Software component qualification you can trust for RTCA DO-178C and EUROCAE ED-12C
Measured on the number of passengers and distance traveled, flying is the world’s safest means of commercial transport. To a significant extent that is due to the software-driven avionics systems that keep aircraft in stable flight from the moment they take off to the moment they land, and the fact that the software in those systems is rigorously tested for functional safety. The relevant functional safety standards for avionics software are U.S. Radio Technical Commission for Aeronautics (RTCA) DO-178C and the European Organisation for Civil Aviation Equipment (EUROCAE) ED-12C ‘Software Considerations in Airborne Systems and Equipment Certification’ standards. Both standards are essentially identical. They cover the entire software lifecycle, including planning, requirements, design, implementation, verification, configuration management, and quality assurance.
For qualification and verification of the tool chain, in which the compiler that translates source code into executable code is an essential component, RTCA DO-178C / EUROCAE ED-12C refers to supplemental standard DO-330 / ED-215 ‘Software Tool Qualification Considerations’. This supplemental standard requires avionic system developers to demonstrate that each element in the tool chain does not introduce errors that could escape detection by subsequent verification activities. Compiler qualification with these standards is so challenging that it is usually skipped. Instead, in aviation, the compiler is simply not trusted. Therefore, the output of the compiler (assembly code) must be verified (typically by hand) to correctly reflect the input source code. This is a significant effort and it must be repeated every time the source code is changed.
As a result, compilers are used in aviation without any quality control at all. This is a missed opportunity because our SuperTest Compiler Test and Validation Suite for C and C++ compilers provide strong black-box verification of compilers with minimal effort. SuperTest contains requirements-based tests to validate that the compiler correctly implements source language constructs, negative tests to check that it flags invalid code, and stress tests to see how it behaves with boundary-pushing code. It offers differential testing to compare different versions of a compiler, plus traceability features that link clauses in the language standard with individual tests. Moreover, it can be configured to match the exact use case of the developer, and SuperTest is actually used to qualify compilers for use in other safety-critical industries.
Although libraries such as the C and C++ standard libraries are often integrated with the compiler into the software development kit, they differ in that invoked library code becomes part of the safety-critical executable code. In avionic applications, libraries therefore fall under the requirements of the DO-178C / ED-12C software considerations standard and require independent verification with a library safety qualification suite such as SuperGuard.
The standard libraries of C and C++ are collections of header files and library functions defined by the C and C++ programming language specifications. Even if the standard library that you use is delivered as a binary archive, your use case (which includes the compiler configuration and compilation options) is important. This is because the standard library also contains header files that are processed as source code. For efficiency, many functions in the standard library are implemented as macros (C) or templates (C++), and are compiled with your current use case. As a result, you must make sure that this use case matches the one that is used for qualification.
Contact us today to discuss how our solutions can help you meet automotive safety standards.
Request a demo Contact Us
Home / Industries / Aerospace | Avionics