Implementation details in code versus DO-178
This article discusses the degree of freedom in implementation of code versus low level requirements, for compliance with DO-178, and for DALs A, B, C. Some people are talking about “implementation details” but they often have difficulties to know what is behind this wording and what is DO-178 compliant or not. This article does not address the complete flow of declination from high level requirements to architecture and low-level, but has the unique objective to discuss what the “implementation details” at code level means.
A specific training addresses the complete flow of declination from high level requirements to architecture and low-level requirements. This white paper does not address this aspect but has the unique objective to discuss what the “implementation details” at code level is.
Another article will discuss the usage of pseudo-code as LLRs.
Example with LLR: Inputs for code (LLR and Hw/Sw interface document)
- LLR: "If input I1 is < 100 LSBs or > 500 LSBs, an error shall be sent to …" (traced to HLR: If input i1 is < 1VDC or >5VDC, an error shall be sent to …).
- Extract from Hw/Sw interface document: Input I1 is red from ADC, at address XXX. Possible value is between 0 and 1024 LSBs. 1 LSB = 10mVDC.
Code versus LLR: examples of code matching the DO-178
Here below are 3 different examples of code matching the DO-178:
In the 3 examples above, there are 3 different ways (Code 1, Code 2 and Code 3) to code the LLR: this is acceptable degree of freedom if doing what, and only what, is requested in the LLRs.
Code versus LLR: example of code which doesn't match the DO-178
Here below an example of code which is not matching the DO-178:
Author: Luc Pelle - System Design Assurance & Certification Manager, PMV Consulting & Services