Types 3a and 3b Specification Model replaces software high-level

Figure 4 – Type 3 Life-Cycles

In each of these types of life-cycle, a Specification Model is developed from system level higher-level requirements and is used in place of conventional ED-12B / DO-178B software high-level requirements. The Specification Model may then be further developed into either a Design Model or into a conventional ED-12B / DO-178B software design.

Source Code is then produced from the Design Model / the software design.

These life-cycles differ from a conventional life-cycle involving both ED-79 / ARP4754 (or ED- 79A / ARP4574A) and ED-12B / DO-178B in that the software high-level requirements are replaced by a Specification Model, and in the first case, a conventional software design is replaced by a Design Model. In the case where a Design Model is produced, an auto-coding tool may be used to automatically produce the Source Code rather than by producing it by means of manual coding.

23.2.6.1

Validation of Higher-level Requirements

In these cases, the higher-level requirements from which the Specification Model is developed are at the system level. These higher-level requirements at the system level should be validated in the manner described in ED-79 / ARP4754 Section 7 (or ED-79A / ARP4574A section 5.4) so as to ensure that they are complete and correct. The applicant should identify in their System Verification Plan the means they intend to use to validate the system level requirements allocated to software, which may include reviews, analysis, simulation or test.

NOTE - More than one level of system requirements may need to be developed in order to elaborate the system requirements to the level of detail necessary to develop a Specification Model from them. This section deals with the level of system requirements immediately above the Specification Model, i.e. the higher-level requirements from which the Specification Model was developed. However, if there are more levels of system requirements than the higher-level requirements, then the ED-79 / ARP4574 or ED-79A / ARP4574A validation and verification processes should be conducted on each of those other levels and full traceability should be ensured between all levels of requirements.

23.2.6.2

Verification of Specification Models.

The Specification Models produced in these life-cycles should be shown to comply with their higher-level requirements (which are at the system level) by conducting activities to show compliance with the objectives for software high-level requirements shown in ED-12B / DO- 178B Table A-3 as in a conventional ED-12B / DO-178B process. Each Specification Model should, therefore, be reviewed and analyzed as described in ED-12B / DO-178B paragraph 6.3.1.

If a Design Model is developed from the Specification Model, then the Specification Model serves as the higher-level requirements for the Design Model, and these higher-level requirements are verified by verifying the Specification Model as described above. Testing conducted in a simulation of the Design Model (as described below in the paragraph on Simulation of Executable Design Models) may be used to provide partial evidence that the Specification Model was complete and correct.

23.2.6.3

Design Model Verification Activities (where applicable).

If the life-cycle includes a Design Model, then ED-12B / DO-178B verification activities should be conducted on that Design Model.

The activities for the verification of Design Models are described in the paragraphs below that have the following headings –

• Verification of Design Models.

• Coverage of Design Models.

Simulation may be used as part of these verification activities, in which case the text in the following section also applies –

• Simulation of Executable Design Models.

23.2.6.4

Verification of a Conventional ED-12B / DO-178B Design (in Type 3b).

If a conventional ED-12B / DO-178B software design is produced, then that software design should be shown to comply with the Specification Model by conducting the review and analysis activities described in ED-12B / DO-178B paragraphs 6.3.2 and 6.3.3 so as to comply with the objectives of Table A-4.

23.2.6.5

Verification of the Executable Object Code.

The Executable Object Code (EOC) should be shown to comply with the objectives in ED-12B / DO-178B Table A-6. This includes compliance with the Specification Model (which takes the place of the software high-level requirements in Table A-6). For Type 3a, this also includes compliance with the requirements contained within the Design Model (which take the place of the software low-level requirements in Table A-6). For Type 3b, this also includes compliance with the software low-level requirements within the conventional DO-178B software design.

Requirement-based test cases and procedures to be executed against the EOC should cover normal range and robustness values, the equivalence classes of the input data and any potential singularities.

In all cases, the ED-12B / DO-178B Hardware / Software Integration testing as described in ED-12B / DO-178B paragraph 6.4.3 a. should be conducted with the ED-12B / DO-178B Executable Object Code loaded onto the target processor in the target environment.

23.2.6.6

Other Applicable Activities.

The other general activities and objectives that are applicable to this life-cycle are shown below in the section dealing with General Principles and Activities.

These include –

• Traceability and Granularity of Requirements / Design Elements.

• Derived Requirements / Elements.

• Non-Functional Requirements

• Requirement Coverage Analysis.

• Verification that Source Code Complies with Requirements and Standards.

• Structural Coverage of Source / Object Code.

• Qualification of Auto-coding Tools.

• Compliance with Standards.

• Independence.

23.2.6.7

System Requirement Verification.

Once the testing of the software and airborne electronic hardware components of a system has been completed, the complete set of system level requirements need to be verified to the degree required by section 8 of ED-79 / ARP4754 (or section 5.5 of ED-79A / ARP4574A) for the DAL/FDAL of the system. The verification methods and activities to be used for system level verification should be described in the System Verification Plan and conducted in accordance with that plan. The results should be recorded in the System Verification Data.