Aviation Software RIERSON DEVELOPING SAFETY-CRITICAL SOFTWARE A P A Practical Guide for Aviation Software and DO-178C Compliance r a c t “Ms. Rierson distilled the key elements from her experiences and multiple projects i c into a concise, easy-to-understand book. ... What differentiates this book is its honest, a l real-world recommendations and the insights into the significance of the various DO-178C G objectives. If projects took her guidance seriously and implemented it from the start, I believe u the projects would cost a fraction of ‘check-box’ projects and result in safer software.” i d —Wendy Ljungren, GE Aviation e f “... a must for anyone engaged in developing, verifying, or certifying airborne systems. ... o r This book offers very clear but relatively concise explanation of the process of developing A software-intensive aviation systems under guidance of RTCA DO-178C and related v documents. The book does an outstanding job of providing necessary basics with very ia practical ‘dos and don’ts’.” t i o —Andrew J. Kornecki, Embry Riddle Aeronautical University n “The book is well researched and is based on the experiences of a knowledgeable S o regulator and a practitioner. ... It explains the terse but precise guidance given in regulations f t using terms that are easy to understand. ... The result is an engaging book that is hard w to put down.” a r —George Romanski, Verocel, Inc. e a As the complexity and criticality of software increase and projects are pressed to develop n software faster and more cheaply, it becomes even more important to ensure that d A Practical Guide for Aviation Software and DO-178C Compliance software-intensive systems are reliable and safe. Developing Safety-Critical D O Software: A Practical Guide for Aviation Software and DO-178C Compliance - equips you with the information you need to effectively and efficiently develop safety- 1 7 LEAN NA R I E R S O N critical software for aviation. The principles also apply to other safety-critical domains. 8 C The author, an international authority on safety-critical software, draws on more than 20 years of experience to bring you a wealth of best practices and concrete recommenda- C o tions. An invaluable reference for software and systems managers, developers, and m quality assurance personnel, this book helps you develop, manage, and approve p safety-critical software more confidently. l i a n c e K10705 A Practical Guide for Aviation Software and DO-178C Compliance A Practical Guide for Aviation Software and DO-178C Compliance LEAN NA R I E R S O N Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A Practical Guide for Aviation Software and DO-178C Compliance LEAN NA R I E R S O N Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business MATLAB® and Simulink® are trademarks of The MathWorks, Inc. and are used with permission. The Math- Works does not warrant the accuracy of the text or exercises in this book. This book’s use or discussion of MATLAB® and Simulink® software or related products does not constitute endorsement or sponsorship by The MathWorks of a particular pedagogical approach or particular use of the MATLAB® and Simulink® software. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20130306 International Standard Book Number-13: 978-1-4398-1369-0 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com I dedicate this book in memory of Cary Spitzer, who believed in its importance and my ability to write it, and to my grandmother, Charlotte Richardson, who prayed daily for my work. Both Cary and Grandma Richardson passed away in the fall of 2011 as I was finishing the first draft of this book. I miss them both immensely and hope they would be pleased with the text that they helped inspire. Contents Preface .................................................................................................................xxiii Acknowledgments .............................................................................................xxv Author ................................................................................................................xxvii Part I Introduction 1. Introduction and Overview ..........................................................................3 Acronyms ..........................................................................................................3 1.1 Defining Safety-Critical Software ......................................................3 1.2 Importance of Safety Focus .................................................................4 1.3 Book Purpose and Important Caveats ...............................................6 1.4 Book Overview ......................................................................................8 References .........................................................................................................9 Part II Context of Safety-Critical Software Development 2. Software in the Context of the System .....................................................13 Acronyms ........................................................................................................13 2.1 Overview of System Development ...................................................13 2.2 System Requirements .........................................................................16 2.2.1 Importance of System Requirements ..................................16 2.2.2 Types of System Requirements ............................................16 2.2.3 Characteristics of Good Requirements ...............................17 2.2.4 System Requirements Considerations ................................19 2.2.4.1 Integrity and Availability Considerations ..........19 2.2.4.2 Other System Requirements Considerations .....20 2.2.5 Requirements Assumptions .................................................23 2.2.6 Allocation to Items .................................................................23 2.3 System Requirements Validation and Verification .........................23 2.3.1 Requirements Validation ......................................................23 2.3.2 Implementation Verification .................................................24 2.3.3 Validation and Verification Recommendations .................24 2.4 Best Practices for Systems Engineers ...............................................27 2.5 Software’s Relationship to the System .............................................30 References .......................................................................................................31 vii viii Contents 3. Software in the Context of the System Safety Assessment .................33 Acronyms ........................................................................................................33 3.1 Overview of the Aircraft and System Safety Assessment Process ............................................................................33 3.1.1 Safety Program Plan ..............................................................34 3.1.2 Functional Hazard Assessment ...........................................35 3.1.3 System Functional Hazard Assessment .............................37 3.1.4 Preliminary Aircraft Safety Assessment ............................37 3.1.5 Preliminary System Safety Assessment .............................38 3.1.6 Common Cause Analysis .....................................................38 3.1.7 Aircraft and System Safety Assessments ...........................40 3.2 Development Assurance ....................................................................40 3.2.1 Development Assurance Levels ...........................................41 3.3 How Does Software Fit into the Safety Process? ............................43 3.3.1 Software’s Uniqueness ..........................................................43 3.3.2 Software Development Assurance ......................................43 3.3.3 Other Views ............................................................................44 3.3.4 Some Suggestions for Addressing Software in the System Safety Process ................................................46 References .......................................................................................................47 Part III Developing Safety-Critical Software Using DO-178C 4. Overview of DO-178C and Supporting Documents .............................51 Acronyms ........................................................................................................51 4.1 History of DO-178 ...............................................................................51 4.2 DO-178C and DO-278A Core Documents .......................................55 4.2.1 DO-278A and DO-178C Differences ....................................57 4.2.2 Overview of the DO-178C Annex A Objectives Tables ..................................................................62 4.3 DO-330: Software Tool Qualification Considerations ...................67 4.4 DO-178C Technology Supplements ..................................................68 4.4.1 DO-331: Model-Based Development Supplement .............68 4.4.2 DO-332: Object-Oriented Technology Supplement ..........69 4.4.3 DO-333: Formal Methods Supplement ...............................70 4.5 DO-248C: Supporting Material .........................................................70 References .......................................................................................................71 5. Software Planning .......................................................................................73 Acronyms ........................................................................................................73 5.1 Introduction .........................................................................................73 5.2 General Planning Recommendations ..............................................74 Contents ix 5.3 Five Software Plans.............................................................................78 5.3.1 Plan for Software Aspects of Certification .........................78 5.3.2 Software Development Plan .................................................81 5.3.3 Software Verification Plan ....................................................83 5.3.4 Software Configuration Management Plan .......................86 5.3.5 Software Quality Assurance Plan .......................................89 5.4 Three Development Standards .........................................................90 5.4.1 Software Requirements Standards ......................................91 5.4.2 Software Design Standards ..................................................92 5.4.3 Software Coding Standards .................................................94 5.5 Tool Qualification Planning ..............................................................95 5.6 Other Plans ..........................................................................................95 5.6.1 Project Management Plan .....................................................95 5.6.2 Requirements Management Plan ........................................95 5.6.3 Test Plan ..................................................................................95 References .......................................................................................................96 6. Software Requirements ..............................................................................97 Acronyms ........................................................................................................97 6.1 Introduction .........................................................................................97 6.2 Defining Requirement ........................................................................98 6.3 Importance of Good Software Requirements .................................99 6.3.1 Reason 1: Requirements Are the Foundation for the Software Development .............................................99 6.3.2 Reason 2: Good Requirements Save Time and Money ...........................................................................101 6.3.3 Reason 3: Good Requirements Are Essential to Safety ................................................................................102 6.3.4 Reason 4: Good Requirements Are Necessary to Meet the Customer Needs ..............................................102 6.3.5 Reason 5: Good Requirements Are Important for Testing .............................................................................102 6.4 The Software Requirements Engineer ...........................................103 6.5 Overview of Software Requirements Development ....................104 6.6 Gathering and Analyzing Input to the Software Requirements ....107 6.6.1 Requirements Gathering Activities ...................................107 6.6.2 Requirements Analyzing Activities ..................................108 6.7 Writing the Software Requirements ..............................................109 6.7.1 Task 1: Determine the Methodology .................................109 6.7.2 Task 2: Determine the Software Requirements Document Layout ................................................................111 6.7.3 Task 3: Divide Software Functionality into Subsystems and/or Features ......................................112 6.7.4 Task 4: Determine Requirements Priorities .....................112
Description: