1.What is DO-178B?
In the avionics industry, software was initially viewed as an inexpensive and more flexible way to extend the functionality of mechanical and analog-electrical systems. However, it was quickly realized that the usual statistical approaches to assess the safety and reliability would not work for flight-critical software. An alternative means of assessment, one that addressed design errors rather than component failure rates, was required. From this need, the first version of DO-178 was created. The current version of the guideline is DO-178B.
In the avionics industry, software was initially viewed as an inexpensive and more flexible way to extend the functionality of mechanical and analog-electrical systems. However, it was quickly realized that the usual statistical approaches to assess the safety and reliability would not work for flight-critical software. An alternative means of assessment, one that addressed design errors rather than component failure rates, was required. From this need, the first version of DO-178 was created. The current version of the guideline is DO-178B.
2.Which systems need to be certified under DO-178B?
Under the Global Aviation Traffic Management (GATM) agreement, all commercial airborne systems have to comply with Federal Aviation Administration (FAA) regulations for avionics and require DO-178B certification. In addition, all airborne military and space systems must also comply with DO-178B. All retrofits, as well as new airborne system designs, also require DO-178B certification. Note that GATM has international validity and applicability.
3.What are the main goals that are addressed by DO-178B?
• Develop objectives for the life-cycle processes
• Provide a description of the activities and design considerations for achieving those objectives
• Provide a description of the evidence indicating the objectives have been satisfied
4.What is RTCA and what role does it play in DO-178B?
"RTCA" is the Radio Technical Commission for Aeronautics, Inc. ( www.rtca.org). It plays an important role in defining guidelines for various aviation practices. It is not a government agency. The guidelines it produces are sometimes accepted as standards by the FAA ex. DO-178B FAA Advisory Circular AC20-115B establishes DO-178B as the accepted means of certifying all new aviation software.
5.Who are DERs?
DERs, Designated Engineering Representatives, are experienced engineers designated by the FAA to approve engineering data used for certification. All FAA projects must have an FAA representative assigned and a DER to review all submissions.
A DER is an independent specialist designated by the FAA as having authority to sign off on your project as a representative of the FAA.
A DER will eventually examine your documentation. It is good practice to get a DER involved at an early stage in your development. The DER may insist on witnessing portions of your software testing. A DER may insist on changes to documentation before signoff.
6.What do the DO-178B levels mean?
DO-178B software levels (A, B, etc.) are based on the potential of the software to cause safety-related failures identified in the system safety assessment. DO-178B has five levels of certification:
Level A: Software whose failure would cause or contribute to a catastrophic failure of the aircraft.
Level B: Software whose failure would cause or contribute to a hazardous/severe failure condition.
Level C: Software whose failure would cause or contribute to a major failure condition.
Level D: Software whose failure would cause or contribute to a minor failure condition.
Level E: Software whose failure would have no effect on the aircraft or on pilot workload.
Who determines which DO-178B level is required?
The level to which a particular system must be certified is selected by a process of failure analysis and input from the device manufacturers and the certifying authority (FAA or JAA), with the final decision made by the certifying authority.
Certification at any level automatically covers the lower-level requirement. Software certified at Level A can be used in any avionics application.
7.What levels of structural testing are required by DO-178B?
Three primary levels of structural testing concern most DO-178B projects:
SC: Statement Coverage. Means that every statement in the program has been invoked or used at least once. This is the most common use of the term code coverage}.
DC: Decision Coverage. Means that every point of entry and exit in the program has been invoked at least once and that each decision in the program has been taken on all possible (Boolean) outcomes at least once. Essentially, this means that every Boolean statement has been evaluated both TRUE and FALSE.
MCDC: Modified Condition Decision Coverage. Means that every point of entry and exit in the program has been invoked at least once, that every decision in the program has taken all possible outcomes at least once, and that each condition in a decision has been shown to independently affect that decision's outcome. Complex Booleans need to have truth tables developed to set each variable (inside a Boolean expression) to both TRUE and FALSE.
No comments:
Post a Comment