The RTCA and EUROCAE decided to develop guidelines to increase the efficacy in the software industry for avionic systems emphasising the safety criteria. These considerations and instructions were promulgated in the airworthiness standard RTCA DO-178 and divide the software development into five processes. For each process the necessary activities, objectives, and inputs and outputs are outlined. This standard has evolved from its first version DO-178 to its recent version DO-178C. For the purposes of this chapter, the abbreviation DO-178 will be used, the comparison between the different versions is beyond scope of this appendix. To achieve certification, DO-178 does not specify a particular type of software, software modelling, programming language or software methodology. If an avionics manufacturer must achieve the certification for an equipment or airborne system, the company must demonstrate that process objectives were completed.
According to DO-178’s suggested procedures a software design life cycle [93] should include a software planning process, a software development process and a certification process. The aim of dividing DO-178 into three processes is to establish clear guidelines about the communication and
81
cooperation among the different members of the development team to achieve the certification. The following will briefly analyse these processes.
A.3.1.1 Software Planning Process
This process defines the planning and organization of an avionics software project and its certification process [94]. The software planning process is related to the software life cycle, which means that the project’s members must define the rules to know when a requirement has met the functional and safety tests or when a requirement has not met the safety controls. The way in which the software developers, testers and safety engineers provide feedback on the software modules to be redesigned, recoded and re-evaluated is planned in this process. Additionally, the software coding standards [95], programming languages, compilers, simulators and modelling methodologies [96] are defined in the planning process.
A.3.1.2 Software Development Process
This process defines the activities, input and outputs to generate a product or equipment for the avionics industry. This process is comprised of five processes which begin with the analysis of System Requirements and finish with the generation of a source code and the integration with a particular hardware. The software requirements, software design, software coding and integration are the processes defined in the software development.
A.3.1.3 Software Requirement Process
Figure A:4 Software Requirements Process
The inputs for this process include the analysis of the system requirements, the development of the system architecture and the type of hardware interfaces needed to implement the system. The system requirements do not include technical details but note the needs that the users require to interact with the system. Also, during this process the system requirements can be classified terms of functional and performance requirements, safety requirements and environmental requirements [97]. A methodology to identify and analyse requirements for safety-critical software using use-case modelling notation is Unified Modelling Language (UML) [98]. For instance, if an avionics manufacturer wishes to develop an Autopilot Flight System (AFS) for a commercial aircraft, one of the system requirements could be that the system has an altitude hold mode.
82
The output of this process is a document with the software requirements data that includes the information used by the system. For example, to develop an AFS, the essential data is the position of the servo motors, the aircraft altitude, the roll angle, the GPS location, and so on. This information will be used in the following process to design the software architecture and the low-level requirements.
A.3.1.4 Software Design Process
Figure A:5 Software Design Process
Using the data obtained in the software design process and the plan elaborated in the planning process, the development team select the software design standards. These standards define details about the source code, such as the naming conventions, description of methods, maximum number of nested calls and dynamic memory allocation. Furthermore, Real Time Systems features are chosen and include aspects like concurrency, global variables, interrupt driven programming and exception handling [90].
With the same three inputs the software architecture is implemented and the low-level requirements are defined. The software architecture defines if the project will use a Real Time Operative System (RTOS), Object-Oriented Programming (OOP) and Programming Patterns or only will use structured programming. The low-level requirements define a level of algorithm, the logic that will implement the system requirements or high level requirements.
A.3.1.5 Software Coding Process
Figure A:6 Software Coding Process
The software coding process uses the software architecture and the low-level requirements to write the source code according to programming language defined in the software planning process. However, to assure high reliability in the software coding process, the avionics industry must follow coding standards depending on the programming language that software engineers use.
83
A.3.1.6 Integration Process
Figure A:7 Integration Process
The integration process involves the source code and the software architecture to generate the executable file after compiling and linking the source code. It will be loaded into a hardware unit (Flash Memory, ROM), generating a software and hardware integration process. Additionally, a Parameter Data File (PDF) is created to load the necessary information into the hardware to run the executable file.