An ever-increasing reliance on software control has meant that many companies from non-aerospace business sectors (automotive, nuclear power, MRI scanners, financial systems) that do not have a traditional requirement for sophisticated software development processes now find themselves compelled to undertake safety-critical and safety-related analysis and testing. With the need for increased software quality across different industries, a tendency has emerged for companies to look outside their own market sector for best practice approaches, techniques or standards. Examples of such industry crossover have been seen in the automotive and avionics industries with the adoption of elements of the DO-178B standard by the former and a similar adoption of the Motor Industry Software Reliability Association (MISRA) standards by the latter.

In adopting out-of-sector quality and testing standards, new and unfamiliar development and testing techniques need to be implemented, such as:

• conformance to a set of coding standards, such as MISRA-C or Joint Strike Fighter Air Vehicle Coding Standards (JSF++ AV), along with an automated checking tool;
• formal unit testing along with informal debugging to demonstrate that requirements are satisfied as they are incrementally implemented;
• code coverage that validates the effectiveness of testing and isolates non-executable code;
• code coverage reports that trace all aspects of each line of source code for safety-critical components.

Let’s look at each technique in detail to understand the specific challenges involved and learn ways to overcome them.

Coding Standards

Software in airborne systems and equipment in the early 1980s resulted in a need for industry-accepted guidelines for satisfying airworthiness requirements. DO-178, “Software Considerations in Airborne Systems and Equipment Certification,” in its revised version — DO-178B — became the defining standard for aerospace systems and software.

DO-178B is primarily a process-oriented document in which objectives are defined and a means of satisfying these objectives is described. Failure conditions associated with the system and its software components undergo system safety assessment according to the famous A-E categories, which determine the level of effort required to show compliance with certification requirements.

Similarly, in 1998 MISRA published their C standard to promote the use of “safe C” in the UK automotive industry. MISRA promotes the safest possible use of the language by encouraging good programming practice, focusing on coding rules, complexity measurement and code coverage, and ensuring well designed and tested code.