Modeling a DO-178C Plan and Analyzing in a Semantic Model

For years, the certification of software has been achieved by following the approach laid out in various DO-178 revisions. The general approach starts with defining a plan that describes the process to follow and the artifacts to produce in the course of developing and verifying the software. This plan must document how each of the objectives described in DO-178 will be addressed. This plan is then reviewed and agreed to with the Certifying Authority. Certification is then granted based on judgement on compliance: how well did the resulting artifacts demonstrate that the software development and verification plan was followed. Traditionally this plan is made up of a series of textual documents. In a document-based approach, it is difficult to see how changes in various process steps impact other steps. Review of adherence to this plan is primarily a manual task—while certain checks can be automated, a human is still required to interpret the plan to identify those checks. Documents are not easy for an average user to reference on a daily basis—you often have to read the whole document(s) to get the appropriate context. And finally, because certification is the target, documents are often organized to aid the auditor and not optimized for use by an average engineer. In this paper, we show how system modeling can be used in a novel way—to model a development process in addition to the product that is being developed. We demonstrate a SysML model focused on the Software Development Process, part of a software certification plan, and show its traceability to DO-178C objectives. We further demonstrate how the process modeled in SysML can be translated into a semantic model to analyze adherence to a plan, for example, making sure that source code is generated after the requirements review. The modeling approach described in this paper is different from that addressed by DO-331, which provides guidance on usage of model-based development tools in airborne software. Rather, the model introduced in this paper is that of the certification plan itself.