DO-178C is the primary international standard for ensuring the safety and reliability of software used in commercial aircraft, serving as a critical guideline for its development and certification.
Often referred to by its full title, Software Considerations in Airborne Systems and Equipment Certification, DO-178C is a formal process standard that covers the complete software lifecycle—encompassing the planning, development, and integral processes—to ensure correctness and robustness in software developed for civil avionics systems. Published by RTCA, Inc. in the United States and EUROCAE in Europe, it is the benchmark for software airworthiness and is required by aviation authorities like the FAA and EASA for civil aircraft certification.
Purpose and Importance of DO-178C
The fundamental purpose of DO-178C is to prevent software failures that could lead to hazardous or catastrophic conditions in an aircraft. It establishes a rigorous framework for developing software for airborne systems, ensuring it is sufficiently reliable and robust for its intended use. Adherence to DO-178C demonstrates to certification authorities that the software meets stringent safety requirements, making it eligible for deployment in civil avionics.
The Software Development Lifecycle Under DO-178C
DO-178C mandates a structured approach throughout the software's journey, from initial concept to final deployment. This lifecycle is divided into three main process groups:
Planning Process
This foundational phase defines how the software will be developed, verified, and managed to meet DO-178C objectives. Key activities include:
- Defining the software's role and criticality (Software Assurance Level).
- Establishing a Plan for Software Aspects of Certification (PSAC), which outlines all planned activities and how they will satisfy DO-178C.
- Defining the development and verification environment, including tools and methods.
Development Process
This is where the software is actively created based on approved plans. It includes:
- Requirements Capture: Defining high-level and low-level software requirements that are precise, complete, and verifiable.
- Software Design: Translating requirements into architectural and detailed designs.
- Software Coding: Implementing the design in source code.
- Software Integration: Combining software components and integrating them with the target hardware.
Integral Processes
These processes run concurrently with planning and development, ensuring quality, control, and verification throughout the lifecycle. They are vital for meeting DO-178C objectives:
- Software Verification: The most extensive part, involving tests, reviews, and analyses to confirm that the software meets its requirements and performs correctly under all specified conditions. This includes structural coverage analysis to ensure sufficient testing of the code.
- Software Configuration Management: Establishing and maintaining control over all software items (requirements, design, code, test cases, documentation) to ensure their integrity and traceability.
- Software Quality Assurance: An independent activity that monitors the software lifecycle processes to ensure compliance with plans, standards, and procedures.
- Certification Liaison: Managing the interaction and exchange of information with certification authorities throughout the project.
Software Assurance Levels (DALs)
A cornerstone of DO-178C is the concept of Software Assurance Levels (DALs), which categorize the software's criticality based on the potential consequences of its failure. The DAL assigned to software dictates the rigor and number of objectives that must be satisfied under DO-178C. There are five levels, from A (most critical) to E (least critical):
| DAL | Description | Failure Condition | Severity (Examples) | Rigor of DO-178C Compliance |
|---|---|---|---|---|
| A | Catastrophic | Prevents continued safe flight and landing. | Leads to multiple fatalities or loss of aircraft. | Highest |
| B | Hazardous/Severe-Major | Reduces safety margins, high workload, serious injury. | May lead to significant injury or loss of life. | Very High |
| C | Major | Reduces safety margins, increased workload, discomfort. | May lead to minor injury or discomfort. | Medium |
| D | Minor | Slight reduction in safety margins, slight inconvenience. | No injury, slight inconvenience. | Low |
| E | No Effect | No effect on operational capabilities or safety. | No impact on aircraft or occupants. | Lowest (often no DO-178C required) |
The higher the DAL, the more objectives (up to 71 for DAL A) must be satisfied through stringent verification, traceability, and documentation.
Key Aspects and Requirements for Compliance
Compliance with DO-178C hinges on several crucial elements:
- Traceability: Maintaining clear, bidirectional links between requirements, design, code, and test cases is paramount. This ensures that every requirement is implemented and tested, and every piece of code traces back to a requirement.
- Comprehensive Verification and Validation (V&V): This includes robust testing at unit, integration, and system levels, formal reviews of all artifacts, and thorough analysis (e.g., control flow, data flow, stack usage).
- Extensive Documentation: A significant aspect of DO-178C is the generation of numerous artifacts, including plans, requirements documents, design descriptions, source code, test procedures, test results, and verification reports.
- Tool Qualification: If software development or verification tools automate or replace manual DO-178C objectives, they must be qualified to a defined Tool Qualification Level (TQL) to ensure their correctness and reliability.
- Independence: Specific activities, particularly verification and quality assurance, must be performed by individuals or groups independent of the development team to ensure objective oversight.
Evolution and Practical Considerations
DO-178C superseded DO-178B in 2012, introducing important changes to address modern software development practices. The key updates include:
- Supplements: DO-178C introduced four new "technology supplements" (DO-330, DO-331, DO-332, DO-333) covering:
- DO-330 (Tool Qualification): Detailed guidance for qualifying software tools.
- DO-331 (Model-Based Development and Verification): Guidance for using models in development.
- DO-332 (Object-Oriented Technology and Related Techniques): Addressing challenges specific to object-oriented programming.
- DO-333 (Formal Methods): Guidance on using mathematically rigorous techniques.
Adhering to DO-178C is a complex and resource-intensive endeavor. It requires specialized expertise, significant time, and substantial budget. However, the benefits are undeniable: enhanced safety, increased software reliability, and ultimately, the ability to achieve certification for airborne systems.
Who Uses DO-178C?
This standard is essential for anyone involved in developing or certifying software for civil aviation, including:
- Aircraft manufacturers (e.g., Boeing, Airbus)
- Avionics component suppliers
- Software development companies specializing in aerospace
- Regulatory bodies like the Federal Aviation Administration (FAA) and the European Union Aviation Safety Agency (EASA).
Further Resources
For more detailed information, consult the original documents and guidance from the issuing and certifying bodies:
