the correlation of individual requirements to the design, code, and test elements affiliated with implementing and verifying each requirement. Requirements traceability can be many-to-one, and one-to-many. Requirements traceability needs to be from top-to-bottom (requirements to design to code, and requirements to test); this proves that all requirements have corresponding design elements, sourcecode, and tests. Requirements traceability also needs to be bottom-to-up (tests to requirements, code to design, and design to requirements); this proves that all code, design, and test elements are necessary and have requirements which they implement or verify. Our company uses RelyTRACE (from HighRely) for requirements traceability with templates to fully handle your productivity and tracking needs.
Which software language is best for avionics software? High order languages (requiring a compiler with complex syntax construction capabilities) are strongly preferred as they are simply safer. Safe avionics software? Yes, DO-178B emphasizes code consistency, visibility, determinism, defensive coding, robustness, requirements and design traceability, software peer reviews per detailed checklists, thorough testing via structural coverage and real-world asynchronous testing.
Per the above, avionics code is best written in Ada, C and C++. With all languages, a safe subset should be used. Ada was was former defacto avionics language standard, and Ada95 improved the Objected Oriented capabilities. However, the tide is behind C and C++; not because of inherent superiorities, but rather the wider availability of development tools and engineers able to develop real-time embedded C and C++.
Which DO-178B Configuration Management (CM) tools are best?
DO-178B requires configuration management of all software lifecycle artifacts including requirements, design, code, tests, documentation, etc. However, DO178B does not require specific tools, not even for avionics configuration management. Hence, avionics configuration management can be performed manually and even via a purely paper-based system. However, virtually all avionics and DO-178B software projects would be better served via configuration management tool. Simple tools (free or low-cost: $0 - $200/user) provide for basic software version control, check-in/check-out, and document management. Higher cost tools provide more complexity and automation of the required DO-178B configuration management processes including problem tracking, version branching, reviews/statusing, metrics, etc. No commercially available FAA CM tool known to us, however, performs all of the required DO-178B configuration management process steps. In particular, data security, offsite backups, peer reviewing each change, and ensuring no unwarranted changes were made, are all DO-178B configuration management process steps that are typically performed outside the scope of an avionics configuration management tool.
What is a DO-178B Checklist? Checklists are used to ascertain and track DO-178B compliance. They are available from two sources, both easily available 1) in the back of the RTCA/DO-178B Checklist section in the appendices of DO-178B, and 2) from Boeing via D6-35071.
What is DO-178B Independence? DO-178B independence is the attribute of separate development and review authority applied to different DO-178B lifecycle process steps. Development refers to origination of a DO-178B required artifact (requirements, design, code, test, etc). Review authority refers to an individual tasked with the required DO-178B compliance review of that artifact. The tables in the back of DO-178B describe which artifacts must be reviewed. The tables also cite the level of DO-178B independence to be applied to each review; this independence levels are dictated by the criticality level associated with each review protocol. Additional information, practical examples, and clear case studies are provided via our DO-178B training.
What is a DO-178B Criticality Level? There are five D0/178B criticality levels, with DO-178B Level A being most critical and DO-178B Level E being least critical. The DO-178B criticality level is based upon the contribution of the associated software to potential failure conditions. DO-178B failure conditions are determined by the FAA system safety assessment process. Each avionics system has one defined criticality level (and must be approved by the FAA); however, different components within that system can have differing criticality levels subject to certain guidelines. The higher the DO-178B criticality level, the greater the amount of software development effort required. Our DO-178B Training provides additional details on DO-178B criticality levels and how to determine, apply and optimize. Additional information on each DO-178B critical level are provided below:
What is DO-178B Level A? DO-178B Level A software is software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a catastrophic failure condition for the aircraft. Failure of DO-178B Level A software could be typified by total loss of life. Approximately 20-30% of avionics systems and 40% of avionics software code must meet DO-178B Level A criteria.
What is DO-178B Level B? DO-178B Level B software is software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a hazardous/severe-major failure condition for the aircraft. Failure of DO-178B Level B software could be typified by some loss of life. Approximately 20% of avionics systems and 30% of avionics software code must meet DO-178B Level B criteria.
What is DO-178B Level C? DO-178B Level C software is software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a major failure condition for the aircraft. Failure of DO-178B Level C software could be typified by serious injuries. Approximately 25% of avionics systems and 20% of avionics software code must meet DO-178B Level C criteria.
What is DO-178B Level D? DO-178B Level D software is software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function resulting in a minor failure condition for the aircraft. Failure of DO-178B Level D software could be typified by minor injuries. Approximately 20% of avionics systems and 10% of avionics software code must meet DO-178B Level D criteria.
What is DO-178B Level E? DO-178B Level E software is software whose anomalous behavior, as shown by the system safety assessment process, would cause or contribute to a failure of system function with no effect on aircraft operational capability or pilot workload. Failure of DO-178B Level E software would have no impact on passenger or aircraft safety. Approximately 10% of avionics systems and 5% of avionics software code must meet DO-178B Level E criteria (note however that the amount of DO-178B Level E sourcecode is increasing due to passenger entertainment and internet communications subsystems that are currently designated Level E; it is deemed likely by us that the criticality levels of these systems will increase due to integration with other, more critical, avionics systems).
What is DO-178B Tool Qualification? DO-178B tool qualification is the process whereby software development and verification tools are evaluated to determine if formal qualification is required. There are two types of qualification: DO-178B development tool qualification and DO-178B verification tool qualification. DO-178B development tools provide outputs which are actually present in the embedded operational avionics software; such tools must apply DO-178B software lifecycle aspects to ensure integrity. DO-178B verification tools are used to assist DO-178B verification. Tools which meet these criteria and which automate or replace process steps cited by DO-178B must be qualified. DO-178B Tool Qualification details are provided in our DO-178B Training courses.
What is Avionics Software Structural Coverage? RTCA/DO-178B structural coverage requirements pertain to the proof that formal software verification test cases fully covered the applicable software structures (conditions and paths). DO-178B structural coverage is not required for Level E and Level D software; it is required in increasing degrees for Level C, Level B, and Level A software. DO-178B statement coverage is required for Level C; this essentially requires each code statement to be executed by formal test cases. DO-178B decision condition coverage is required for Level B; this essentially requires each code branch to be executed by formal test cases. DO-178B modified condition decision coverage is required for Level A; this essentially requires each condition within each decision statement to be independently verified for its effect on that statement. DO-178B structural coverage is complex and is a primary cost driver on avionics project. DO-178B structural coverage tools exist from many vendors to assist in verification. Our company provides detailed DO-178B structural coverage seminars and tutorials via our DO-178B Training program.
What is DO-178B Certifiability? DO-178B Certifiability is the designation of an avionics component to meet a defined subset of the DO-178B certification requirements, with the remaining certification requirements to be achieved subsequently. DO-178B certification pertains to individual systems, hence requires all software components of a system to be completed, with each component, and the system, fully meeting all DO-178B requirements. However, in the absence of a completed system, an individual software component (RTOS, graphics library, communications protocol, etc) can be designated certifiable by subjecting that component to all DO-178B requirements. Our company provides DO-178B certifiability roadmaps and DO178B certifiability kits to enable software component developers to achieve DO-178B certifiability of their products.
What is DO-178B Compliance (DO-178B for Military)? Military DO178 is a subset of DO-178B. Until recently, aerospace and military software standards emphasized documentation consistency rather than the modern software lifecycle attributes associated with avionics software safety (SEI CMM and CMMI). Led by the U.S. Military, there has been gradual adoption of DO-178B to emulate the commercial aviation industry. However, Military DO-178B does not require FAA and Designated Engineering Representative involvement, and certain DO-178B requirements are lessened. The resultant process is thus called DO-178B Compliance rather than DO-178B Certification. Our company provides Military DO-178B Compliance training, templates, and compliance kits.
What is a Certifiable RTOS? Please contact HighRely for additional information on DO-178B certifiable RTOS.
What is a DO-178B Software Peer Review? Please contact HighRely for additional information on DO-178B Software Peer Reviews.
What is Software Safety? Please contact HighRely for additional information on DO-178B Software Safety, failure modes effect analysis (FMEA), Safety Assessments, and Hazard Analysis (FHA).
What is Safe Coding? Please contact HighRely for additional information on DO-178B Safe Coding.
What is ARINC-653? Please contact HighRely for additional information on DO-178B
What are the issues and advantages of DO-178B Code Generation? Please contact HighRely for additional information on DO-178B Code Generation.
How do I become a DER? Please contact HighRely for additional information on becoming a Designated Engineering Representative.
What is UAV Certification? Please contact HighRely for additional information on UAV Certification per DO-178B
What is SCADE? Please contact HighRely for additional information on SCADE for DO-178B.
What is CodeTest? Please contact HighRely for additional information on CodeTest for DO-178B
What is Avionics Real-Time Software? Please contact HighRely for additional information on DO-178B real-time software engineering attributes.
