355:
Software Safety Plans are allocated and software safety analyses tasks are accomplished in sequential steps (requirements analysis, top level design analysis, detailed design analysis, code level analysis, test analysis and change analysis). These software safety tasks and artifacts are integral supporting parts of the process for hazard severity and DAL determination to be documented in system safety assessments (SSA). The certification authorities require and DO-178B specifies the correct DAL be established using these comprehensive analyses methods to establish the software level A-E. Any software that commands, controls, and monitors safety-critical functions should receive the highest DAL - Level A. It is the software safety analyses that drive the system safety assessments that determine the DAL that drives the appropriate level of rigor in DO-178B. The system safety assessments combined with methods such as
36:
364:
from the software development team. For objectives that must be satisfied with independence, the person verifying the item (such as a requirement or source code) may not be the person who authored the item and this separation must be clearly documented. In some cases, an automated tool may be equivalent to independence. However, the tool itself must then be qualified if it substitutes for human review.
504:. Once an activity within a process has been defined, it is generally expected that the project respect that documented activity within its process. Furthermore, processes (and their concrete activities) must have well defined entry and exit criteria, according to DO-178B, and a project must show that it is respecting those criteria as it performs the activities in the process.
507:
The flexible nature of DO-178B's processes and entry/exit criteria make it difficult to implement the first time, because these aspects are abstract and there is no "base set" of activities from which to work. The intention of DO-178B was not to be prescriptive. There are many possible and acceptable
792:
Requirements traceability is concerned with documenting the life of a requirement. It should be possible to trace back to the origin of each requirement and every change made to the requirement should therefore be documented in order to achieve traceability. Even the use of the requirement after the
363:
The number of objectives to be satisfied (eventually with independence) is determined by the software level A-E. The phrase "with independence" refers to a separation of responsibilities where the objectivity of the verification and validation processes is ensured by virtue of their "independence"
359:
determine the after mitigation DAL and may allow reduction of the DO-178B software level objectives to be satisfied if redundancy, design safety features and other architectural forms of hazard mitigation are in requirements driven by the safety analyses. Therefore, DO-178B central theme is design
496:
Processes are intended to support the objectives, according to the software level (A through D—Level E was outside the purview of DO-178B). Processes are described as abstract areas of work in DO-178B, and it is up to the planners of a real project to define and document the specifics of how a
354:
DO-178B alone is not intended to guarantee software safety aspects. Safety attributes in the design and implemented as functionality, must receive additional mandatory system safety tasks to drive and show objective evidence of meeting explicit safety requirements. Typically IEEE STD-1228-1994
332:– Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers. (Safety-significant)
497:
process will be carried out. On a real project, the actual activities that will be done in the context of a process must be shown to support the objectives. These activities are defined by the project planners as part of the
Planning process.
508:
ways for a real project to define these aspects. This can be difficult the first time a company attempts to develop a civil avionics system under this standard, and has created a niche market for DO-178B training and consulting.
275:(TSO) for which certification is sought. In the United States, the introduction of TSOs into the airworthiness certification process, and by extension DO-178B, is explicitly established in Title 14: Aeronautics and Space of the
958:
RTCA/DO-178C "Software
Considerations in Airborne Systems and Equipment Certification", p. 116. "One example is the term “item development assurance level” (IDAL), which for software is synonymous with the term “software
1064:
1069:
928:
746:
Software can automate, assist or otherwise handle or help in the DO-178B processes. All tools used for DO-178B development must be part of the certification process. Tools generating embedded code are
338:– Failure is significant, but has a lesser impact than a Hazardous failure (for example, leads to passenger discomfort rather than injuries) or significantly increases crew workload (safety related)
1074:
801:
VDC Research notes that DO-178B has become "somewhat antiquated" in that it is not adapting well to the needs and preferences of today's engineers. In the same report, they also note that
1003:
DO-178B, Software
Considerations in Airborne Systems and Equipment Certification ( in the context of software development for military aircraft, a practitioner's discussion of the
761:
A third party tool can be qualified as a verification tool, but development tools must have been developed following the DO-178 process. Companies providing these kind of tools as
935:
726:
This process performs reviews and audits to show compliance with DO-178B. The interface to the certification authority is also handled by the quality assurance process.
686:
This process handles problem reports, changes and related activities. The configuration management process typically provides archive and revision identification of:
750:, with the same constraints as the embedded code. Tools used to verify the code (simulators, test execution tool, coverage tools, reporting tools, etc.) must be
271:(FAA) applies DO-178B as the document it uses for guidance to determine if the software will perform reliably in an airborne environment, when specified by the
319:
by examining the effects of a failure condition in the system. The failure conditions are categorized by their effects on the aircraft, crew, and passengers.
765:
are subject to audits from the certification authorities, to which they give complete access to source code, specifications and all certification artifacts.
735:
237:
185:
344:– Failure is noticeable, but has a lesser impact than a Major failure (for example, causing passenger inconvenience or a routine flight plan change)
515:
is provided including the Stages of
Involvement (SOIs) defined by FAA on the "Guidance and Job Aids for Software and Complex Electronic Hardware".
534:
DO-178B is not intended as a software development standard; it is software assurance using a set of tasks to meet objectives and levels of rigor.
1089:
559:
Traceability from system requirements to all source code or executable object code is typically required (depending on software level).
233:
179:
622:
Analysis of all code and traceability from tests and results to all requirements is typically required (depending on software level).
199:
902:
232:
software used in certain airborne systems. It was jointly developed by the safety-critical working group RTCA SC-167 of the
908:
100:
1042:
500:
This objective-based nature of DO-178B allows a great deal of flexibility in regard to following different styles of
119:
72:
832:
826:
268:
512:
1114:
79:
57:
820:
814:
563:
280:
1109:
1099:
1011:
326:– Failure may cause a crash. Error or loss of critical function required to safely fly and land aircraft.
276:
86:
1001:
68:
1030:
Developing Safety-Critical
Software: A Practical Guide for Aviation Software and DO-178C Compliance
762:
669:
272:
53:
1094:
885:
46:
986:
RTCA/DO-178B "Software
Considerations in Airborne Systems and Equipment Certification", Annex A
968:
RTCA/DO-178B "Software
Considerations in Airborne Systems and Equipment Certification", p. 82
595:
360:
assurance and verification after the prerequisite safety requirements have been established.
17:
977:
RTCA/DO-178B "Software
Considerations in Airborne Systems and Equipment Certification", p.82
8:
679:
648:
501:
249:
657:
1104:
1038:
856:
755:
713:
653:
257:
93:
768:
Outside of this scope, output of any used tool must be manually verified by humans.
780:
1028:
773:
570:
316:
229:
738:(DER) reviews technical data as part of the submission to the FAA for approval.
226:
DO-178B, Software
Considerations in Airborne Systems and Equipment Certification
311:
only mentions IDAL as synonymous with
Software Level), is determined from the
1083:
896:
632:
613:
643:
575:
608:
553:
547:
526:
The last 3 documents (standards) are not required for software level D..
350:– Failure has no impact on safety, aircraft operation, or crew workload.
133:
Software Considerations in Airborne Systems and Equipment Certification
793:
implemented features have been deployed and used should be traceable.
1034:
891:
35:
873:
867:
861:
851:
802:
580:
356:
312:
308:
304:
261:
209:
879:
523:
System requirements are typically input to the entire project.
693:
Other development environments (for e.g. test/analysis tools)
1007:
of the current practice and application of RTCA/DO-178B)
639:
Other names for tests performed in this process can be:
754:, a much lighter process consisting in a comprehensive
999:
708:
Output documents from the quality assurance process:
60:. Unsourced material may be challenged and removed.
899:(software life cycle process development standard)
238:European Organisation for Civil Aviation Equipment
888:(too general to be "directly applied" to DO-178B)
1081:
1026:
905:(Guidelines for ANS software safety assurance)
841:FAA Order 8110.49 Software Approval Guidelines
722:Software accomplishment summary (SAS)
719:Software conformity review (SCR)
876:(Final Report for clarification of DO-178B)
779:SCI and SECI can be created from logs in a
663:
604:Review of all requirements, design and code
240:(EUROCAE). RTCA published the document as
787:
776:tool can provide traceability for changes.
699:All other documents, software and hardware
537:The development process output documents:
491:
244:, while EUROCAE published the document as
234:Radio Technical Commission for Aeronautics
228:is a guideline dealing with the safety of
27:RTCA standard for safety-critical software
952:
805:seems well-poised to address this issue.
260:systems until it was replaced in 2012 by
120:Learn how and when to remove this message
729:
591:Document outputs made by this process:
511:For a generic DO-178B based process, a
14:
1090:Computer-related introductions in 1992
1082:
882:(similar to DO-178B, but for hardware)
682:environment configuration index (SECI)
625:This process typically also involves:
736:Designated Engineering Representative
601:Software verification results (SVR):
1027:Leanna Rierson (19 December 2017) .
909:Modified condition/decision coverage
703:
58:adding citations to reliable sources
29:
690:Source code development environment
24:
993:
676:Software configuration index (SCI)
25:
1126:
1058:
544:Software design description (SDD)
286:
1012:Boeing Commercial Airplane Group
541:Software requirements data (SRD)
301:Item Development Assurance Level
34:
929:"FAA Advisory Circular 20-115B"
752:qualified as verification tools
586:
269:Federal Aviation Administration
45:needs additional citations for
980:
971:
962:
921:
748:qualified as development tools
529:
13:
1:
914:
629:Requirements based test tools
870:(System development process)
808:
796:
668:Documents maintained by the
564:software development process
281:Federal Aviation Regulations
7:
1000:Leslie A. (Schad) Johnson.
864:(Safety assessment process)
845:
598:cases and procedures (SVCP)
518:
277:Code of Federal Regulations
10:
1131:
1075:FAA Order 8110.49 Change 1
696:Software integration tool
313:safety assessment process
279:(CFR), also known as the
248:. Although technically a
215:
205:
195:
172:
154:
137:
741:
670:configuration management
664:Configuration management
273:Technical Standard Order
256:standard for developing
236:(RTCA) and WG-12 of the
886:Requirements management
788:Requirements management
492:Processes and documents
817:Part 23/25 §1301/§1309
607:Testing of executable
297:Design Assurance Level
283:, Part 21, Subpart O.
160:; 31 years ago
1115:Software requirements
730:Certification liaison
596:Software verification
303:(IDAL) as defined in
158:December 1, 1992
54:improve this article
680:Software life cycle
649:Integration testing
502:software life cycle
134:
1110:Safety engineering
1100:Computer standards
774:problem management
658:acceptance testing
295:, also termed the
132:
857:Avionics software
756:black box testing
714:quality assurance
704:Quality assurance
489:
488:
386:With independence
376:Failure condition
258:avionics software
223:
222:
130:
129:
122:
104:
16:(Redirected from
1122:
1054:
1052:
1051:
1021:
1019:
1018:
987:
984:
978:
975:
969:
966:
960:
956:
950:
949:
947:
946:
940:
934:. Archived from
933:
925:
781:revision control
468:
449:
430:
411:
367:
366:
168:
166:
161:
135:
131:
125:
118:
114:
111:
105:
103:
62:
38:
30:
21:
1130:
1129:
1125:
1124:
1123:
1121:
1120:
1119:
1080:
1079:
1061:
1049:
1047:
1045:
1016:
1014:
996:
994:Further reading
991:
990:
985:
981:
976:
972:
967:
963:
957:
953:
944:
942:
938:
931:
927:
926:
922:
917:
848:
811:
799:
790:
744:
732:
706:
666:
589:
571:Waterfall model
562:Typically used
532:
521:
494:
466:
447:
428:
409:
317:hazard analysis
289:
230:safety-critical
191:
164:
162:
159:
150:
126:
115:
109:
106:
63:
61:
51:
39:
28:
23:
22:
15:
12:
11:
5:
1128:
1118:
1117:
1112:
1107:
1102:
1097:
1095:RTCA standards
1092:
1078:
1077:
1072:
1067:
1060:
1059:External links
1057:
1056:
1055:
1043:
1023:
1022:
995:
992:
989:
988:
979:
970:
961:
951:
919:
918:
916:
913:
912:
911:
906:
900:
894:
889:
883:
877:
871:
865:
859:
854:
847:
844:
843:
842:
839:
836:
830:
824:
818:
810:
807:
798:
795:
789:
786:
785:
784:
777:
743:
740:
731:
728:
724:
723:
720:
717:
716:records (SQAR)
705:
702:
701:
700:
697:
694:
691:
684:
683:
677:
665:
662:
661:
660:
651:
646:
637:
636:
635:analyzer tools
630:
620:
619:
618:
617:
611:
605:
599:
588:
585:
584:
583:
578:
573:
557:
556:
550:
545:
542:
531:
528:
520:
517:
513:visual summary
493:
490:
487:
486:
483:
480:
477:
474:
470:
469:
464:
461:
458:
455:
451:
450:
445:
442:
439:
436:
432:
431:
426:
423:
420:
417:
413:
412:
407:
404:
401:
398:
394:
393:
388:
383:
378:
373:
352:
351:
345:
339:
333:
327:
293:Software Level
288:
287:Software level
285:
221:
220:
217:
213:
212:
207:
203:
202:
197:
193:
192:
190:
189:
183:
176:
174:
170:
169:
156:
155:Latest version
152:
151:
149:
148:
145:
141:
139:
128:
127:
42:
40:
33:
26:
9:
6:
4:
3:
2:
1127:
1116:
1113:
1111:
1108:
1106:
1103:
1101:
1098:
1096:
1093:
1091:
1088:
1087:
1085:
1076:
1073:
1071:
1068:
1066:
1065:AC 25.1309-1A
1063:
1062:
1046:
1044:9781351834056
1040:
1036:
1032:
1031:
1025:
1024:
1013:
1009:
1008:
1004:
998:
997:
983:
974:
965:
955:
941:on 2008-08-27
937:
930:
924:
920:
910:
907:
904:
901:
898:
897:ISO/IEC 12207
895:
893:
890:
887:
884:
881:
878:
875:
872:
869:
866:
863:
860:
858:
855:
853:
850:
849:
840:
837:
834:
831:
828:
825:
822:
819:
816:
813:
812:
806:
804:
794:
782:
778:
775:
771:
770:
769:
766:
764:
759:
758:of the tool.
757:
753:
749:
739:
737:
727:
721:
718:
715:
711:
710:
709:
698:
695:
692:
689:
688:
687:
681:
678:
675:
674:
673:
671:
659:
655:
652:
650:
647:
645:
642:
641:
640:
634:
633:Code coverage
631:
628:
627:
626:
623:
615:
614:Code coverage
612:
610:
606:
603:
602:
600:
597:
594:
593:
592:
582:
579:
577:
574:
572:
569:
568:
567:
565:
560:
555:
551:
549:
546:
543:
540:
539:
538:
535:
527:
524:
516:
514:
509:
505:
503:
498:
484:
481:
478:
475:
472:
471:
465:
462:
459:
456:
453:
452:
446:
443:
440:
437:
434:
433:
427:
424:
421:
418:
415:
414:
408:
405:
402:
400:Catastrophic
399:
396:
395:
392:
389:
387:
384:
382:
379:
377:
374:
372:
369:
368:
365:
361:
358:
357:SAE ARP 4754A
349:
346:
343:
340:
337:
334:
331:
328:
325:
322:
321:
320:
318:
314:
310:
306:
302:
298:
294:
284:
282:
278:
274:
270:
265:
263:
259:
255:
251:
247:
243:
239:
235:
231:
227:
218:
214:
211:
208:
204:
201:
198:
194:
187:
184:
181:
178:
177:
175:
171:
157:
153:
146:
143:
142:
140:
136:
124:
121:
113:
102:
99:
95:
92:
88:
85:
81:
78:
74:
71: –
70:
66:
65:Find sources:
59:
55:
49:
48:
43:This article
41:
37:
32:
31:
19:
1048:. Retrieved
1029:
1015:. Retrieved
1006:
1002:
982:
973:
964:
954:
943:. Retrieved
936:the original
923:
838:RTCA/DO-178B
800:
791:
767:
760:
751:
747:
745:
734:Typically a
733:
725:
707:
685:
667:
644:Unit testing
638:
624:
621:
590:
587:Verification
576:Spiral model
561:
558:
536:
533:
525:
522:
510:
506:
499:
495:
391:Failure rate
390:
385:
380:
375:
370:
362:
353:
347:
341:
335:
329:
324:Catastrophic
323:
300:
296:
292:
290:
266:
253:
245:
242:RTCA/DO-178B
241:
225:
224:
173:Organization
138:Abbreviation
116:
107:
97:
90:
83:
76:
64:
52:Please help
47:verification
44:
609:object code
554:object code
552:Executable
548:Source code
530:Development
252:, it was a
196:Predecessor
1084:Categories
1070:AC 20-115B
1050:2022-03-03
1017:2022-03-03
945:2005-11-30
915:References
829:23/25.1309
823:Part 27/29
476:No Effect
419:Hazardous
381:Objectives
165:1992-12-01
80:newspapers
1035:CRC Press
1005:evolution
892:IEC 61508
809:Resources
797:Criticism
712:Software
672:process:
654:Black-box
348:No effect
330:Hazardous
299:(DAL) or
250:guideline
206:Successor
110:June 2010
69:"DO-178B"
1105:Avionics
846:See also
616:analysis
519:Planning
254:de facto
219:Aviation
959:level."
874:DO-248B
868:ARP4754
862:ARP4761
852:DO-178C
835:20-115B
803:DO-178C
581:V model
309:DO-178C
305:ARP4754
262:DO-178C
210:DO-178C
200:DO-178A
186:EUROCAE
163: (
144:DO-178B
94:scholar
1041:
903:ED-153
880:DO-254
457:Minor
438:Major
246:ED-12B
216:Domain
182:SC-167
147:ED-12B
96:
89:
82:
75:
67:
939:(PDF)
932:(PDF)
783:tool.
742:Tools
371:Level
342:Minor
336:Major
188:WG-12
101:JSTOR
87:books
18:DAL A
1039:ISBN
763:COTS
656:and
485:n/a
467:10/h
448:10/h
429:10/h
410:10/h
315:and
291:The
267:The
180:RTCA
73:news
821:FAR
815:FAR
460:28
441:57
425:14
422:65
406:25
403:66
264:.
56:by
1086::
1037:.
1033:.
1010:.
833:AC
827:AC
772:A
566::
482:0
479:0
473:E
463:2
454:D
444:2
435:C
416:B
397:A
1053:.
1020:.
948:.
307:(
167:)
123:)
117:(
112:)
108:(
98:·
91:·
84:·
77:·
50:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.