Design Article
DO-178C takes safety-critical software development to the next level
Tim King, DDC-I and Bill StClair, LDRA
4/2/2012 9:08 AM EDT
Since its introduction in 1992 by the RTCA, DO-178B has become the de facto standard for certifying all new aviation software. Subsequently, avionics software complexity has increased dramatically, making it harder to manage the design of that software at the code level. Software development technology has also improved by leaps and bounds, but DO-178B has lagged behind, failing to embrace the latest development technology.
The RTCA and its new standard, DO-178C, will bring safety-critical software development into the modern era, adding support for advanced techniques such as UML and mathematical modeling, object-oriented programming and formal methods, which will enable designers to conceptualize, architect and encapsulate their design at a higher level. DO-178C will also introduce bidirectional traceability, which will make it easier for designers to verify that software developed using these advanced techniques achieves the desired level of safety criticality.
Three new DO-178C supplements and a tool qualification standard
DO-178C inherits the DO-178B core document, principles and processes. In addition, the DO-178C working group has produced three new development technology supplements: Object Oriented Technology and Related Techniques (OOT & RT), Model Based Development and Verification and Formal Methods. DO-178C also provides a tools qualification standard for addressing in detail the qualification and capabilities of the tools used for not only modeling, object-oriented programming and formal methods, but also for other development technologies such as procedural software. These four documents have been published by the RTCA as:
DO-330, Software Tool Qualification Considerations
DO-331, Model-Based Development and Verification Supplement to DO-178C and DO-278A
DO-332, Object-Oriented Technology and Related Techniques Supplement to DO-178C and DO-278A/
DO-333, Formal Methods Supplement to DO-178C and DO-278A (Note that DO-278A is the ground system equivalent of DO-178C).
The object oriented technology and related techniques (OOT & RT)
The OOT & RT supplement is a comprehensive safety-critical software guide for hand code development and verification. It encompasses not only objected oriented software development, but also techniques that are used in procedural languages. These related techniques include such things as dynamic memory management, overloading, parametric polymorphism (such as templates in C++ and generics in Ada) type conversions and virtualization. The net result is that the OOT & RT supplement could be invoked on most projects utilizing procedural languages as well as OOT.
The most significant addition to the OOT & RT is the definition of new objectives. Objectives identify which development assets, integrated processes and verification artifacts must be produced for a product to be certifiable. The OOT & RT defines two new verification objectives: The first verifies local type consistency, which enables subclass methods to safely override parent class methods. The second verifies that the use of the dynamic memory management system is robust. In particular, it verifies the following characteristics of the dynamic memory management system: reference ambiguity, fragmentation starvation, deallocation starvation, memory exhaustion, premature deallocation, lost updates and stale references as well as and unbound allocation or deallocation time.
The RTCA and its new standard, DO-178C, will bring safety-critical software development into the modern era, adding support for advanced techniques such as UML and mathematical modeling, object-oriented programming and formal methods, which will enable designers to conceptualize, architect and encapsulate their design at a higher level. DO-178C will also introduce bidirectional traceability, which will make it easier for designers to verify that software developed using these advanced techniques achieves the desired level of safety criticality.
Three new DO-178C supplements and a tool qualification standard
DO-178C inherits the DO-178B core document, principles and processes. In addition, the DO-178C working group has produced three new development technology supplements: Object Oriented Technology and Related Techniques (OOT & RT), Model Based Development and Verification and Formal Methods. DO-178C also provides a tools qualification standard for addressing in detail the qualification and capabilities of the tools used for not only modeling, object-oriented programming and formal methods, but also for other development technologies such as procedural software. These four documents have been published by the RTCA as:
DO-330, Software Tool Qualification Considerations
DO-331, Model-Based Development and Verification Supplement to DO-178C and DO-278A
DO-332, Object-Oriented Technology and Related Techniques Supplement to DO-178C and DO-278A/
DO-333, Formal Methods Supplement to DO-178C and DO-278A (Note that DO-278A is the ground system equivalent of DO-178C).
The object oriented technology and related techniques (OOT & RT)
The OOT & RT supplement is a comprehensive safety-critical software guide for hand code development and verification. It encompasses not only objected oriented software development, but also techniques that are used in procedural languages. These related techniques include such things as dynamic memory management, overloading, parametric polymorphism (such as templates in C++ and generics in Ada) type conversions and virtualization. The net result is that the OOT & RT supplement could be invoked on most projects utilizing procedural languages as well as OOT.
The most significant addition to the OOT & RT is the definition of new objectives. Objectives identify which development assets, integrated processes and verification artifacts must be produced for a product to be certifiable. The OOT & RT defines two new verification objectives: The first verifies local type consistency, which enables subclass methods to safely override parent class methods. The second verifies that the use of the dynamic memory management system is robust. In particular, it verifies the following characteristics of the dynamic memory management system: reference ambiguity, fragmentation starvation, deallocation starvation, memory exhaustion, premature deallocation, lost updates and stale references as well as and unbound allocation or deallocation time.
|
|
|
|
|
Navigate to related information