Misunderstanding of
DO-178C

Context and Annex A

The first problem with DO-178C is that it is often poorly understood. This is often because the reader has not been able to understand the context in which it is set; that of aircraft certification. The second problem is that readers often want a quick guide to what they need to do and unfortunately they jump straight into the table at Annex A. The intent of these tables, written originally for DO-178B, was to provide a levelling of objectives.  In other words, which objectives would apply to which software Level, A, B, C or D.  The Annex gives a short title and the paragraph reference to the Objective.  If it applies at a particular software Level, there is a white dot, if it applies and an independent check is required, it is a black dot and, of course, if it does not apply, there is no dot.  To be clear, the objective is the reference text and not the wording in Annex A.  A common misunderstanding is that because there is a reference in Annex A to activities that these have to be done and are the only way to achieve the objectives; this is incorrect.  The activities are only included to provide some context and insight into the kind of evidence that might be provided for objective satisfaction.

DISCOVER MORE

Is it onerous?

While DO-178C is a detailed document, the structure of the document, based upon requirements and requirements satisfaction, is very straightforward.  System requirements are allocated to software which then become the ‘Software High Level Requirements’ and these then are used to develop the software design (called 'Low Level Requirements' for historical reasons), into source code and to the executable object code used in the target hardware.  At each stage, there is a set of verification objectives to be met.  In order to do this in a controlled manner and communicate to those that need to know, it is expected that the software engineers will have some plans they need to adhere to (not that they can’t be adapted as things progress) and some standards to help ease verification.  The development must be under configuration control and have the involvement of independent quality assurance.  Because DO-178C is written by industry to assist in the safety design of aircraft, there will be a need to involve a regulator who will assess the development.  This need not be an onerous process, but it is expected that DO-178C has been read and understood before the engagement of the regulator.

DISCOVER MORE

Training

If you need to understand more about DO-178C, by all means get in touch to see how we can help.
Click here for our webinar on "Accessible Formal Methods in Nuclear Engineering"

Get in touchDISCOVER MORE

Need help with control system software? Contact us today to find out more

Get in touch
D-Risq - Square image
D-Risq - Square image
D-Risq - Square image
D-Risq - Square image
D-Risq - logo