What is the Real Impact of DO-178C and ED-12C?

By Joe Wlad

Joe WladDO-178C and ED-12C are now released.  What does this mean for Wind River and its customers?

Now that RCTA DO-178 and its European equivalent, EUROCAE ED-12, have been updated after nearly twenty years, many are wondering, what is the impact to Wind River and our customers?  We’ve provided our customers with products and services based on DO-178B and ED-12B guidelines for over 10 years and have deployed certified VxWorks solutions on over 250 aircraft programs.  With the arrival of DO-178C and ED-12C it’s really business as usual for Wind River and we will incrementally adopt the standard in our future certification evidence offerings. Yes, the new release of DO-178 and ED-12 compel many to ask questions about how we comply, what our roadmap for approval is, and how we plan to support our customers now and in the future.

Here’s a short summary of what has changed and what we can expect in the near future:

1. First and foremost, DO-178C/ED-12C has backward compatibility with DO-178B/ED-12B. They both have the same set of objectives and software levels. Wind River and Verocel have always applied rigorous interpretations of DO-178B and ED-12B to our existing certification evidence that won’t make us vulnerable to any revised guidance called out by DO-178C and ED-12C.  So our DO-178B and ED-12B certification evidence today is fully compatible with DO-178C and ED-12C.   What has changed is that the certification authorities have adopted guidelines for alternative technologies (such as object oriented design) and alternative processes (model-based development and formal methods) which were previously published in other guidance material. The guidelines for these technologies are now published in four other RTCA and EUROCAE documents called:

  • DO-330/ ED-215, Software Tool Qualification Considerations
  • DO-331/ED-216, Model-Based Development and Verification Supplement to DO-178C and DO-278A
  • DO-332/ED-217, Object-Oriented Technology and Related Techniques Supplement to DO-178C and DO-278A
  • DO-333/ED-218, Formal Methods Supplement to DO-178C and DO-278A

2. The one significant change for Wind River in our DO-178C and ED-12C certification evidence is that all requirements for verification tools, such as code coverage tools, and development tools, such as code generators, are moved into formal RTCA document, DO-330 (EUROCAE ED-215).

All of our core DO-178B/ED-12B certification evidence that we provide today in VxWorks Cert and VxWorks 653 meet the requirements of DO-178C and ED-12C today. Our certification evidence includes verification tools (such as our debug agent and test harness) and development tools such as our XML compiler.  As we create our next generation of certification evidence we will enhance it to demonstrate compliance to DO-330/ED-215 and DO-332/ED-216.  Our first evidence based on this new format will be VxWorks Cert 6.6.4 that will be released later this year.  

3. Since most developers use some tools for verification of their software, future developers will need to demonstrate compliance with DO-330, even if they are using a previously qualified verification tool such as a coverage analyzer. DO-330 now defines five qualification levels for tools (TQL-1 through TQL-5) and objectives for each level depending on the software level of verification. The total number of objectives in DO-330 exceeds the number of DO-178B objectives in some cases. This means that developers who previously qualified tools using Tool Operational Requirements and Tool Qualification Documents will also need to produce other documents required by DO-330 and show a compliance matrix to the applicable objectives and then have these data items approved by the certification authority. In short, qualification of tools has become a much more formal process in DO-330 than it was with DO-178B.

4. While the core DO-178C/ED-12C document was not changed substantially, there are changes to the guidance that may impact how some companies demonstrate compliance. For example, it is expected that developers will create low-level requirements that can be explicitly tested and it may no longer be permissible to test only high level requirements and demonstrate source code coverage. Moreover, one would also need to create robustness requirements which would also have to be tested. In these cases, special tools may be required to stimulate these conditions. Wind River’s Test Management tools and Simics tools could be employed to assist in robustness verification. Other areas of DO-178C/ED-12B which may require new attention involve requirements for backward and forward traceability, parameter data verification (akin to MCDC for Level A) and clarifications on independence.

5. Some developers who use object oriented design will have to demonstrate compliance to DO-332 and others who chose to use model-based development or formal methods of verification will have to use DO-331 and DO-333, respectively.

6. The adoption of DO-178C/ED-12C by our customer base will occur over a period of years.   The FAA must first publish a revision to AC 20-115B, recognizing DO-178C, then the FAA would need to update the scores of Technical Standard Orders (TSOs) that currently call out DO-178B.  In the meantime, many avionics developers will make minor revisions to already-certified products and the easiest way to do that is to grandfather in the use of DO-178B. We expect that DO-178C will be first adopted on new projects after the FAA updates AC 20-115 and the applicable Technical Standard Orders, which we predict will occur later in 2012.

How the release of DO-178C/ED-12C and its supplements impacts you depends upon what technologies you use and what development processes you use. You can trust that Wind River is well prepared to embrace DO-178C/ED-12C and this is a wonderful opportunity to engage Wind River Services to assist you with a formal program modernization effort which requires compliance to DO-178C/ED-12C.


For additional information from Wind River, visit http://www.facebook.com/WindRiverSystems.