Skip to main content
SpringerLink
Log in

Certification of software for real-time safety-critical systems: state of the art

  • Original Paper
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software, and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B “Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. RTCA DO-178B, EUROCAE ED-12B (1992) Software considerations in airborne systems and equipment certification, RTCA Inc., Washington, DC

  2. RTCA DO-254, EUROCAE ED-80 (2000) Design assurance guidance for airborne electronic hardware, RTCA Inc., Washington, DC

  3. Kesseler E (2004) Integrating air transport elicits the need to harmonise software certification while maintaining safety and achieving security, Report NLR-TP-2004-255. Aerosp Sci Technol J 8(4): 347–358

    Article  Google Scholar 

  4. CAP 670 Air Traffic Services Safety Requirements (2007) Part B, Section 3, Systems engineering. SW 01 regulatory objectives for software safety assurance in ATS equipment, Safety Regulation Group, Civil Aviation Authority, Norwich, UK

  5. NATO (2005) Validation, verification and certification of embedded systems, Report TR-IST-027, NATO RTO Task Group IST-027/RTG-009

  6. RTCA DO-278 (2002) Guidelines For communication, navigation, surveillance, and air traffic management (Cns/Atm) systems software integrity assurance, RTCA Inc., Washington, DC

  7. NASA (2004) NASA-STD-8739.8 w/Change 1, Software assurance standard, National aeronautics and space administration, Washington, DC

  8. IEEE (1992) IEEE Std 610.12 standard glossary of software engineering terminology. IEEE, Washington, DC

  9. NASA (2004) NASA-STD-8719.13B w/Change 1, Software safety standard, National aeronautics and space administration, Washington, DC

  10. NASA (2004) NASA software safety guidebook, NASA-GB-1740.13. National aeronautics and space administration, Washington, DC

  11. Nelson S (2003) Certification processes for safety-critical and mission-critical aerospace software, Report NASA/CR-2003-212806, Ames Research Center, Moffet Field

  12. Reifer DJ (1978) Airborne systems software acquisition engineering guidebook for verification, validation and certification, Technical Report ASD-TR-79-5028, TRW Defense and Space Systems, Redondo Beach

  13. U.S. Department of Defense (2005) MIL-HDBK-516B, Department of Defense Handbook: Airworthiness Certification Criteria

  14. U.S. Department of Defense (2000) MIL-STD-882D, standard practice for system safety

  15. Joint Services Computer Resource Management Group (1999) Software system safety handbook: a technical and managerial approach

  16. UK Ministry of Defence (2007) Def Stan 00-56 issue 4. Safety management requirements for defence systems

  17. Australian Ministry of Defence (1998) DEF(AUST) 5679, the procurement of computer-based safety critical systems, Australian Defence Standard, Army Engineering Agency

  18. Cant T, Mahony B, Atchison B (2005) Revision of Australian defence standard DEF(AUST) 5679. In: Proceedings of 10th Australian workshop on safety-critical systems and software, Sydney, August 25–26, pp 85–94

  19. Swedish Armed Forces (2005) M7762-000621-7 handbook for software in safety-critical applications

  20. Romanski G (2002) Certification of an operating system as a Reusable Component. In: Proceedings of DASC’02, 21st digital avionics systems conference, Irvine, October 27–21, pp 5.D.3–5.D.1/9

  21. Fachet R (2004) Re-use of software components in the IEC-61508 certification process. In: Proceedings of IEE COTS & SOUP seminar, London, October 21, pp 8/1–17

  22. Parkinson P, Kinnan L (2007) Safety-critical software development for integrated modular avionics, White Paper, Wind River Systems, Alameda

  23. International Electrotechnical Commission (1998) IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems, Parts 1–9. Geneva

  24. Rose G (2003) Safety critical software, CompactPCI Systems, April 2003

  25. Kleidermacher D, Griglock M (2001) Safety-critical operating systems. Embedded Syst Program 14(10): 22–36

    Google Scholar 

  26. Kleidermacher D (2004) Operating systems: shouldering the security and safety burden, RTC Magazine, September 2004

  27. Locke CD (2003) Safety-critical software certification: open source operating systems less suitable than proprietary? COTS J 5(9): 54–59

    Google Scholar 

  28. Moraes R et al (2007) Component-based software certification based on experimental risk assessment. In: Proceedings of LADC 2007, 3rd Latin-American symposium on dependable computing, Morelia, Mexico, September 26–28, pp 179–197

  29. Maxey B (2003) COTS integration in safety critical systems using RTCA/DO-178B guidelines. In: Proceedings of ICCBSS 2003, 2nd international conference on COTS-based software systems, Ottawa, ON, February 10–13, pp 134–142

  30. Labrosse JJ (1993) MicroC/OS-II: the real-time kernel. R&D Books, Lawrence

    Google Scholar 

  31. Romanski G (2001) The challenges of software certification. CrossTalk J Def Softw Eng 14(9): 15–18

    Google Scholar 

  32. Medoff M (2007) Using certified operating systems effectively in safety critical embedded designs. Embed Syst Des. http://www.ghs.com/articles/GHS_certified_safety_critical_3_27_07.pdf

  33. Halang W, Zalewski J (2003) Programming languages for use in safety related applications. Ann Rev Control 27: 39–45

    Article  Google Scholar 

  34. Goodenough JB (1980) The Ada compiler validation capability. ACM SIGPLAN Notices 15(11): 1–8

    Article  Google Scholar 

  35. Santhanam V (2003) The anatomy of an FAA-qualifiable Ada subset compiler. Ada Lett 23(1):40–43 (Proceedings of SIGAda’02, Houston, Texas, December 8–12, 2002)

    Google Scholar 

  36. Comar C, Dewar R, Dismukes G (2006) Certification & object orientation: the new Ada answer. In: Proceedings of ERTS 2006, 3rd embedded real-time systems conference, Toulouse, France, January 25–27

  37. Brosgol BM (2006) Ada 2005: a language for high-integrity applications. CrossTalk J Def Syst 19(8): 8–11

    Google Scholar 

  38. Amey P, Chapman R, White N (2005) Smart certification of mixed criticality systems. In: Proceedings of Ada-Europe 2005, 10th international conference on reliable software technologies, York, UK, June 20–24, pp 144–155

  39. Hatton L (2004) Safer language subsets: an overview and case history—MISRA C. Inform Softw Technol 46(7): 465–472

    Article  Google Scholar 

  40. Hatton L (2007) Language subsetting in an industrial context: a comparison of MISRA C 1998 and MISRA C 2004. Inform Sci Technol 49(5): 475–482

    Article  Google Scholar 

  41. Lindner A (1998) ANSI-C in safety critical applications: lessons learned from software evaluation. In: Proceedings of SAFECOMP’98, 17th international conference on computer safety, reliability and security, Heidelberg, Germany, October 5–7, pp 209–217

  42. Subbiah S, Nagaraj S (2003) Issues with object orientation in verifying safety-critical systems. In: Proceedings of ISORC’03, 6th international IEEE symposium on object-oriented real-time distributed computing, Hakodate, Hokkaido, Japan, May 14–16

  43. Berlejung H, Baron W (1996) Aspects of the development of safety-critical real-time software with the C programming language, Softwaretechnik-Trends, Band 16, Heft 4, ss 21–25

  44. Romanski G, Chelini J (1997) A response to the use of C in safety-critical systems, Softwaretechnik-Trends, Band 17, Heft 1, ss 38–43

  45. Parkinson P, Gasperoni F (2002), High-integrity systems development for integrated modular avionics Using VxWorks and GNAT. In: Proceedings of the 7th Ada-Europe international conference on reliable software technologies Vienna, Austria, June 17–21, pp 163–178

  46. Nilsen K (2006) Leveraging Java to achieve component reusability in safety-critical systems. COTS J 8(4): 43–50

    Google Scholar 

  47. Nilsen K, Larkham A (2005) Applying Java technologies to mission-critical and safety-critical development. In: Proceedings of 13th safety-critical systems symposium, Southampton, UK, February 8–10, pp 211–223

  48. Bollella G et al (2000) The real-time specification for Java. Addison-Wesley, Reading

    Google Scholar 

  49. Schoeberl M et al (2007) A profile for safety critical Java. In: Proceedings of ISORC 2007, 10th IEEE international symposium on object/component/service-oriented real-time distributed computing, Santorini Island, Greece, May 7–9

  50. Kwon J, Wellings A, King S (2002) Ravenscar-Java: a high integrity profile for real-time Java. Concurrency Comput Pract Experience 17(5–6): 681–713

    Google Scholar 

  51. Dautelle JM (2005) Validating Java for safety-critical applications. In: Proceedings of AIAA space 2005 conference, Long Beach, 30 August–1 September

  52. Hu EYS et al (2006) Safety critical applications and hard real-time profile for Java: a case study in avionics. In: Proceedings of JTRES’06, 4th workshop on Java technologies for real-time and embedded systems, Paris, October 11–13, pp 125–134

  53. Armbruster A et al (2007) A real-time Java virtual machine with applications in avionics. ACM Trans Embed Comput Syst 7(1): 5:1–5:49

    Article  Google Scholar 

  54. Brosgol BM, Wellings A (2006) A comparison of Ada and real-time Java for safety-critical applications. In: Proceedings of Ada-Europe 2006, 11th international conference on reliable software technologies, Porto, Portugal, June 5–9, pp 13–26

  55. Kornecki A, Brixius N, Zalewski J (2007) Assessment of software development tools for safety-critical real-time systems, Technical Report DOT/FAA/AR-06/36, Federal Aviation Administration, Washington, DC

  56. Kornecki A, Zalewski J (2005) Experimental evaluation of software development tools for safety-critical real-time systems. Innov Syst Softw Eng NASA J 1(2): 176–188

    Article  Google Scholar 

  57. Kornecki A, Zalewski J (2006) The qualification of software development tools from the DO-178B certification perspective. CrossTalk J Def Softw Eng 19(4): 19–23

    Google Scholar 

  58. Santhanam V et al (2007) Software verification tools assessment study, Technical Report DOT/FAA/AR-06/54, Federal Aviation Administration, Washington, DC

  59. Zalewski J, Kornecki A, Pfister H (2006) Numerical assess- ment of software development tools in real-time safety-critical systems using Bayesian belief networks. In: Proceedings of IMCSIT’06 international multiconference on computer science and information technology, Wisla, Poland, November 6–10, pp 433–442

  60. Dewar R, Brosgol B (2006) Using static analysis tools for safety certification, VMEbus Systems, pp 28–30, April 2006

  61. Dewar RBK (2006) Safety critical design for secure systems, EE Times-India, July 2006

  62. Anderson P (2008) Detecting bugs in safety-critical code. Dr Dobb’s J 406: 22–27

    Google Scholar 

  63. Gasperoni F (2008) Code coverage: free software and virtualization to the rescue. Boards Syst April:32–35

  64. Santhanam U (2001) Automating software module testing for FAA certification. Ada Lett 21(4):31–37 (Proceedings of SIGAda’01, Bloomington, MN, September 30–October 4, 2001)

    Google Scholar 

  65. Fey I, Stürmer I (2008) Code generation for safety-critical systems—open questions and possible solutions. In: Proceedings of the SAE World congress, Detroit, April 14–17, Paper No. 2008-01-0385

  66. Intermational Organization for Standardization (2007) IEC 26262 road vehicles—functional safety. Baseline 10

  67. Conrad M (2007) Using simulink and real-time workshop embedded coder for safety-critical automotive applications. In: Proceedings of MBEES’07 Workshop on Modellbasierte Entwicklung Eingebetteter Systeme III, Dagstuhl, Germany, January 15–18, pp 41–50; an updated version (for IEC 61508 Applications) appears at: http://www.safetyusersgroup.com/

  68. Erkkinen T (2004) Production code generation for safety-critical systems. In: Proceedings of the SAE World Congress, Detroit, March 8–11, Paper No. 2004-01-1780

  69. Potter B (2008) Model-based design for DO-178B. MATLAB Dig 17(3). http://www.mathworks.com/company/newsletters/digest/2008/may/DO-178B.html

  70. Bhatt D et al (2005) Model-based development and the implications to design assurance and certification. In: Proceedings of DASC’05, 24th digital avionics systems conference, Washington, DC, 30 October–3 November

  71. Stürmer I et al (2007) Systematic testing of model-based code generators. IEEE Trans Softw Eng 33(9): 622–634

    Article  Google Scholar 

  72. Sampath P et al (2008) Verification of model processing tools. In: Proceedings of the SAE World Congress, Detroit, April 14–17, Paper No. 2008-01-0124

  73. Jaw LC et al (2008) Model-based approach to validation and verification of flight critical software. In: Proceedings of NAECON’08, IEEE National aerospace and electronic conference, Fairborn, July 16–18

  74. Denney E, Trac S (2008) A software safety certification tool for automatically generated guidance, navigation and control code. In: Proceedings of NAECON’08, IEEE National aerospace and electronic conference, Fairborn, July 16–18

  75. Zoffmann G et al (2001) A classification scheme for software verification tools with regard to RTCA/DO-178B. In: Proceedings of SAFECOMP 2001, 20th international conference on computer safety, reliability and security, Budapest, Hungary, September 26–28, pp 166–175

  76. Bunyakiati P, Finkelstein A, Rosenblum D (2007) The certification of software tools with respect to software standards. In: Proceedings of 2007 IEEE international conference on information reuse and integration, Las Vegas, August 13–15, pp 724–729

  77. Souyris J, Delmas D (2007) Exterimental assessment of Astreé on safety-critical avionics software. In: Proceedings of SAFECOMP 2007, 26th international conference on computer safety, reliability and security, Nuremberg, Germany, September 18–21

  78. McCabe Software (2006) DO-178B and McCabe IQ, Warwick, RI

  79. Safety Critical Systems Club (2009) Tools directory, London, UK. http://www.scsc.org.uk/tools.html

  80. Aldec Corp. (2007) DO-254 hardware verification: prototyping with vectors mode. White Paper, Rev. 1.2, Henderson, Nevada

  81. Lange M (2008) Automated CDC verification protects complex electronic hardware from metastability issues. VME Critical Syst 26(3): 24–26

    Google Scholar 

  82. Lange M (2007) Assessing the ModelSim tool for use in DO-254 and ED-80 projects, White Paper, Mentor Graphics Corp., Wilsonville, May 2007

  83. Baghai T, Burgaud L (2006) Reqtify: product compliance with RTCA/DO-254 document, TNI-Valiosys, Caen, France, May 2006

  84. Dellacherie S, Burgaud L, di Crescenzo P (2003) Improve—HDL: a DO-254 formal property checker used for design and verification of avionics protocol controllers. In: Proceedings of DASC’03, 22nd digital avionics systems conference, Indianapolis, October 12–16, vol 1, pp 1.A.1–1.1-8

Download references

Author information

Authors and Affiliations

  1. Embry-Riddle Aeronautical University, 600 S. Clyde Morris Blvd, Daytona Beach, FL, 32114, USA

    Andrew Kornecki

  2. Florida Gulf Coast University, 10501 FGCU Blvd, Fort Myers, FL, 33965, USA

    Janusz Zalewski

Authors
  1. Andrew Kornecki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Janusz Zalewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Janusz Zalewski.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kornecki, A., Zalewski, J. Certification of software for real-time safety-critical systems: state of the art. Innovations Syst Softw Eng 5, 149–161 (2009). https://doi.org/10.1007/s11334-009-0088-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-009-0088-1

Keywords

Search

Navigation