How to achieve DO-178C certification with Rapita Systems
Whether it's your first time working on a DO-178C project or you’re a seasoned veteran, DO-178C certification is a significant undertaking. Rapita Systems provides support for DO-178C projects across the project life cycle. From planning to final approval, Rapita’s services and tools can help you deliver certifiable software on time and on budget.
Tools
Our automation tools support efficient DO-178C verification. Designed for the rigors of DO-178C from the ground up, our tools come with DO-330 qualification kits, and support key DO-178C concepts like structural coverage resolution and traceability.
Services
We provide V&V services, consultancy and training to the safety-critical software industry globally. Whether you need training or consultancy on DO-178C verification, or a partner to help you perform V&V activities for your software, we’re on hand to help.
DO-178C objectives
Rapita solutions provide support for achieving DO-178C testing and verification objectives, as well as some analysis objectives. The main objectives we support are listed below.
Testing of Outputs of Integration Process (Table A-6)
ID |
Description |
Objective |
DAL A |
DAL B |
DAL C |
DAL D |
Rapita Solution |
How? |
---|---|---|---|---|---|---|---|---|
Executable Object Code complies with high-level requirements |
⚪ |
⚪ |
⚪ |
⚪ |
✔ Tool, Services |
|||
Executable Object Code is robust with high-level requirements |
⚪ |
⚪ |
⚪ |
⚪ |
✔ Tool, Services |
|||
⚫ |
⚫ |
⚪ |
✔ Tool, Services |
|||||
Executable Object Code is robust with low-level requirements |
⚫ |
⚪ |
⚪ |
✔ Tool, Services |
||||
⚪ |
⚪ |
⚪ |
⚪ |
✔ Tool, Services |
⚪ Objective required at DAL
⚫ Objective required with independence at DAL
Verification of Verification Process Results (Table A-7)
ID |
Description |
Objective |
DAL A |
DAL B |
DAL C |
DAL D |
Rapita Solution |
How? |
---|---|---|---|---|---|---|---|---|
⚫ |
⚪ |
⚪ |
✔ Services |
|||||
⚫ |
⚪ |
⚪ |
✔ Analysis supported by tools |
|||||
⚫ |
⚪ |
⚪ |
⚪ |
✔ Integration with 3rd party tools, Services |
||||
⚫ |
⚪ |
⚪ |
✔ Integration with 3rd party tools, Services |
|||||
Test coverage of software structure (modified condition/decision coverage) is achieved |
⚫ |
✔ Tool, Services |
||||||
Test coverage of software structure (decision coverage) is achieved |
⚫ |
⚫ |
✔ Tools, Services |
|||||
Test coverage of software structure (statement coverage) is achieved |
⚫ |
⚫ |
⚪ |
✔ Tools, Services |
||||
Test coverage of software structure (data coupling and control coupling) is achieved |
⚫ |
⚫ |
⚪ |
✔ Services, Future Tool |
||||
Verification of additional code, that cannot be traced to Source Code, is achieved |
⚫ |
✔ Tools, Services |
⚪ Objective required at DAL
⚫ Objective required with independence at DAL
Other DO-178C objectives
ID |
Description |
Objective |
DAL A |
DAL B |
DAL C |
DAL D |
Rapita Solution |
How? |
---|---|---|---|---|---|---|---|---|
High level requirements are traceable to system requirements |
⚪ |
⚪ |
⚪ |
⚪ |
✔ Integration with 3rd party tools, Services |
|||
Low-level requirements are traceable to high-level requirements |
⚪ |
⚪ |
⚪ |
✔ Integration with 3rd party tools, Services |
||||
⚫ |
⚪ |
⚪ |
⚪ |
✔ Supported by Tools |
||||
⚫ |
⚪ |
⚪ |
✔ Supported by Tools and Services |
⚪ Objective required at DAL
⚫ Objective required with independence at DAL
Requirements-based testing
DO-178C objectives: 6.4.a, 6.4.b, 6.4.c, 6.4.d
DO-178C objectives §6.4.a-d require testing of the code to ensure that it complies with and is robust with respect to high and low-level requirements.
DO-178C keeps the development and verification processes separate and requires levels of independence between them. Test environments often present tests as code, which can be challenging for test engineers to create and review while remaining independent from the development process.
RapiTest supports test authoring without requiring engineers to write any additional code. Its test steps and expressions reference the software's interface, not its implementation. The underlying integration is flexible and can provide test evidence on any embedded target. Rapita works with your organization to ensure a robust, qualifiable integration with which results can be collected from both on-host and on-target tests. Learn how RapiTest helped Kappa optronics produce DO-178C requirements-based test evidence in our case study.
If you’re looking for a V&V partner, we can help you produce DO-178C test evidence for your software by writing and executing requirements-based tests, either using your DO-178C processes or our own. See how we did this for Triumph Integrated Systems in our case study.
Target computer compatibility
DO-178C objective: 6.4.e
“...execute the software to confirm that... the Executable Object Code is compatible with the target computer.”
RTCA DO-178C §6.4.e
This objective requires that selected tests, especially Hardware-Software Integration tests, are executed in the target computer environment. Challenges include harnessing low-level (component) tests in the target environment and retrieving outputs (test results) from that environment.
RapiTest lets you specify your test harness as stubs, runs, and checks, and executes the harness in a host, target, or simulated computer environment. Performing checks in that environment minimizes the required data transfer and helps to automate test evaluation and discrepancy analysis. All RVS tools are designed from the ground up to support on-target testing. Learn how RapiTest helped Kappa optronics produce DO-178C requirements-based test evidence on-target in our case study.
Rapita’s Target Integration Service and Qualified Target Integration Service ensure that a robust integration of RVS with the embedded target hardware is deployed and qualified. See how we delivered target and qualified target integrations services to Collins Aerospace in our case study.
Test procedures are correct
DO-178C objective: 6.4.5.b
We can provide V&V services to help you produce DO-178C test evidence for your software by writing and executing requirements-based tests, either using your DO-178C processes or our own. If we do, we perform the analysis needed to ensure that test procedures are correct. You can see how we produced DO-178C test evidence for Triumph Integrated Systems in our case study.
Test results are correct and discrepancies explained
DO-178C objective: 6.4.5c
“...ensure that the test results are correct and that discrepancies between actual and expected results are explained.”
RTCA DO-178C §6.4.5.c (Table A-7 2)
This review shows that all tests either pass or fail with a well-understood and agreed justification. The challenge here is to efficiently gather the expected and actual results and check for discrepancies.
RapiTest allows you to define both the set-up actions and the correctness checks for each test. It executes those in the target computer. When a check fails, it provides the expected and actual results to show you the discrepancy. Learn how RapiTest helped Kappa optronics produce DO-178C requirements-based test evidence on-target in our case study.
We can provide V&V services to help you produce DO-178C test evidence for your software by writing and executing requirements-based tests, either using your DO-178C processes or our own. If we do, we perform the analysis needed to ensure that test results are correct and discrepancies are explained. You can see how we produced DO-178C test evidence for Triumph Integrated Systems in our case study.
Requirements coverage
DO-178C objectives: 6.4.4.a, 6.4.4.b
Traceability is crucial in DO-178C. It links corresponding items in different outputs such as requirements and tests. Challenges include ensuring that engineers can keep traceability information up to date when they make changes and consolidating the traceability information into a single view for presentation and review. Traceability is typically managed by dedicated requirements traceability tools.
RVS tools integrate with commonly used requirements traceability tools such as DOORS, Jama, Polarion and Visure, allowing traceability links to be maintained in a project throughout the project life cycle. Within RVS, traceability is maintained between, for example, test cases and associated structural coverage at the code level, and requirements coverage can be viewed when requirements have been imported from a requirements traceability tool.
We can provide V&V services to help you produce DO-178C test evidence for your software by writing and executing requirements-based tests, either using your DO-178C processes or our own. If we do, we perform the analysis needed to ensure that test procedures are correct. You can see how we produced DO-178C test evidence for Triumph Integrated Systems in our case study.
Structural coverage analysis
DO-178C objectives: 6.4.4.c
Structural coverage analysis (SCA) demonstrates that the code has been sufficiently tested, with the associated coverage criteria dependent on the software DAL. Structural coverage has to be obtained through requirements-based testing and can be obtained by analysis of either source code or object code coverage. The main challenges of SCA include instrumentation overheads for on-target testing, effort required to merge coverage from different test builds, and resolving incomplete structural coverage.
Rapita provides support for both source code and object code based structural coverage analysis through RapiCover and RapiCover Zero , respectively. RapiCover’s instrumentation overheads are significantly lower than competitor solutions, allowing coverage to be collected in fewer test builds, therefore reducing test overheads. Where different builds are still needed, results can be merged, and this feature is qualified. RapiCover justifications make it easy to mark code as covered by analysis to resolve coverage gaps, and support is available to migrate justifications when code changes. Unlike some competitor solutions, RapiCover’s instrumentation is qualified, so manual review of applied instrumentation is not required. See how we supported organizations such as Collins Aerospace and Cobham Aerospace Connectivity in their DO-178C structural coverage analysis in our case studies.
Data coupling and control coupling coverage analysis
DO-178C objectives: 6.4.4.d
Data coupling and control coupling (DCCC) analysis allows integration errors to be identified earlier during the verification life cycle, which can increase software quality and reduce overall verification costs. There is no accepted industry-wide definition of the detailed analyses that are required to meet the objective, and until now, commercial automation tools have lacked the capability and flexibility to support the varying interpretations of DCCC analysis across the safety-critical avionics industry.
Rapita provide DCCC services and are developing in-depth, flexible support for DO-178C data and control coupling analysis through the upcoming RapiCoupling tool, which will include guidance on selecting criteria for the analysis. A case study including use of the tool in collaboration with Collins Aerospace was presented at DASC 2024. A public experimental version of the tool will be available in summer 2025.
Our DCCC services include working with you to determine a strategy for DCCC analysis that fits your project, helping you set up the automation infrastructure to support the analysis, and V&V to produce on-target DCCC evidence for your software.
Additional code verification
DO-178C objectives: 6.4.4.c
“…if the software level is A and a compiler, linker, or other means generates additional code that is not directly traceable to Source Code statements, then additional verification should be performed to establish the correctness of such generated code sequences.”
RTCA DO-178C §6.4.4.2.b
The correctness of additional code introduced by a compiler should be verified for DO-178C DAL software. Correctness cannot be demonstrated through coverage alone. DO-278A provides clarifications on expectations for meeting the objective, suggesting some approaches for meeting the objective and stating that it isn’t a trivial task “ the work involved in the process of demonstrating traceability from object code to Source Code may not be trivial”, “ This process is intensive and should be thorough”.
Rapita supports meeting the objective through RapiCover and RapiCover Zero to support coverage analysis and traceability, and V&V services to support compiler verification, one of the approaches suggested by DO-248C to meet the DO-178C §6.4.4.c objective. See how we supported the verification of a compiler for an organization developing safety-critical applications in our case study.
More detailed information on this topic is available on the Rapita Systems website.
Requirements traceability
DO-178C objectives: 6.3.1.f, 6.3.2.f
Traceability is crucial in DO-178C. It links corresponding items in different outputs such as requirements and tests. Challenges include ensuring that engineers can keep traceability information up to date when they make changes and consolidating the traceability information into a single view for presentation and review. Traceability is typically managed by dedicated requirements traceability tools.
RVS tools integrate with commonly used requirements traceability tools such as DOORS, Jama, Polarion and Visure, allowing traceability links to be maintained in a project throughout the project life cycle. Within RVS, traceability is maintained between, for example, test cases and associated structural coverage at the code level, and requirements coverage can be viewed when requirements have been imported from a requirements traceability tool.
We can provide V&V services to help you produce DO-178C test evidence for your software by writing and executing requirements-based tests, either using your DO-178C processes or our own. If we do, we perform the analysis needed to ensure that test procedures are correct. You can see how we produced DO-178C test evidence for Triumph Integrated Systems in our case study.
Software partitioning integrity
DO-178C objectives: 6.3.3.f
“The objective is to ensure that partitioning breaches are prevented”
RTCA DO-178C §6.3.3.f
Once you have designed the software architecture, this objective asks for analysis to show that partitions cannot interfere with one another. As well as relying on the RTOS vendor assurance case and reviewing that tasks are configured correctly, the challenge can be to obtain direct evidence of prevention of partitioning breaches on your target configuration.
The RapiTime workflow supports the measurement of tasks that are interrupted, abandoned, or which cause the computer to reset. By inserting deliberate attempts to breach partitioning, you can confirm that your integrity mechanisms are configured and operating correctly. The ability to integrate with multiple environments lets you execute such tests from prototype environments through to the final target.
Source code is accurate and consistent
DO-178C objectives: 6.3.4.f
“...determine the correctness and consistency of the Source Code … stack usage … worst-case execution time ...”
RTCA DO-178C §6.3.4.f (Table A-5 6)
This review and analysis objective is typically met through additional testing (RTCA DO-178C §6.3, para 2). This testing reveals the dynamics of the source code. The challenge is finding a test environment that can run tests early, and provide that insight, without being significantly different from the environment used for later testing.
RapiTime provides flexible instrumentation and powerful visualization to identify and explore the worst-case behavior of your software. The same interface and workflow can be re-targeted between analysis testing, test case development, and formal on-target testing.
New to DO-178C software verification?
Our DO-178C Webinar Series guides you through the entire DO-178C journey with a specific focus on verification, from functional testing to Worst-Case Execution Time (WCET). By the end of the series, you’ll have a comprehensive understanding of the compliance process and practical tips to efficiently verify DO-178C software.
Wanting to learn more about DO-178C certification?
Our DO-178C Handbook takes you through the whole DO-178C journey with a focus on verification, leaving you with an understanding of the compliance process as a whole and practical tips to efficiently verify DO-178C software.