Your browser does not support JavaScript! Skip to main content
Free 30-day trial Customer portal Careers DO-178C Handbook
 
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing   RapiCover - Structural coverage analysis   RapiTime - Timing analysis (inc. WCET)   RapiTask - Scheduling visualization   RapiCoverZero - Zero footprint coverage analysis   RapiTimeZero - Zero footprint timing analysis   RapiTaskZero - Zero footprint scheduling analysis

Multicore Verification

  MACH178  Multicore Timing Solution  RapiDaemons

Engineering Services

  V & V Services  Qualification  Training  Tool Integration  Support

Industries

  Aerospace (DO-178C)   Automotive (ISO 26262)   Space

Other

  RTBx   Mx-Suite   Software licensing   Product life cycle policy  RVS development roadmap

Latest from Rapita HQ

Latest news

RVS 3.18 Launched
Solid Sands partners with Rapita Systems
Danlaw Acquires Maspatechnologies - Expanding Rapita Systems to Spain
Rapita co-authored paper wins ERTS22 Best paper award
View News

Latest from the Rapita blog

Measuring response times and more with RapiTime
Why mitigating interference alone isn’t enough to verify timing performance for multicore DO-178C projects
There are how many sources of interference in a multicore system?
Supporting modern development methodologies for verification of safety-critical software
View Blog

Latest discovery pages

do178c DO-178C Guidance: Introduction to RTCA DO-178 certification
matlab_simulink MATLAB® Simulink® MCDC coverage and WCET analysis
code_coverage_ada Code coverage for Ada, C and C++
amc-20-193 AMC 20-193
View Discovery pages

Upcoming events

NAVAIR FACE & SOSA TIM and Expo
2023-09-12
DASC 2023
2023-10-01
HISC 2023
2023-10-17
Aerospace Tech Week Americas 2023
2023-11-14
View Events

Technical resources for industry professionals

Latest White papers

DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
A Commercial Solution for Safety-Critical Multicore Timing Analysis
Compliance with the Future Airborne Capability Environment (FACE) standard
View White papers

Latest Videos

Challenges of certifying multicore avionics in line with A(M)C 20-193 objectives - ATW Europe 2023
Streamlined software verification with RVS 3.18
Sequence analysis with RapiTime
Visualize call dependencies with RVS thumbnail
Visualize call dependencies with RVS
View Videos

Latest Case studies

Supporting ISO 26262 ASIL D software verification for EasyMile
RapiCover’s advanced features accelerate the certification of military UAV Engine Control
Front cover of whitepaper collins
Delivering world-class tool support to Collins Aerospace
View Case studies

Other Downloads

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top

Breadcrumb

  1. Home
  2. DO-178C Guidance: Introduction to RTCA DO-178 certification

DO-178

RTCA DO-178C / EUROCAE ED-12C: Software Considerations in Airborne Systems and Equipment Certification is the primary document by which certification authorities such as the FAA and EASA approve civil software-based aerospace systems. Recently, it has become the de facto approach for demonstrating airworthiness in military avionics systems worldwide.

Download DO-178C Handbook DO-178C webinar series
do178_airplane
  • Introduction
  • Design Assurance Levels
  • DO-178C processes
  • Tool qualification
  • How we help

Introduction to DO-178C

DO-178 was originally developed in the late 1970s to define a prescriptive set of design assurance processes for airborne software that focused on documentation and testing. In the 1980s, DO-178 was updated to DO-178A, which suggested different levels of activities dependent on the criticality of the software, but the process remained prescriptive.

Released in 1992, DO-178B was a total re-write of DO-178 to move away from the prescriptive process approach and define a set of activities and associated objectives that a design assurance process must meet. This update allowed flexibility in the development approaches that could be followed, but also specified fundamental attributes that a design assurance process must have, which were derived from the airworthiness regulations.

History of DO-178

Many advances in software engineering technologies and methodologies since the release of DO-178B made consistent application of the DO-178 objectives difficult. In 2012, DO-178C/ED-12C was released, which clarified details and removed inconsistencies from DO-178B, and which also includes supplements that provide guidance for design assurance when specific technologies are used, supporting a more consistent approach to compliance for software developers using these technologies. DO-178C guidance also clarified some details within DO-178B so that the original intent could be better understood and more accurately met by developers.

do178 dal-d project
 Collins Aerospace

How RapiCover was used for DAL A code coverage analysis for a complex flight control system.

View case study  
do178 dal-b project
 Triumph Group

How Rapita's V&V services produced evidence for certification of actuation system software.

View case study  
do178 dal-c project
 Cobham Aerospace

Rapita tools efficiently produced coverage evidence for DAL C certification of an antenna control unit.

View case study  
do178 dal-a project
 OHB Sweden

How RapiCover improved code coveage analysis for DO-178C attitude orbital control system.

View case study  

Software Safety Levels

DO-178B introduced (and DO-178C continued to use) the fundamental concept of the Design Assurance Level (DAL), which defines the amount of rigor that should be applied by the design assurance process based on the contribution to Aircraft Safety. The higher the DAL, the more activities and objectives that must be performed and met as part of the Design Assurance process because of the more severe consequences to the aircraft should the software fail or malfunction.

The five DALs, which are summarized in the table above, determine the amount of rigor required in the development and testing of a specific piece of airborne software.
DAL Condition Objectives
A Catastrophic 71
B Hazardous 69
C Major 62
D Minor 26
E No safety effects 0

DO-178C processes

Planning

DO-178C planning is the first DO-178C process that should occur and follows the basic design assurance principle that you say what you are going to do before you do it so you can ensure that what you plan to do will meet the required DO-178C objectives and provide evidence to demonstrate this.

Development of a set of plans covering all components of the Design Assurance process is a cornerstone of DO-178C. As part of this activity, the following plans must be developed:

  • Plan for Software Aspects of Certification (PSAC): a description of the software you plan to develop, the hardware environment it will be used in, the design assurance processes you will follow, and how you will demonstrate compliance, including how you will verify your implemented code and any commercial tools you will use in your verification.
  • Software Development Plan (SDP): a description of the software development processes and the software life cycle that is used to satisfy DO-178C objectives.
  • Software Verification Plan (SVP): a description of the verification processes (Reviews, Analyses and Tests) used to satisfy DO-178C objectives.
  • Software Configuration Management Plan (SCMP): a description of the methods and environment that will be used to configure all of the design data and compliance evidence needed to achieve DO-178C certification.
  • Software Quality Assurance Plan (SQAP): a description of the methods and associated records that will be used to ensure that DO-178C quality assurance objectives are satisfied.

Development

Development covers all of the activities that involve design and production of DO-178C software that meets system requirements of the project. This includes definition of high and low-level software requirements, software architecture definition and implementation of the software.

Requirements should be developed in order to meet system requirements of the component hosting the software. These system requirements may be decomposed into hardware requirements (DO-254) as well as software components. Requirements should be verifiable as they will need to be verified in order to generate compliance evidence.

The software architecture must be designed before the software is implemented. It is worth considering how the software architecture will affect verification efficiency as verification comprises a large proportion of the cost of a DO-178C project. Particularly, it is worth considering how your architecture will affect the efficiency of data coupling and control coupling analysis of your implemented software.

Engineers new to DO-178C may be surprised at how small a proportion of overall effort Implementation takes in a DO-178C project, particularly at high DALs e.g. DAL A. As verification is much morwe effort intensive than implementation, it is worth considering how implementation decisions such as choice of language and language constructs used, choice of hardware platform and choice of compiler and compiler options will affect verification efficiency.

Integral processes

DO-178C includes 4 Integral processes, which are followed throughout a DO-178C project. These are Verification, Configuration Management, Quality Assurance and Certification Liaison. Integral processes should be planned during DO-178C planning. Following the processes should generate evidence that can be provided to certification authorities to demonstrate that you have followed the processes you planned to (and agreed with the certification authority).

Verification covers activities needed to demonstrate that DO-178C software functions as intended. You will plan a Verification strategy in your Software Verification Plan and follow this after. Some Verification activities should be achieved by testing, while some are achieved by reviews. Software tools are often used to reduce the effort needed to verify DO-178C software.

Configuration Management covers the processes by which you will control and track versioning of items developed during DO-178C projects, including software and documents such as reviews. Your Configuration Management process must generate a record of every version of every item, and these should be accessible throughout the project.

Quality Assurance covers activities that demonstrate that you are following the plans and standards that you have said you will follow throughout a DO-178C project. This includes change control, problem reporting and conducting a conformance review to ensure that your DO-178C software and related documents are ready to share with your certification authority in the final Stage of Involvement (SOI).

Certification Liaison covers activities in which you will interact directly with your certification authority, including the processes you will follow to prepare for and conduct the DO-178C SOIs with them.

❮ ❯
     
DO-178C Processes
DO-178C Processes
DO-178C Processes
DO-178C Processes
DO-178C Processes

The typical process for the certification authority to determine compliance is based on four “Stage Of Involvement” (SOI) reviews/audits. These reviews are:

  • SOI#1 or Planning Review
  • SOI#2 or Development Review
  • SOI#3 or Verification Review
  • SOI#4 or Certification review

Each of these reviews focuses on an aspect of the process and evaluates the evidence that demonstrates compliance incrementally throughout the development life cycle.

DO-178C V-model diagram
Likely locations of SOI audits during software development
DO-178-whitepapers
Free 70-page handbook download

Efficient verification through the DO-178C life cycle

This handbook takes you through the whole DO-178C journey with a focus on verification, leaving you with an understanding of the compliance process as a whole and practical tips to efficiently verify DO-178C software.

Download now

Tool qualification

As per DO-178C, you need to qualify any software tool you use that replaces or mitigates any DO-178C process and for which the output is not manually verified. The qualification process ensures that such software tools can be relied upon to produce appropriate and repeatable results.

DO-178C itself describes when a tool must be qualified, but does not go into detail on how this should be done. The DO-330: Software Tool Qualification Considerations supplement to DO-178C expands on this guidance by defining corresponding objectives for the specification, development and verification of qualified tools.

If you use any commercial verification tools to automate DO-178C verification processes and don’t plan on manually reviewing output from the tools, they will need to be qualified at the appropriate tool qualification level. Many commercial verification tools have supporting qualification kits, which include evidence needed to demonstrate that the activities the tool developer must perform have been performed. All qualification kits should include all of the evidence needed from the tool developer. Some qualification kits may also include supporting material to help meet tool user objectives.

How can Rapita help?

The Rapita Verification Suite (RVS) reduces the effort needed to verify DO-178C software by helping to satisfy specific DO-178C objectives.

RVS includes plugins that satisfy requirements-based functional testing, structural coverage analysis and worst-case execution time analysis and is supported by a qualification kit and service to provide DO-330 tool qualification evidence.
To see how RVS could help you, contact us or download a free trial today.

Our Verification and Validation Services help satisfy DO-178C objectives. We provide services covering the full DO-178C life cycle, supporting efficient Planning, Development, and Integral processes including software verification using RVS. Our engineering team have diverse experience working in civil and defense avionics development and verification worldwide.

To see how our V&V Services could help you, download our brochure or contact us.

do-178c V&V

Specific guidance for how DO-178C should be applied to multicore software is available in the A(M)C 20-193 guidance.

MACH178 supports Planning, Development and Integral processes for multicore DO-178C projects, including by support multicore timing analysis, which is widely considered to be the most challenging element of A(M)C 20-193 compliance. To see how MACH178 could help you, contact us.

Our systems engineering services, with our emphasis on quality and adherence to ARP4754A industry guidance, support the development of systems with well-designed hardware and software.

We support system integration and verification and validation of system requirements. Our automated V&V tools integrate with industry standard requirements management software to capture results while seamlessly maintaining traceability to requirements. Find out more about our systems engineering services.

DO-178C Systems Engineering

Our support team is comprised of our Field Application Engineers (FAEs), who use RVS every day and regularly perform integrations involving a variety of compilers, languages, and platforms.

Our policy is to always provide our customers with the best level of support we can realistically achieve, and as such we resolve support issues as quickly and effectively as we can. We have a strong history of excellent support and regard this as an essential aspect of our business. For more information on our support service, see our Support web page.

DO-178C Support Services

We provide training in a range of expert topics, including: DO-178C compliance, Multicore certification and setting up automated test environments.

Our training is flexible; we offer both face-to-face and virtual training and offer custom training courses to meet your specific needs.

For more information on our training solutions, see our Training web page.

DO-178C Training
DO-178C verification webinar series
Functional testing for DO-178C
Functional testing

Learn from V & V experts how to manage your functional testing workflow from writing requirements through to producing test evidence from qualified automation tools.

Code coverage for DO-178C
Code coverage

Explore a range of code coverage topics (MC/DC, object code coverage) and best practices that you can put into practice in your project to obtain 100% coverage.

Worst Case Execution Time analysis for DO-178C
WCET analysis

Learn about the different WCET analysis approaches and how to select the best WCET analysis tool to meet the needs of DO-178C.

DO-178C handbook preview

Read the first chapter  

The safety assessment processes used in all functional safety domains rely on demonstrating that the probability of system failure that could cause harm is below an acceptable threshold.

When a system is made up of mechanical and electronic components, for which the component failure rate is known, the probability of failure for the system can be calculated and achievement of the safety target can be demonstrated. For software, complex systems or electronic hardware, system failures can be caused by design errors (sometimes known as systematic failures) as well as component failures, but there is no agreed way of calculating the failure rate of these design errors. In the aerospace domain, the agreed approach for dealing with design errors is to implement design assurance processes that have specific activities to identify and eliminate design errors throughout the software development life cycle.

DO-178 was originally developed in the late 1970s to define a prescriptive set of design assurance processes for airborne software that focused on documentation and testing.

Design Assurance Levels (DALs)

DO-178B introduced (and DO-178C continued to use) the fundamental concept of the Design Assurance Level (DAL), which defines the amount of rigor that should be applied by the design assurance process based on the contribution to Aircraft Safety. The higher the DAL, the more activities and objectives that must be performed and met as part of the Design Assurance process because of the more severe consequences to the aircraft should the software fail or malfunction. Design Assurance Level A (DAL-A) is the highest level of design assurance that can be applied to airborne software and is applied when failure or malfunction of the software could contribute to a catastrophic failure of the aircraft. The activities and objectives that must be met through the Design Assurance process gradually decrease with each level alphabetically until DAL-E, which has no objectives as there is no consequence to aircraft safety should such software fail or malfunction.

Objectives and activities

The recommendations given in DO-178 fall into two types:

  • Objectives, which are process requirements that should be met in order to demonstrate compliance to regulations
  • Activities, which are tasks that provide the means of meeting objectives

In total, DO-178C includes 71 objectives, 43 of which are related to verification. The number of these objectives that must be met for compliance reduces as the Design Assurance Level of the system reduces.

Supplementary objectives and guidance

DO-178C introduced three technology supplements to provide an interpretation of the DO-178C activities and objectives in the context of using specific technologies. The three technologies are Model Based Development and Verification (DO-331), Object Oriented Technology and related technologies (DO-332), and Formal Methods (DO-333). Each supplement describes the technology, defines the scope of its use within airborne software, lists additional or alternative activities and objectives that must be met when the technology is used, and includes specific FAQs (Frequently Asked Questions) that clarify objectives and activities relating to the technology.

A further supplement was introduced in DO-178C, Software Tool Qualification Considerations (DO-330), which gives guidance on the qualification of tools used in software development and verification processes. This guidance can be applied to any tools, not just those used for software development or verification, for example systems design or hardware development tools, and acts more like a stand-alone guidance document than the other supplements mentioned.

Many other documents support DO-178C by providing additional clarification or explanations that can help developers to correctly interpret the guidance and implement appropriate design assurance processes. The Supporting Information (DO-248C) supplementary document includes FAQs relating to DO-178C, and the document is commonly referred to by the title Frequently Asked Questions. In addition to the FAQs in DO-248C, the document provides the rationale for the activities and objectives listed in DO-178C and includes discussion papers that provide clarification on specific topics related to software development and verification. A series of documents produced by the Certification Authorities Software Team (CAST) since the release of DO-178B provided information on specific topics of concern to certification authorities in order to harmonize approaches to compliance. These topics have had a greater scope than just Software concerns, and much of the content in CAST documents has been implemented in guidance updates such as DO-178C, or formed the basis of authority publications, such as A(M)C 20-193 to address the use of multicore processors in avionics and A(M)C 20-152A on the development of airborne electronics hardware. CAST has remained inactive since October 2016 and links to most previous CAST papers have been removed from the FAA’s website...........

Continue reading

Learn more about DO-178 related subjects

AC 20-193
AMC 20-193

Verifying multicore systems.

EUROCAE ED-215
RTCA DO-330

Software Tool Qualification Considerations.

EUROCAE ED-216
RTCA DO-331

Model-based development and verification supplement.

EUROCAE ED-217
RTCA DO-332

Object-oriented technology and related techniques supplement.

DO-178C Handbook Preview
 
do178 handbook
do178c handbook
do-178 handbook
do-178c handbook
do178 book
do178c book
do178 pdf
do178c pdf
❮ ❯
               

Efficient verification through the DO-178C life cycle

 

Following DO-178C guidance when developing safety-critical avionics software can be complex, and there are many potential pitfalls along the way.

This handbook takes you through the whole DO-178C journey with a focus on verification, leaving you with an understanding of the compliance process as a whole and practical tips to efficiently verify DO-178C software.

Download in full
 

Download the DO-178C Handbook

When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.

Request Free Trial

Which tools are you interested in?
When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.

What happens next?
We aim to respond to trial version requests within 1 working day. If you have any further questions, please do not hesitate to contact us.

  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178
    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest

    • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads

    • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company

    • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • AMC 20-193
    • What is CAST-32A?
    • Multicore Timing Analysis
    • MC/DC Coverage
    • Code coverage for Ada, C & C++
    • Embedded Software Testing Tools
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • WCET Tools
    • Worst Case Execution Time
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®

All materials © Rapita Systems Ltd. 2023 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter