Developing Safety Critical Embedded Software under DO-178C A Thesis submitted to the Graduate School Of The University of Cincinnati In partial fulfillment of the requirements for the degree of Master of Science in the Department of Electrical and Computer Engineering of the College of Engineering and Applied Sciences November 2015 by Yanyun WANG Committee Chair: Dr. Carla Purdy i ABSTRACT Software installed on avionic equipment requires higher safety standards than any other environment. DO-178C, Software Consideration in Airborne Systems and Equipment Certification, proposed by Radio Technical Commission for Aeronautics (RTCA) and European Organization of Civil Aviation Equipment (EUROCAE), deals with the safety of software used in airborne systems. DO-178C was completed and approved by the RTCA in 2011 and replaces DO-178B as the primary document for Transport Canada, EASA and FAA. DO-178C defines the objectives and focuses on the procedures to produce software at a certain security / safety level. The inclusion of object-oriented concept and formal methods in DO-178C allows great flexibility of implementation. Most of the qualified software tools that can pass the certification process outlined in DO-178C are from big companies such as Matlab, AdaCore and IBM. The prohibitive price to enter the market makes it unaffordable for small business. The purpose of this research is to identify suitable open source software that can fulfill the same mission with minimal effort and cost while complying with the strict DO-178C standards. ii iii Table of Contents 1. INTRODUCTION...................................................................................................- 1 - 2. AVIONIC SYSTEM DEVELOPMENT REGULATIONS ..........................................- 5 - 2.1 ARP4761 ................................................................................................................- 5 - 2.2 ARP4754 ................................................................................................................- 6 - 2.3 DO-254...................................................................................................................- 6 - 2.4 History of DO-178 Family ........................................................................................- 8 - 2.5 DO-178B ................................................................................................................- 9 - 2.6 DO-178C .............................................................................................................. - 12 - 3. SOFTWARE DEVELOPMENT FOR DO-178C COMPLIANCE ............................. - 17 - 3.1 Software Planning ................................................................................................. - 19 - 3.2 Software Requirements ......................................................................................... - 22 - 3.3 Software Design .................................................................................................... - 23 - 3.4 Software Implementation and Integration............................................................... - 23 - 3.5 Software Validation............................................................................................... - 24 - 3.6 Software Verification............................................................................................. - 24 - 3.7 Delivery................................................................................................................ - 24 - 4. TOOLS ................................................................................................................ - 26 - 4.1 Tool Qualification ................................................................................................. - 26 - 4.1.1 Development tool qualification ............................................................................... - 27 - 4.1.2 Verification tool qualification ................................................................................. - 28 - 4.2 Potential Open Source Tool Chains ........................................................................ - 29 - 4.2.1 Life-cycle management .......................................................................................... - 30 - 4.2.2 Requirements management.................................................................................... - 32 - 4.2.3 Software design and implementation ...................................................................... - 37 - 4.2.4 Software testing .................................................................................................... - 38 - 4.2.5 Traceability management ...................................................................................... - 39 - 4.2.6 Team management ................................................................................................ - 41 - 4.2.7 User management ................................................................................................. - 42 - 4.2.8 Version control ..................................................................................................... - 43 - 4.2.9 Release management ............................................................................................. - 44 - 4.2.10 OSEE for DO-178C compliance ............................................................................. - 45 - iv 4.2.11 TOPCASED ......................................................................................................... - 46 - 4.2.12 CPPCheck ............................................................................................................ - 51 - 5. CASE STUDY: BLACKBOX DECODER PROJECT .............................................. - 52 - 6. CONCLUSIONS AND FUTURE WORK ............................................................... - 73 - References .......................................................................................................................... - 75 - Appendix A. TUTORIAL ................................................................................................ - 80 - v LIST OF FIGURES Figure 1 Avionic System Development Regulations ......................................................................- 5 - Figure 2 DO-178C Document Structure [34] .............................................................................. - 18 - Figure 3 Action Tracking System [70] for OSEE........................................................................... - 31 - Figure 4 Surgical Assistance Workstation (SAW) Architecture [71]................................................ - 32 - Figure 5 OSEE - Product Decomposition for SAW Project [71] ...................................................... - 33 - Figure 6 OSEE - Artifacts [72] .................................................................................................. - 34 - Figure 7 OSEE - Requirements [71] .......................................................................................... - 35 - Figure 8 OSEE - Robot API Requirements in Word Format [71]..................................................... - 36 - Figure 9 OSEE - TOPCASED Info Tracker [71] ............................................................................. - 37 - Figure 10 OSEE – Test Management [71] .................................................................................. - 38 - Figure 11 OSEE – Traceability [72] ........................................................................................... - 39 - Figure 12 OSEE – Skywalker [71] ............................................................................................. - 40 - Figure 13 OSEE - Team Management [71] ................................................................................. - 41 - Figure 14 OSEE - User Management [71] .................................................................................. - 42 - Figure 15 OSEE - Version Control [71] ...................................................................................... - 43 - Figure 16 OSEE - Release Management [71] .............................................................................. - 44 - Figure 17 Example Component Diagram [73] ............................................................................ - 47 - Figure 18 Example UML File [73] ............................................................................................. - 48 - Figure 19 UML Model Validation [73]....................................................................................... - 49 - Figure 20 Generating Code from UML Model [73]...................................................................... - 50 - Figure 21 CPPcheck Features [45]............................................................................................ - 51 - Figure 22 Shift Negative Value Warning ................................................................................... - 51 - Figure 23 Cleanflight Github Projects Overview [77]................................................................... - 52 - Figure 24 BlackBox Decoder Internal Flow ................................................................................ - 53 - Figure 25 Typical Header for Blackbox Log ................................................................................ - 55 - Figure 26 BlackBox Decoder Data ............................................................................................ - 56 - Figure 27 Case Study Diagram................................................................................................