RTCA DO-178C
“Software Considerations in Airborne Systems and
Equipment Certification”
Brock Greenhow
March 21, 2013
Software mishaps in
Aerospace Engineering
 Ariane Five rocket explosion
 Southern Airways 242
 Gimli Glider
 Patriot Missile
Future of Safety Critical
Software
 Increased lines of code
 Increased complexity
 Increased criticality
 Technology changes
 More with less
 Increased outsourcing and offshoring
 Attrition of experienced engineers
 Lack of available training
Background of DO-178
 1982 – DO-178
 1985 – DO-178A
 1992 – DO-178B
 2001 – DO-248B
 2011 – DO-178C and supplemental material
 2011 – DO-248C
Differences from DO-178B to
C
 Added examples and explanations
 Used clearer language and terminology
 Added more objectives
 Bi-directional tracing
 Parameter Data Item Files
 Technology Supplements
ARP4754A System
Development
 System Requirements
 Allocate requirements to software
 Validate requirements
 Communication
 Plan for changes to come from software
ARP4761 Aircraft and System
Safety
 Safety Program Plan
 FHA and SFHA’s
 PASA and PSSA’s
 Software Safety




Improves with time
Errors are not as obvious
Need specific requirements
Involve safety and systems in software requirement
reviews
Safety continued
Severity
Classification
Potential Failure Condition Effect
Assurance
Level
Catastrophic
Failures would result in multiple fatalities and possible complete
loss of the airplane.
A
Hazardous/Severe
major
Failures would reduce the abilities of airplane or crewmembers
to deal with conditions that could result in reduction of safety
margins, distress and excessive workload, or even serious or
fatal injuries to a small number of people.
B
Major
Failures would cause similar to issues to the Hazardous/Severe
major, but not as severe and likely only injuries and not
casualties.
C
Minor
Failures would not significantly reduce airplane safety, and only
slight increase of workload and minimal discomfort.
D
Failures have no effect on the safety of the aircraft.
E
No safety effect
Safety Continued
Level
Objective Count
Objectives with independence
E
0
0
D
26
2
C
62
5
B
69
18
A
71
30
Overview of DO-178C
 Software Planning
 Software Requirements
 Software Design
 Software Integration
 Software Verification
 Software Configuration Management
 Software Quality Assurance
 Software Certification
Software Planning
 Five Plans





PSAC
SDP
SVP
SCMP
SQAP
 Three Standards
 Software Requirement Standards
 Software Design Standards
 Software Coding Standards
Software Requirements
 Foundation to good software
 Refine Systems Requirements
 Allocate enough time
 Software Requirement Cycle
 Bi-Directional Tracing
 Baseline SWRD
Software Design
 Architecture
 Structural-based
 Object-oriented
 Low-level Requirements
 Bi-Directional Tracing
 SWDD
Software Implementation
 Coding




Languages and compilers
Good programming
Standards
Traceability
 Integration
 Build process
 Load process
 Analyze memory and addresses
Software Verification
 Reviews
 Plans, requirements, design, test data
 Analyses
 Code and integration
 Coverage
 Other
 Tests
 RBTs, integration
 Cases, procedures, results
 Tracing
Software Verification
Continued
 Verification of Verification
 SCA, MC/DC
 Test data reviews
 Problem Reporting
 Failures become PR or CR
 PR or CR process
 CIA
 SVCP
Software Configuration
Management
 Beginning to End
 All life cycle data
 CC1 or CC2
 SCI
 Life cycle data and versions
 SLECI and Problem Reporting
Software Quality Assurance
 Customer’s needs
 Review plans and write SQAP
 Life cycle data audits and approval
 Reviews
 Witness tests, builds, and loads
 Problem reporting
 Conformity review
 Document activities for records
Software Certification
 Develop and submit PSAC
 PSAC approval
 Submittal and approval of SCI and SAS
 SOIs
Supplemental Materials
 DO-330 Software Tool Qualification
 DO-331 Model-Based Development and Verification
 DO-332 Object-Oriented Technology
 DO-333 Formal Methods
Software Tool Qualification
 Separate Document compared to DO-178B
 Three criteria
 TQL
 Life Cycle similar to whole software
 Tool verification
 Reviews
 RBTs
Model-Based Development
and Verification
 2 types of Models
 Specification
 Design
 Benefits
 Potential Risks
Object-Oriented Technology
 Most popular
 Additional/Modified objectives
 Plans
 Development
 Verification
 Vulnerability guidance
Formal Methods
 Changes
 Plans
 Verification objectives
 Benefits
 Challenges
Sources

Pictures
 http://blog.copdfoundation.org/wp-content/uploads/2012/09/C-Users-sschlegelPictures-Question-Mark-Man.jpg

Information
 Rierson, L. (2013). Developing safety-critical software. Boca Raton, FL: CRC Press.
 Jacklin, S. A. NASA, (2012). Certification of safety-critical software under do-178c and do278a . Retrieved from Ames Research Center website:
http://ntrs.nasa.gov/search.jsp?R=20120016835

Arnold, D. (2000, August 23). The explosion of the ariane 5. Retrieved from
http://www.ima.unm.edu/~arnold/disasters/ariane.html

Arnold, D. (2000, August 23). The patriot missile failure. Retrieved from
http://www.ima.unm.edu/~arnold/disasters/patriot.html

Nelson, W. H. (1997). The gimli glider. Retrieved from
http://www.wadenelson.com/gimli.html

Fleury, M. K. (2009, April 29). Crash of southern airways flight 242, georgia. Retrieved from
http://suite101/article/crash-of-southern-airways-flight-242-a113420
Questions?