This page contains a Flash digital edition of a book.
38 AEROSPACEMANUFACTURING | MARCH 2010
THE SOFTWARE DEVELOPMENT
CHALLENGE
Qualified tools can cut
software development
costs, improve a
company’s responsiveness
and ensure high integrity
for airborne software
by DO-178B. Esterel
Technologies’ safety
manager, Jean-Louis
Camus, examines the
soon to be finalised
DO-178C update and
its impact on qualified
development tools.
Figure 1: The SCADE certified software factory
E
mbedded software is truly and minimising costly low level testing Airborne software of levels A, B or
pervasive; technology facilitated activities. C is designated safety critical and as a
through embedded software is ED-12/DO-178B provides guidelines consequence verification processes are
routinely injected into our everyday lives for the production of software for of the highest importance. Verification
to create functionality on which we grow airborne systems and equipment. The encompasses reviews, analyses and
to depend. objective of the guideline is to assure testing. Every piece of life cycle data
Whilst the embedded avionics that software performs its intended needs to be reviewed, in most cases with
software domain shares the dynamics function with a level of confidence in independence. Very thorough testing
of increasing complexity and decreasing safety that complies with airworthiness has to be performed. Low level test
development schedules with the requirements. These guidelines specify cases have to be written against the low
wider embedded software discipline, objectives for software life cycle level requirements and integration test
we as consumers can thankfully rely processes, description of activities and cases have to be developed against the
on rigorous design and certification design considerations for achieving high level requirements. Then structural
processes as defined in the DO-178B those objectives, and description of code coverage needs to be analysed
standard to minimise the occurrence of the evidence that indicates that the and resolved using demanding coverage
potentially catastrophic software bugs. objectives have been satisfied. criteria, such as Modified Condition/
As software complexity increases, Decision (MC/DC) for level A.
there is a reasonably linear increase in Levels of assurance Verification may account for up to
development time; however the real sting DO-178B defines five ‘development 80% of the total costs of a DO-178B level
is in the tail. Verification costs of the assurance levels’: A – catastrophic failure A software development project. The
highest integrity applications now exceed condition for the aircraft; B – hazardous/ effective productivity of such a project,
the development costs for that software severe failure condition for the aircraft; when including these costs is less than 10
if traditional development methods C – major failure condition for the lines of code per person per day.
are used. Qualified development tools aircraft; D – minor failure condition for Formal Model-Based Development and
provide a solution to this problem by the aircraft; E – no effect on aircraft Verification (FMBDV) is the first step
front loading the development process operation or pilot workload. to efficient software development and
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48
Produced with Yudu - www.yudu.com