Your browser does not support JavaScript! Skip to main content
Free 30-day trial DO-178C Handbook RapiCoupling Preview DO-178C Multicore Training Multicore Resources
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing  RapiCover - Structural coverage analysis  RapiTime - Timing analysis (inc. WCET)  RapiTask - Scheduling visualization  RapiCoverZero - Zero footprint coverage analysis  RapiTimeZero - Zero footprint timing analysis  RapiTaskZero - Zero footprint scheduling analysis  RapiCouplingPreview - DCCC analysis

Multicore Verification

  MACH178  MACH178 Foundations  Multicore Timing Solution  RapiDaemons

Engineering Services

  V&V Services  Data Coupling & Control Coupling  Object code verification  Qualification  Training  Consultancy  Tool Integration  Support

Industries

  Civil Aviation (DO-178C)   Military & Defense   Space   Automotive (ISO 26262)

Other

RTBx Sim68020 Mx-Suite Software licensing Product life cycle policy RVS Assurance issue policy RVS development roadmap

Latest from Rapita HQ

Latest news

Rapita partners with Asterios Technologies to deliver solutions in multicore certification
SAIF Autonomy to use RVS to verify their groundbreaking AI platform
RVS 3.22 Launched
Hybrid electric pioneers, Ascendance, join Rapita Systems Trailblazer Partnership Program
View News

Latest from the Rapita blog

How emulation can reduce avionics verification costs: Sim68020
Multicore timing analysis: to instrument or not to instrument
How to certify multicore processors - what is everyone asking?
Data Coupling Basics in DO-178C
View Blog

Latest discovery pages

Military Drone Certifying Unmanned Aircraft Systems
control_tower DO-278A Guidance: Introduction to RTCA DO-278 approval
Picture of a car ISO 26262
DCCC Image Data Coupling & Control Coupling
View Discovery pages

Upcoming events

DASC 2025
2025-09-14
DO-178C Multicore In-person Training (Fort Worth, TX)
2025-10-01
DO-178C Multicore In-person Training (Toulouse)
2025-11-04
HISC 2025
2025-11-13
View Events

Technical resources for industry professionals

Latest White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP
Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
View White papers

Latest Videos

How to make AI safe in autonomous systems with SAIF
Rapita Systems - Safety Through Quality
Simulation for the Motorola 68020 microprocessor with Sim68020
AI-driven Requirements Traceability for Faster Testing and Certification
View Videos

Latest Case studies

GMV case study front cover
GMV verify ISO26262 automotive software with RVS
Kappa: Verifying Airborne Video Systems for Air-to-Air Refueling using RVS
Supporting DanLaw with unit testing and code coverage analysis for automotive software
View Case studies

Other Resources

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

 Multicore resources

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top Contact Us

What’s the difference between a SIL and a DAL? How does it affect my Code Coverage?

Breadcrumb

  1. Home
2014-10-07

In this article I look at the different integrity levels for the DO-178C "Software Considerations in Airborne Systems and Equipment Certification" development guidance and ISO26262 "Road vehicles – Functional safety" standard, what they mean for code coverage and why they are not equivalent.

How do I find my Integrity Level?

Most safety standards use the concept of an integrity level, which is assigned to a system or a function. This level will be based on an initial analysis of the consequences of your software going wrong. Both standards have clear guidance on how to identify your integrity level. For example, DO-178C has Software Levels, which are assigned based on the outcome of "anomalous behaviour" of a software component – Level A for "Catastrophic Outcome", Level E for "No Safety Effect". ISO26262 has ASIL (Automotive Safety Integrity Level), based on the exposure to issues affecting the controllability of the vehicle. ASILs range from D for the highest severity/most probable exposure, and A as the least. So the underlying concept is similar – find out how severe the effect and how likely it is your software can go wrong. The difference is in the scales and criteria used.

Safety standard integrity levels

What does my integrity level mean?

The allocated integrity level is linked to a set of processes to follow when developing your system – the higher the level then the more rigorous and stringent these processes are. Let’s take code coverage requirements as an example. The purpose of code coverage testing is to determine how much of your code has been exercised by your requirements based test cases. It can be a powerful tool in locating any code that doesn’t trace to a requirement, or limitations in your testing. The more severe the consequences of your code going wrong, then the more evidence we need that the test cases can find potential problems in the code.

Table 1 shows the code coverage requirements for DO178C from Annex A, Table A-7 of the standard. At Level C you only need to demonstrate that your tests cover all the statements in your software. However, at Level A you need three types of code coverage, including the most stringent, Multiple Condition/Decision Coverage for which every possible condition must be shown to independently affect the decision/software’s outcome. Further, you need to run these tests and demonstrate that the testing process has been performed by someone not directly involved with the development process.

  MC/DC Decision Coverage Statement Coverage
Level A With Independence With Independence With Independence
Level B - With Independence With Independence
Level C - - Required
Level D - - -
Level E - - -

Table 1 Code Coverage Requirements in DO-178C

Compare this with the code coverage requirements in ISO26262. Table 2 shows the requirements from Tables 12 and 15 of Part 6 of ISO26262. There are two different sets, one at the unit level and one at the architectural level. Techniques are highly recommended (++) or recommended (+). No requirement for independence is there. So whilst at the highest ASIL we still require MC/DC, the requirement for how that’s achieved is different. Also code coverage must be applied at multiple abstraction levels.

  MC/DC (Unit Level) Branch Coverage (Unit Level) Statement Coverage (Unit Level) Function Coverage (Architectural Level) Call Coverage (Architectural Level)
ASIL D ++ ++ + ++ ++
ASIL C + ++ + ++ ++
ASIL B + ++ ++ + +
ASIL A + + ++ + +

Table 2 Code Coverage Requirements in ISO26262

What’s the conclusion?

The integrity level concept is in almost all safety standards in one form or another. You will need to identify your integrity level in order to understand how to satisfy the standards development requirements, and, ultimately, the body approving whether your software is acceptably safe. However, the details mean that we can’t directly compare integrity levels between standards, and the requirements may be subtly different.

DO-178C webinars

DO178C webinars

White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook Efficient Verification Through the DO-178C Life Cycle
A Commercial Solution for Safety-Critical Multicore Timing Analysis

Related blog posts

DO-178C - Stage of Involvement 4

.
2022-04-06

DO-178C - Stage of Involvement 3

.
2022-03-23

DO-178C - Stage of Involvement 2

.
2022-03-09

DO-178C - Stage of Involvement 1

.
2022-03-01

Pagination

  • Current page 1
  • Page 2
  • Page 3
  • Page 4
  • Page 5
  • Next page Next ›
  • Last page Last »
  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178
    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest

    • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads

    • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company

    • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • Multicore Timing Analysis
    • Embedded Software Testing Tools
    • Worst Case Execution Time
    • WCET Tools
    • Code coverage for Ada, C & C++
    • MC/DC Coverage
    • Verifying additional code for DO-178C
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®
    • Data Coupling & Control Coupling
    • Aerospace Software Testing
    • DO-178C
    • Meeting DO-178C Objectives
    • AC 20-193 and AMC 20-193
    • Meeting A(M)C 20-193 Objectives
    • Certifying eVTOL
    • Cerifying UAS

All materials © Rapita Systems Ltd. 2025 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter