DO-178C, often discussed alongside its predecessor DO-178B, represents the cornerstone of software assurance in airborne systems. This document, formally titled RTCA DO-178C, establishes the objectives for ensuring that safety- and security-critical software functions correctly within its intended environment. Unlike a standard, it is a consensus standard developed by RTCA, Inc., and subsequently adopted by aviation authorities like the FAA and EASA, providing the global benchmark for development assurance. Understanding this standard is essential for any organization involved in the design, verification, or certification of flight software, as it dictates the rigor required based on the software’s safety impact level.
Foundations and Core Objectives
The primary goal of DO-178C is to verify that every line of safety-critical code behaves exactly as specified in the requirements phase. This is achieved through a systematic process that traces objectives from high-level requirements down to executable code and back again. The standard mandates evidence that proves the absence of programming errors and the fulfillment of design constraints. This rigorous methodology is not about stifling innovation but about providing the highest possible level of confidence that the software will perform reliably when it matters most, thereby protecting passengers, crew, and ground personnel.
Key Changes from DO-178B
While DO-178C retains the fundamental structure of its predecessor, it introduces several critical updates to address modern development practices and tool usage. The most significant change is the explicit integration of software safety as a system-level concern, rather than treating it as an afterthought. The standard now provides more specific guidance on the use of automated tools and model-based development, reflecting the industry's evolution. Additionally, DO-178C streamlines the documentation requirements, reducing administrative burden while maintaining the integrity of the verification process, making it more adaptable to contemporary engineering workflows.
Understanding Object Classes and Levels
A fundamental concept within DO-178C is the classification of software objects and the assignment of Development Assurance Levels (DALs). Objects range from non-safety-related to those with the highest level of criticality, designated as Level A. The level dictates the depth of verification required; for instance, Level A software necessitates the most exhaustive testing and analysis, including structural coverage metrics reaching 100% for modified code. This tiered approach ensures that resources are allocated efficiently, focusing the greatest effort on the components that pose the highest risk to the system's safety.
Development Assurance Levels (DALs)
The Verification Imperative
Verification is the process of ensuring the software meets its specified requirements, and under DO-178C, this becomes a multi-faceted endeavor. It involves static analysis to examine code without execution, dynamic testing to observe behavior during runtime, and structural coverage analysis to ensure that tests exercise the code thoroughly. The standard requires an independent verification process, where activities are performed by individuals not involved in the development, ensuring an unbiased assessment of the software's correctness and robustness.
