UAV’s: Applying DO-178C & Costs versus Benefits
In the “Good Old Days”, the avionics guideline DO-178B was only informally applied to unmanned systems. But first, let’s clarify: n technology, the “Good Old Days” means 10-20 years ago. In the world of unmanned systems, “Good Old Days” means 5-10 years ago. However, the Good Old Days were rarely as good as they seemed, so the Good Old Days of Unmanned Systems had disadvantages along with those seeming advantages …
DO-178B has been replaced with DO-178C, and is now increasingly applied to (and in a growing number of cases, required for) airborne avionics within Unmanned Systems. DO-178C is never cheap, certainly not on the first project. And in clear cases outlined herein, DO-178C can increase costs above DO-178B, which already increased initial avionics development costs by 20-40% itself. But is DO-178C really “too” expensive? Doesn’t it actually reduce costs over DO-178B for companies who were doing it “right”? Does DO-178C have favorable benefits versus costs over the lifetime of Unmanned Systems? Does DO-178C reduce long-term unmanned costs at the expense of increased development cost? Will DO-178C improve UAV safety and reliability and if so, to what degree? Exactly what benefits are received from complying with DO-178C? These important questions are answered in this AFuzion paper.
Another UAV certification myth is that the most significant software cost escalation occurs when moving from DO-178 Level B criticality to Level A. Untrue, but for an interesting reason. The singular largest difference between a Level A system and the Level B system is the 100x greater reliability required by the Level A system per ARP-4761A. However, that 100x reliability must come primarily from the system/hardware architecture and not the software. How? Added redundancy: the only way to meet DO-178C’s Level A reliability is via increased hardware/system redundancy which of course greatly increases total UAV cost. So yes, the hardware cost (and DO-254) for UAV’s increases for DAL A over DAL B; however, the DO-178C UAV software cost difference, the subject herein, between Level A and Level B software is quite minor as seen in the figure below (this is from AFuzion’s work on 20+ UAV DO-178C projects over the past decade).
|Level E Cost
|Level D Cost
|Level C Cost
|Level B Cost
|Level A Cost
The cost differential within DO-178C for UAV’s is the most significant between Level D and Level C. Why? Level C requires the following key objectives which Level D does not and which results in Level C requiring 35% more effort than Level D:
- Testing of low-level software requirements
- Ensuring 100% coverage of all source code statements
- Assessment of requirements, design, and code to standards
- Greater rigor placed upon reviews
- In many cases more rigorous configuration management
Level B requires additional structural coverage (decision-condition, e.g. all branches in the source code), additional independence in reviews, and tighter configuration management. At first glance, it would seem that Level B should be significantly more expensive, e.g. 50% – 70%, than Level C. In theory, it seems to make sense, but as in many areas of life, common sense overcomes theory. In Level B (and C) there must be detailed, low-level software requirements and they must be thoroughly tested. Remember, DO-178C requires detailed low-level requirement verification beginning with Level C and those low level requirements will cover the vast majority of software logic decisions. During requirements-based testing, most (80-90%+) of the branches in the source code are already covered and hence require no additional structural coverage testing if test capture and coverage tools are appropriately used during that functional testing. Therefore, the seemingly significant cost increase associated with Level B versus C structural coverage is already mitigated by DO-178C’s greatly enhanced requirements-based testing. Also, quality software engineering organizations already incorporate a semi-automated and streamlined process which includes independent reviews and tight configuration management; ergo the added cost of those aspects for Level B is largely mollified. The reader is well-advised to undergo upfront DO-178 Training and DO-178 Process Improvement for UAV’s to leverage these cost reduction techniques.