What is DO-178C?

The DO-178C/ED-12C standard, Software Considerations in Airborne Systems and Equipment Certification, is the reference standard used for the development of safety-critical software used in commercial aircraft. Aviation certification authorities like the Federal Aviation Administration (FAA), the European Union Aviation Safety Agency (EASA), Transports Canada, and the Civil Aviation Administration of China (CAAC) use the document as an acceptable means of complying with regulations for commercial aerospace systems that are software based. Manufacturers can develop safety-critical software using the DO-178C standard, knowing that the resulting code complies with the appropriate aviation regulations.

Military safety regulations have not reached the consistency and maturity of civilian regulations. However, teams can use DO-178C as a reference standard for safety-critical software development for defense applications. Although each military agency determines its own regulation, a growing number are requiring DO-178C compliance for critical systems used on military aircraft.

The DO-178C standard was jointly developed by RTCA Special Committee #205 (SC-205) and EUROCAE Working Group #71 (WG-17) with several goals, including updating, clarifying, and correcting the previous standard, DO-178B. RTCA, formerly called the Radio Technical Commission for Aeronautics, identifies the standard as DO-178C, and EUROCAE uses the ED-12C designation. DO-178C spells out process standards that cover the complete software development life cycle — software development, verification, configuration management, and quality assurance.

The standard is objective oriented and does not advise specific methods to achieve the objectives. This objective-based approach allows each team to create a flexible implementation for each system for which they are responsible. For example, avionics software is fundamentally different from engine-control software, requiring a different approach for software development and verification, which is allowed under DO-178C.

The standard provides the following guidance:

• Specifies objectives for software life cycle processes
• Describes the activities to perform to achieve those objectives
• Describes the work products needed to prove an objective is satisfied

The DO178C process consists of three interconnected areas: the planning, development, and integral processes. The integral process includes processes for verification and validation, quality assurance, configuration management, and certification liaison. 

The standard covering the systems to which the software contributes, ARP4754A, and more recently ARP4754B, Guidelines for Development of Civil Aircraft and Systems, provides guidelines to determine which Development Assurance Level applies to the software. DALs can also be referred to as item development assurance levels (IDALs), design assurance levels, or simply the software level.

DO-178C then specifies the objectives for each DAL and which objectives shall be satisfied with independence. Objectives with independence are verifications that must be conducted by someone who did not produce the item being verified. Level E has no objectives and Level A has the most objectives because it deals with failure conditions that result in aircraft loss and fatalities. 

The portion of the DO-178C document covering software development is composed of one core document, three supplemental documents, and two related standards, as shown in the following figure. The three supplements provide additional guidelines tailored to specific techniques used by the teams developing their software.

DO-331: Model-based Development and Verification (MBDV) Supplement

The DO-331 supplement provides additional guidance to teams using a model-based technique for software development and verification.

DO-332: Object-oriented Technology and Related Techniques (OOT/RT) Supplement

The DO-332 supplement is applicable if the team uses object-oriented techniques for programming in their software development life cycle.

DO-333: Formal Methods (FM) Supplement

The DO-333 supplement applies when a team uses formal methods in their software development life cycle. Formal methods are techniques used for the specification, development, and verification of software that are based on mathematical techniques.

Each supplement has the same structure as the core document (i.e., section titles are the same). For any unchanged section, the supplement explicitly states there is no change and does not repeat the core document. On the other side, each supplement identifies the additions, modifications, and substitutions to DO-178C for a given technique.

Two other documents can also be considered in the context of DO-178C for software development:

DO-330: Software Tools Qualification Considerations

DO-330 is a standalone document that defines the tool qualification processes for both tool users and tool developers. It is not considered as a supplement to DO-178C.

DO-248C: Supporting Information for DO-178C

The DO-248C addresses the questions of the industry and regulatory authorities. It contains FAQs, discussion papers (DPs), and rationale.

DO-178C is structured in a hierarchy of “processes,” as shown in the figure below. DO-178C defines three top-level groups of processes:

• The software planning process defines and coordinates the activities of the software development and integral processes for a project.
• The software development processes produce the software product.
• The integral processes ensure the correctness, control, and confidence of the software life cycle processes and their outputs. The integral processes are:
  • Software verification
  • Software configuration management
  • Software quality assurance
  • Software liaison

The integral processes are performed concurrently with the software development processes and the planning process throughout the software life cycle.

Model-based techniques for both development and verification have grown in popularity for system-critical software because they offer an efficient and productive way to specify, create, validate, and verify software. In the supplemental document, DO-331, covered models are defined as having the following characteristics:

• A model that is completely described using an explicitly defined graphical or textual modeling notation
• A model containing software requirements or software architecture definitions
• A model that is used for direct analysis or behavioral evaluation as supported by the software development process or the software verification process

Model-based development and verification tools like the Ansys SCADE family of products can greatly improve the efficiency and quality of software, producing software that meets DO-178C/DO-331 objectives while providing documentation that speeds up the certification process.

Engineers can aid DO-178C certification of their critical embedded software with the following SCADE products:

• Ansys SCADE Architect software for the design of software architecture in synchronization with software design
• Ansys SCADE Suite software, a model-based design editor for the design of embedded software applications and automatic generation of safe and secure code
• Ansys SCADE Display software for the design of embedded displays, especially displays for avionics systems, and automatic generation of safe and secure code
• Ansys SCADE Test software (including SCADE Model Coverage) for the dynamic verification of SCADE models and analysis of model coverage
• Ansys SCADE LifeCycle software for traceability management and automatic documentation generation

Related Resources