Open-DO, making certification for DO-178B and its successor DO-178C more efficient

AMSTERDAM, Netherlands, 15 April 2009. Leaders from Boeing and Adacore have joined hands to create a more efficient development environment for designers certifying their systems under the Federal Aviation Administration's DO-178B standard and its follow-on standard DO-18C.

They presented their goals in paper and presentation titled "Open DO-178C: A Call to Action" at the Avionics 2009 conference and exhibition held last month in Amsterdam, Netherlands.

The paper was written by Ryan Brooks and Donald Dunne of Boeing and Robert Dewar, Cyrille Comar, and Franco Gasperoni of Adacore and
There is a serious need for a communal, collaborative environment in meeting these certification standards, Gasperoni says. Addressing the current DO-178B issues "while incorporating the possibilities offered by the upcoming DO-178C standard will be a challenge for the avionics software industry, especially if each player goes solo."

In their paper the authors state that "in 2002 John Knight enumerated the software challenges facing aviation systems.

"These challenges can be summarized as follows:

(1) devise better techniques to estimate and manage development costs and their corresponding schedules; (2) bring under control application scale and improve tools and techniques to develop safety-critical software with less effort;
(3) improve requirements specification and enable whole specification analysis;
(4) prevent loopholes in the interplay between systems engineering and software engineering and cater for total system modeling;
(5) account for system security;
(6) enable the use of commercial-off-the-shelf components as a means of reducing costs;
(7) develop techniques that enforce high levels of assurance of non-interference in the absence of physical separation; and
(8) address the limitation of pure verification by testing and formulate comprehensive approaches to verification.

"While the solution to some of these issues is complete or underway (e.g. IMA – Integrated Modular Avionics – and ARINC 653 for (7), SysML and AADL for (4), or static analysis and formal methods for (8)), others remain unsolved.," they state.

Gasperoni and his collaborators are calling "for the need of a Free and Open-Source (FOSS) environment to construct certifiable software. This environment which we call Open-DO, is intended to be the common foundation on which high-integrity tools will be able to inter-operate and off-the-shelf certifiable components developed. It will also offer an ideal environment for teaching high-integrity software development practices in academia.

Components of the Open-DO effort include the Open System Engineering Environment (OSEE), Topcased and "Project Coverage," Gasperoni says.

OSEE
According to the OSEE website (http://www.eclipse.org/proposals/osee/) is a "proposed open source project under the Eclipse Technology Project. This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process document) and is written to declare its intent and scope. This proposal is written to solicit additional participation and input from the Eclipse community. You are invited to comment on and/or join the project. Please send all feedback to the http://www.eclipse.org/newsportal/thread.php?group=eclipse.technology.osee newsgroup."

According to the OSEE web site it "was designed and architected to provide subject matter experts effective access to the data they need across the engineering lifecycle in a single, integrated environment. OSEE is being developed using a spiral methodology and deployed as those capabilities are needed to develop the next generation mission software for an existing Boeing aircraft. Key deployment milestones of OSEE achieved on this program are listed below.

"OSEE, originally deployed on Boeing's Longbow Apache helicopter program, is an Eclipse-based FOSS project aimed at organizing the complex interactions between suppliers and system integrators when creating a single large system having stringent requirements for full lifecycle traceability, safety, verification, and document deliverables," they write. It can potentially be used as a common engineering platform to develop applications which require DO-178B/C certification, they add.

"OSEE comes with an action tracking system, a change management system, as well as a requirements and document management solution," they state. "Most importantly OSEE provides a framework for the integration of other applications at the data level. One family of such applications could be Topcased, born out of the French Aerospace Valley, it is also an Eclipse-based FOSS effort focusing on model-driven engineering for the realization of critical embedded systems.

"Benefiting from recent advances in hardware virtualization technology, the aim of Project Coverage is the production of a code coverage analysis toolset capable of generating DO-178B evidence for all levels of criticality," they write in the paper. "Beyond the production of useful tools and certification material for industrial users, an important goal of Project Coverage is to raise awareness and interest about safety-critical and certification issues in the FOSS community.

While OSEE lays the foundations for the engineering environment, and Topcased brings modeling technologies into the picture, Project Coverage is the first step in direction of DO-178 FOSS verification tools. Project Coverage was born out of the FOSS group of the Systematic research and development competitive cluster. Both Topcased and Project Coverage are partly supported by French public funds.