Last week, we talked about the “pudding” of DO-178C projects. That, of course, being the implementation stage of a DO-178C guided avionics software project. We touched on establishing implementation decisions and standards in your PSAC plan and the key considerations involved in making your implementation stage run as smooth as possible. So, by now you’ve implemented your product in code and are able to see it running. What’s our next step?
With numerous activities, conditions, and considerations involved, DO-178C project verification can be, in a word, overwhelming. We’ve written about a few of the activities in DO-178C verification, but we haven’t touched on two main approaches: model-based design and object-oriented programming. So, no better time like the present.
In this first of our two-part verification approach series, we’re talking all about DO-331 model-based design. Before we get into DO-331, a quick tip on the verification stage of your project: start early!
Many verification activities take a long time to complete. If your implementation generates code that can’t be verified using your preferred method, you’ll end up having to regress back into your implementation. That means dealing with extra costs and unnecessary delays. This can be mitigated by verifying your code as you write it. A sensible approach is to write tests to ensure that you can get full coverage at the granularity you need, then implement as regression tests that are run throughout your development. While not requirements-based, these tests give you full confidence in your code fully, and alert you to changes to coverage from your regression tests sooner.
Now that you’ve prepared, planned and implemented your project, let’s talk about model-based design.
Why use model based design?
Simply put,model based design technologies can reduce the effort needed to design and test compliant software. Key benefits include:
- Software behavior simulation
- Support for unambiguous expression of requirements and software architecture
- Enablement of automated code generation
- Ability to perform verification activities earlier in the software life cycle
The benefits are undeniable, and will help you make your verification stage run faster and more cost-effectively. That said, to get the most out of your model-based design approach, it’s crucial to use DO-331 guidance. Here’s why:
What is DO-331 Model-Based Design?
RTCA DO-331 is a model-based development guideline that is accepted and supported as a verification supplement to DO-178C and DO-278A. It provides additional objectives when using model-based design in DO-178C projects, and ultimately clarifies how existing DO-178C objectives and activities apply to any avionics software projects using model-based design.
So, what are the additional objectives and activities?
One of the key additional verification activities discussed in DO-331 is model coverage analysis, which aims to detect unintended functionality in the model. As per DO-331, performing model coverage analysis does not eliminate the need to perform coverage analysis of the generated code that will actually execute.
The simulation tools provided by model-based design tools can reduce verification effort by providing a means to produce evidence that a model complies with its requirements. As per DO-331, using simulation does not eliminate the need to perform testing of the executable object code on the target hardware.
If you choose to use model-based design processes in a DO-178C project, make sure you know the ins and outs of the guidance and standards in DO-331 as they relate to DO-178C. Check out ConsuNova’s full-scope coverage of DO-178C, including DO-331, to master model-based design activities and define your verification and tool qualification strategies in your DO-178C planning documents.