Your browser does not support JavaScript! Skip to main content
Free 30-day trial DO-178C Handbook RapiCoupling Preview DO-178C Multicore Training Multicore Resources
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing  RapiCover - Structural coverage analysis  RapiTime - Timing analysis (inc. WCET)  RapiTask - Scheduling visualization  RapiCoverZero - Zero footprint coverage analysis  RapiTimeZero - Zero footprint timing analysis  RapiTaskZero - Zero footprint scheduling analysis  RapiCouplingPreview - DCCC analysis

Multicore Verification

  MACH178  MACH178 Foundations  Multicore Timing Solution  RapiDaemons

Engineering Services

  V&V Services  Data Coupling & Control Coupling  Object code verification  Qualification  Training  Consultancy  Tool Integration  Support

Industries

  Civil Aviation (DO-178C)   Automotive (ISO 26262)   Military & Defense   Space

Other

RTBx Mx-Suite Software licensing Product life cycle policy RVS Assurance issue policy RVS development roadmap

Latest from Rapita HQ

Latest news

SAIF Autonomy to use RVS to verify their groundbreaking AI platform
RVS 3.22 Launched
Hybrid electric pioneers, Ascendance, join Rapita Systems Trailblazer Partnership Program
Magline joins Rapita Trailblazer Partnership Program to support DO-178 Certification
View News

Latest from the Rapita blog

How to certify multicore processors - what is everyone asking?
Data Coupling Basics in DO-178C
Control Coupling Basics in DO-178C
Components in Data Coupling and Control Coupling
View Blog

Latest discovery pages

control_tower DO-278A Guidance: Introduction to RTCA DO-278 approval
Picture of a car ISO 26262
DCCC Image Data Coupling & Control Coupling
Additional Coe verification thumb Verifying additional code for DO-178C
View Discovery pages

Upcoming events

Avionics and Testing Innovations 2025
2025-05-20
DASC 2025
2025-09-14
DO-178C Multicore In-person Training (Fort Worth, TX)
2025-10-01
DO-178C Multicore In-person Training (Toulouse)
2025-11-04
View Events

Technical resources for industry professionals

Latest White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP
Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
View White papers

Latest Videos

Rapita Systems - Safety Through Quality
Simulation for the Motorola 68020 microprocessor with Sim68020
AI-driven Requirements Traceability for Faster Testing and Certification
Multicore software verification with RVS 3.22
View Videos

Latest Case studies

GMV case study front cover
GMV verify ISO26262 automotive software with RVS
Kappa: Verifying Airborne Video Systems for Air-to-Air Refueling using RVS
Supporting DanLaw with unit testing and code coverage analysis for automotive software
View Case studies

Other Resources

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

 Multicore resources

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top Contact Us

Components in Data Coupling and Control Coupling

Breadcrumb

  1. Home
Daniel Wright, Andy Galloway
2024-04-30

"Data coupling" and "control coupling" (collectively “DCCC”) concern the way software components interact with each other in an integrated system to perform a higher-level function. Understanding software DCCC and analyzing DCCC coverage during integration testing can help reduce development costs and mitigate risks, and DCCC analysis is required for DO-178C certification of critical avionics. Rapita Systems is developing RapiCoupling, an automation solution designed to meet the complexities of DCCC analysis for modern DO-178C software.

This is our third blog on Data Coupling and Control Coupling analysis for DO-178C software. In our previous blogs, we gave an introduction to DCCC for DO-178C and discussed why there’s no standard approach to DCCC analysis. In this blog, we’ll explore the role of components in DCCC analysis, and how DCCC supports the decomposition of software functionality into components.

What is a software component?

DO-178C describes both Data Coupling and Control Coupling relative to the idea of a “code component”: Analysis to confirm that the requirements-based testing has exercised the data and control coupling between code components [DO-178C 6.4.4.2 c)]. But what is a code component?

In its Glossary, DO-178C defines a component as “a ‘self-contained part, combination of parts, subassemblies, or units that performs a distinct function of a system’”. The term component is used in a variety of ways throughout the standard. However, it is generally accepted that the definition of software (or code) component for DCCC purposes follows directly from the design objective. During design, the software is decomposed into components and low-level requirements are documented to specify what each component has to do. The interfaces between components are captured by the software architecture, including information such as data dictionaries, which should make explicit the intended control and data flow over each interface.

The links between the design process, the notion of software component, and DCCC, are implied by the descriptions in the standard, for example: “Interfaces between software components, in the form of data flow and control flow, should be designed to be consistent between components” [DO-178C, 5.2.2 d)]. Based on DO-178C’s definitions and terminology, we can therefore view software components as the following:

  • The way that low-level requirements (LLRs) are partitioned into groups
  • What defines, along with the architecture, the input stimuli and output responses over which those requirements are expressed
  • What defines, along with the code, the software functions that low-level requirements-based testing (LLRBTs) and low-level structural coverage analysis (SCA, comprising MC/DC, decision, and statement coverage) will apply to.
Example two component system. The function of each component is defined by LLRs and verified by low-level Requirements-based tests and structural coverage analysis. Each component may have data and control flows with other components and with external I/O.

Note that superficial notions of what constitutes components, for example that each source file comprises a component, are only valid if the system has been developed so there is a one-to-one mapping between source files and components specified in the software design. This is by no means always the case.

How does DCCC support the decomposition of software into components?

DCCC analysis serves an important role in supporting the decomposition of software into components and helping to establish the correctness and safety of an airborne system.

Decomposition of software functionality into components is the mechanism provided by DO-178C for managing complexity. By decomposing functionality into components, we can develop components separately, verify their function according to low-level requirements and verify the sufficiency of testing using low-level structural coverage analysis (MC/DC, decision, and statement coverage).

However, to be able to decompose software function confidently, we need a robust process for verifying that the decomposition is correct, that we haven’t made mistakes defining what our code components need to do, and we haven’t made invalid assumptions about how they will behave collectively when we connect them together. In other words, we need to know that assembling sub-components in the way we have, based on how we’ve specified them, results in a system that faithfully implements the intent of the design.

DCCC analysis supports this process. While requirements-based integration testing provides evidence that the integrated software meets its high-level requirements, DCCC analysis can help demonstrate the sufficiency of integration testing, and validate that high-level requirements are complete.

How do components impact DCCC analysis?

Components have a huge impact on DCCC analysis. CAST-19 defined both Data Coupling and Control Coupling as relating to interactions between components, and this is consistent with the role of DCCC analysis in helping us provide a sufficiency metric for integration testing (integration of components).

What constitutes an acceptable DCCC analysis argument, and the steps you need to go through producing it, are topics of lively debate. The consensus, however (supported by the CAST-19 definitions), is that interfaces between components are the primary focus for the activity, i.e. for DCCC analysis to be “complete”, all of the ways that components can affect one another need to be verified.

Guidance about what that should involve is patchy, but some common considerations include:

  • Have all the significant ways each component can impact another component’s flow of control been observed?
  • Have all the significant ways data can be supplied and consumed by components been observed?
  • Have all interfaces been confirmed to be working as intended?
  • Have all the significant ways inputs/outputs can be presented to/generated by the system been observed to be correct?

There is some disagreement about whether all of the above can be achieved based on properties derived directly from the code, or whether this requires deeper consideration of both the code and other artifacts produced as part of the development process (See our previous blog on the “two schools of thought”).

Either way, though, components play a crucial role in defining DCCC analysis criteria. The couplings we should observe to satisfy ourselves (and our certification authority) that we’ve done sufficient integration testing are based on interfaces, and ultimately, components.

RapiCouplingPreview

An innovative new approach for DCCC Analysis

  • Data coupling and control coupling analysis for DO-178C
  • Configurable definition of components, interfaces and couplings
  • Process guidance to help define couplings for your project
Find out more

Conclusion

Components are an important concept in DCCC analysis. Defined by the software design, they help us identify the interfaces in the system across which couplings arise, and are used as the basis for defining DCCC analysis goals. DCCC analysis serves an important role in DO-178C projects by supporting the decomposition of software function into components.

In our next blog, we’ll take a closer look at control coupling.

Wanting to learn more about DCCC? Check out our full blog series or download our DCCC Solutions for DO-178C Product brief.

Want to stay up to date with DCCC content? Sign up to our mailing list below.

DO-178C webinars

DO178C webinars

White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook Efficient Verification Through the DO-178C Life Cycle
A Commercial Solution for Safety-Critical Multicore Timing Analysis

Join our specialized mailing list to learn more about DCCC analysis

  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178

    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest
  • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads
  • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company
  • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • Multicore Timing Analysis
    • Embedded Software Testing Tools
    • Worst Case Execution Time
    • WCET Tools
    • Code coverage for Ada, C & C++
    • MC/DC Coverage
    • Verifying additional code for DO-178C
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®
    • Data Coupling & Control Coupling
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • AC 20-193 and AMC 20-193
    • ISO 26262
    • What is CAST-32A?

All materials © Rapita Systems Ltd. 2025 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter