DO-178C
DO-178C is the long awaited revision to DO-178B and addresses new avionics software development factors and will be required for new projects beginning in 2011.
DO-178C is a modest update to DO-178B, whereas DO-178B was a substantial revision to DO-178A. DO-178B was developed to address serious safety-related shortcomings within the software engineering lifecycle for then-modern avionics systems.
DO-178C by comparison aims to clarify areas of repeated misconception while addressing advances in complex avionics software development including formal methods for avionics, model-based development for avionics, object oriented technology for avionics, and qualification of certain tools used in avionics software development and verification. The core DO-178C document has relatively minor changes because the revisions are contained in supplements for each of the aforementioned topics. These DO-178C topics are summarized below:
- DO-178C Formal Methods
- DO-178C Model-Based Development
- DO-178C Object-Oriented Technology
- DO-178C Tool Qualification
How does DO-178C fit in with Model Based Development (MBD) and Object Oriented Technologies (OOT)?
DO-178B preceded widespread usage of model-based development and object oriented technology for safety-critical applications such as avionics. More recently, development tool advances coupled with gradual FAA acceptance means that DO-178C embraces a safely controlled use of these technologies and practices. Specifically, DO-178C allows for controlled modeling and object oriented software in all avionics development, even Level A. DO-178C bounds the acceptability for MBD and OO, meaning discrete acceptability criteria are provided. DO-178C traceability is emphasized through the model, objects, and development lifecycle are mandated along with deterministic proof of type consistency across all possible run-time type instantiations (Note that tools such as HighRely Trace for DO-178C traceability will become even more popular). Developers using OOT for DO-178C will need to ensure each subclass passes all types applicable to parent classes and also verify that each invocation is verified for all callable methods. Defined generics are allowed via DO-178C providing all run-time instantiations are verified and traced. DO-178B allows for all the above provided each aspect is fully detailed within the project’s design standard.
What is DO-178C for Formal Methods?
DO-178C will, for the first time, officially recognize the validity of using Formal Methods within the avionics software development process. Subject to DO-178C guidelines, formal methods can be used to augment or replace verification steps which must normally be performed via DO-178B. Formal methods will be allowed to verify requirements correctness, consistency, and augment reviews. DO-178C source code reviews can utilize formal methods, particularly for auto-generated code (typically developed via Model-Based Development; see above). Also, DO-178C will allow formal methods to verify or replace test cases used to verify low-level requirements and replace some forms of testing via formal method based reviews. Ultimately, DO-178C allows the potential to use formal methods for model and code analysis to reduce avionics software testing.
What is DO-178C Tool Qualification?
DO-178C changes DO-178B’s overly simple “development tool or verification tool” categorization into three distinct criteria covering five tool qualification levels. The three DO-178C Tool Qualification Criteria are:
- Software Development Tools
- Software Verification Tools which also augment other development or verification activities
- Software Verification-only tools
Additionally, there are five Tool Qualification Levels which are coupled with the above Tool Criteria to determine the specific qualification activities required; the Tool Qualification Levels are:
- Level A tools
- Level B tools
- Level C tools
- Tool Operational Requirements, Architecture, and Additional Verification
- Tool Operational Requirements verification
Atego has one of the longest records for supporting safety critical development, Aonix ObjectAda Raven is a complete development environment for hard real-time applications needing to meet the highest criticality levels, as those specified by the FAA's airborne standard DO-178B Level A. Where hard real-time systems also require the same type of speed and determinism as safety critical systems do, Aonix ObjectAda Raven is an ideal match for these development efforts. When safety is of concern, Aonix ObjectAda Raven supplies the complete environment, tool set and safety critical materials to fully satisfy such efforts.
Atego HighRely's DO-178B and DO-178C instructors have provided more DO-178B training, for more years, than any other DO-178B training source. Our DO-178B and DO-178C trainers average 20+ years of avionics software and systems experience with several thousand engineers and managers trained in DO-178B.
Related Links
The following DO-178B and DO-178C services are available:
- DO-178B Certification
- DO-178 and DO-254 Gap Analysis
- DO-178 and DO-254 Training courses
- DO-178 and DO-254 JumpCert Packages
- DO-178 Project Management
The following associated products are available:
