RTCA DO-178C 机载系统和设备认证中的软件注意事项-介绍（一）

RTCA, Inc.

1150 18th Street, NW, Suite 910

Washington, DC 20036-3816 USA

Software Considerations in Airborne Systems

and Equipment Certification

机载系统和设备认证中的软件注意事项

RTCA DO-178C	Prepared by: SC-205
December 13, 2011

Copies of this document may be obtained from

RTCA, Inc.

Telephone: 202-833-9339

Facsimile: 202-833-9434

Internet: www.rtca.org

Please visit the RTCA Online Store for document pricing and ordering information.

前言

FOREWORD

本报告由RTCA第205特别委员会(SC-205)和SEUROCAE第71工作组(WG-71)编写，并于2011年12月13日获得RTCA计划管理委员会(PMC)批准。

This report was prepared by RTCA Special Committee 205 (SC-205) and EUROCAE Working Group 71(WG-71) and approved by the RTCA Program Management Committee (PMC) on December 13, 2011.

RTCA, Incorporated 是一家非营利性公司，其成立目的是为了推进航空和航空电子系统的艺术和科学，造福公众。 该组织充当联邦咨询委员会，就当代航空问题制定基于共识的建议。 RTCA 的目标包括但不限于：

RTCA, Incorporated is a not-for-profit corporation formed to advance the art and science of aviation and aviation electronic systems for the benefit of the public. The organization functions as a Federal Advisory Committee and develops consensus-based recommendations on contemporary aviation issues. RTCA’s objectives include but are not limited to:

• 合并航空系统用户和提供商的技术要求，以帮助政府和行业实现其共同目标和责任；

• coalescing aviation system user and provider technical requirements in a manner that helps government and industry meet their mutual objectives and responsibilities;

•分析航空业在不断追求提高安全性、系统容量和效率时所面临的系统技术问题并提出解决方案；

• analyzing and recommending solutions to the system technical issues that aviation faces as it continues to pursue increased safety, system capacity, and efficiency;

•就应用相关技术以满足用户和提供商的要求达成共识，包括制定支持航空的电子系统和设备的最低运行性能标准； 和

• developing consensus on the application of pertinent technology to fulfill user and provider requirements, including development of minimum operational performance standards for electronic systems and equipment that support aviation; and

•协助制定适当的技术材料，作为国际民用航空组织、国际电信联盟和其他适当国际组织立场的基础。

• assisting in developing the appropriate technical material upon which positions for the International Civil Aviation Organization and the International Telecommunication Union and other appropriate international organizations can be based.

该组织的建议经常被用作政府和私营部门决策的基础以及许多联邦航空管理局技术标准命令的基础。

The organization’s recommendations are often used as the basis for government and private sector decisions as well as the foundation for many Federal Aviation Administration Technical Standard Orders.

由于 RTCA 不是美国政府的官方机构，因此其建议不得被视为官方政府政策声明，除非对建议所涉及的任何事项具有法定管辖权的美国政府组织或机构如此阐明。

Since the RTCA is not an official agency of the United States Government, its recommendations may not be regarded as statements of official government policy unless so enunciated by the U.S. government organization or agency having statutory jurisdiction over any matters to which the recommendations relate.

Illustration provided by Pat Neilan, UK CAA

CONSENSUS n. Collective opinion or concord; general agreement or accord. [Latin, from consentire, to agree]

1.0 介绍 INTRODUCTION

20 世纪 80 年代初期，机载系统以及飞机和发动机设备中软件的使用迅速增加，因此需要业界认可的指南来满足适航要求。 DO-178“机载系统和设备认证中的软件注意事项”就是为了满足这一需求而编写的。

The rapid increase in the use of software in airborne systems and equipment used on aircraft and engines in the early 1980s resulted in a need for industry-accepted guidance for satisfying airworthiness requirements. DO-178, "Software Considerations in Airborne Systems and Equipment Certification", was written to satisfy this need.

该文件现已根据经验进行修订，为航空界提供指导，以一致的方式和可接受的置信水平确定机载系统和设备的软件方面是否符合适航要求。 随着软件使用的增加、技术的发展以及本文档应用中经验的积累，本文档将被审查和修订。 附录 A 提供了本文件的背景。

This document, now revised in the light of experience, provides the aviation community with guidance for determining, in a consistent manner and with an acceptable level of confidence, that the software aspects of airborne systems and equipment comply with airworthiness requirements. As software use increases, technology evolves, and experience is gained in the application of this document, this document will be reviewed and revised. Appendix A provides the background of this document.

1.1 目的 Purpose

本文件的目的是为机载系统和设备的软件制作提供指导，这些系统和设备以符合适航要求的安全信心水平执行其预期功能。 该指南包括：

The purpose of this document is to provide guidance for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements. This guidance includes:

• 软件生命周期过程的目标。Objectives for software life cycle processes.

• 提供实现这些目标的手段的活动。 Activities that provide a means for satisfying those objectives.

•以软件生命周期数据的形式对证据进行描述，表明目标已得到满足。 Descriptions of the evidence in the form of software life cycle data that indicate that the objectives have been satisfied.

•不同软件级别的目标、独立性、软件生命周期数据和控制类别的变化。 Variations in the objectives, independence, software life cycle data, and control categories by software level.

•适用于某些应用程序的其他注意事项（例如，以前开发的软件）。 Additional considerations (for example, previously developed software) that are applicable to certain applications.

•术语表中提供的术语定义。Definition of terms provided in the glossary.

除了指导之外，还提供支持信息来帮助读者理解。

In addition to guidance, supporting information is provided to assist the reader’s understanding.

1.2 范围 Scope

本文件讨论了与飞机、发动机、螺旋桨以及按地区的辅助动力装置使用的机载系统和设备的软件生产相关的认证方面。 在讨论这些方面时，描述了系统生命周期及其与软件生命周期的关系，以帮助理解认证过程。 系统生命周期过程的完整描述，包括系统安全评估和验证过程，或认证过程不是目的。

This document discusses those aspects of certification that pertain to the production of software for airborne systems and equipment used on aircraft, engines, propellers and, by region, auxiliary power units. In discussing those aspects, the system life cycle and its relationship with the software life cycle is described to aid in the understanding of the certification process. A complete description of the system life cycle processes, including the system safety assessment and validation processes, or the certification process is not intended.

本文件中包含的指南并不定义或暗示认证机构在认证过程中的参与程度。 要了解认证机构的参与情况，申请人应参阅相关认证机构发布的适用法规和指导材料。

The guidance contained in this document does not define or imply the level of involvement of a certification authority in a certification process. To understand certification authority involvement, the applicant should refer to applicable regulations and guidance material issued by the relevant certification authority.

由于仅讨论与软件生命周期相关的认证问题，因此未讨论最终软件的操作方面。 例如，用户可修改数据的认证方面超出了本文档的范围。

Since certification issues are discussed only in relation to the software life cycle, the operational aspects of the resulting software are not discussed. For example, the certification aspects of user-modifiable data are beyond the scope of this document.

本文档并不尝试定义固件。 固件应分类为硬件或软件，并通过适用的流程进行处理。 本文档假设在系统定义期间，功能已分配给软件或硬件。 存在其他文档，为分配给硬件实现的功能的开发保证提供指导。 本文档提供了分配给软件的功能的指导。

This document does not attempt to define firmware. Firmware should be classified as hardware or software and addressed by the applicable processes. This document assumes that during the system definition, functions have been allocated to either software or hardware. Other documents exist that provide guidance for development assurance for functions that are allocated to implementation in hardware. This document provides guidance for functions that are allocated to software.

注意：这允许在指定系统和分配功能时确定有效的实施方法和开发保证。 在进行分配时，各方都应同意该系统决策。

Note:  This allows an efficient method of implementation and development assurance to be determined at the time the system is specified and functions allocated. All parties should agree with this system decision at the time the allocation is made.

有关申请人组织结构、申请人与其供应商之间的商业关系以及人员资格标准的事项不属于本文件的范围。

Matters concerning the structure of the applicant’s organization, the commercial relationships between the applicant and its suppliers, and personnel qualification criteria are beyond the scope of this document.

1.3 与其他文件的关系 Relationship to Other Documents

除了适航要求外，还提供各种国家和国际软件标准。 在某些社区，可能需要遵守这些标准。 然而，引用特定的国家或国际标准，或提出将这些标准用作本文件的替代或补充的方法，不属于本文件的范围。

In addition to the airworthiness requirements, various national and international standards for software are available. In some communities, compliance with these standards may be required. However, it is outside the scope of this document to invoke specific national or international standards, or to propose a means by which these standards might be used as an alternative or in addition to this document.

人们认识到，项目可能有义务通过合同或其他方式遵守发动机或飞机制造商等所采用的附加标准。 此类标准可以源自制造商为其活动制定或采用的通用标准。 此类标准应在规划过程中予以考虑，并在应用供应商监督时酌情予以考虑。

It is recognized that projects may be obliged, through contract or other means, to comply with additional standards as applied by, for example, the engine or aircraft manufacturer. Such standards may be derived from general standards produced or adopted by the manufacturer for its activities. Such standards should be considered by the planning process and considered, as appropriate, when applying supplier oversight.

1.4 如何使用本文档 How to Use This Document

使用本文档时应注意以下几点：The following points should be noted when using this document:

a. 本文件旨在供国际航空界使用。 为了帮助这种使用，尽量减少对特定国家法规和程序的引用。 相反，使用通用术语。 例如，术语“认证机构”用于表示代表负责产品（例如飞机、发动机）认证的国家授予批准的组织或个人。 如果第二个国家或国家集团验证或参与本认证，则可以在适当承认所涉国家之间的双边协议或谅解备忘录的情况下使用本文件。

  This document is intended to be used by the international aviation community. To aid such use, references to specific national regulations and procedures are minimized. Instead, generic terms are used. For example, the term "certification authority" is used to denote the organization or person granting approval on behalf of the country responsible for certification of the product (for example, an aircraft, engine). Where a second country or group of countries validates or participates in this certification, this document may be used with due recognition given to bilateral agreements or memoranda of understanding between the countries involved.

b. 本文件承认此处的指导并非法律强制规定，而是代表了航空界的共识。 还认识到申请人可以使用本文描述的方法的替代方法。 由于这些原因，避免使用“应该”和“必须”等词语。

 This document recognizes that the guidance herein is not mandated by law, but represents a consensus of the aviation community. It also recognizes that alternative methods to the methods described herein may be available to the applicant. For these reasons, the use of words such as "shall" and "must" is avoided.

c. 如果申请人采用本文件作为合规手段，则申请人应满足所有适用的目标。 本文件应适用于参与此处描述的任何软件生命周期过程或这些过程的输出的申请人及其任何供应商。 申请人有责任对其所有供应商进行监督。

 If an applicant adopts this document as a means of compliance, the applicant should satisfy all applicable objectives. This document should apply to the applicant and any of its suppliers, who are involved with any of the software life cycle processes or the outputs of those processes described herein. The applicant is responsible for oversight of all of its suppliers.

d. 申请人应计划一系列满足目标的活动。 本文件描述了实现这些目标的活动。 申请人可以计划并在认证机构批准的情况下采取本文件中描述的替代活动。 申请人还可以计划和开展被认为必要的其他活动。

The applicant should plan a set of activities that satisfy the objectives. This document describes activities for achieving those objectives. The applicant may plan and, subject to the approval of the certification authority, adopt alternative activities to those described in this document. The applicant may also plan and conduct additional activities that are determined to be necessary.

e. 申请人应在其软件计划和标准中考虑任何其他考虑因素。

 The applicant should address any additional considerations in its software plans and standards.

f. 申请人应执行计划的活动并提供第 11 节中所示的证据以证明目标已实现。

 The applicant should perform the planned activities and provide evidence as indicated in section 11 to substantiate that the objectives have been satisfied.

g. 包含解释性文字以帮助读者理解所讨论的主题。 例如，第 2 节提供了理解系统生命周期和软件生命周期之间的交互所需的信息。 同样，第 2 节提供了软件生命周期的描述，第 10 节提供了认证过程的概述。

 Explanatory text is included to aid the reader in understanding the topic under discussion. For example, section 2 provides information necessary to understand the interaction between the system life cycle and software life cycle. Similarly, section 2 provides a description of the software life cycle and section 10 an overview of the certification process.

h. 第 11 节包含通常为帮助认证过程的软件方面而生成的数据。 数据的名称在文本中通过名称中每个单词的第一个字母大写来表示（例如，源代码）。

 Section 11 contains the data generally produced to aid the software aspects of the certification process. The names of the data are denoted in the text by capitalization of the first letter of each word in the name (for example, Source Code).

i. 第 12 节讨论了其他注意事项，包括使用先前开发的软件、工具鉴定以及使用第 2 节至第 11 节中描述的替代方法的指南。第 12 节可能并不适用于每个项目。

 Section 12 discusses additional considerations including guidance for the use of previously developed software, tool qualification, and the use of alternative methods to those described in sections 2 through 11. Section 12 may not apply to every project.

j. 附件 A 规定了每个软件级别的目标、活动和软件生命周期数据的适用性以及每个软件级别的独立性和控制类别的变化。 为了充分理解该指南，应考虑本文件的全文。

 Annex A specifies the applicability of the objectives, activities, and software life cycle data for each software level as well as the variation in the independence and control categories for each software level. In order to fully understand the guidance, the full body of this document should be considered.

k. 如果使用示例来表明如何应用指南（无论是图形还是通过叙述），这些示例不应被解释为首选方法。 在这些情况下，示例被视为支持信息。

 In cases where examples are used to indicate how the guidance might be applied, either graphically or through narrative, the examples are not to be interpreted as the preferred method. In these cases, the examples are considered supporting information.

l. 项目列表并不意味着该列表包含所有信息。

 A list of items does not imply the list is all-inclusive.

m. 本文档中的注释是支持信息，用于提供解释性材料、强调要点或引起对不完全在上下文中的相关项目的注意。

 Notes in this document are supporting information used to provide explanatory material, emphasize a point, or draw attention to related items which are not entirely within context.

n. 本文档中的主要部分均编号为 X.0。 应当注意的是，对整个部分的引用被标识为“X 部分”； 而对节标题 X.0 和 X.1 之间的内容的引用被引用为“节 X.0”。

 Major sections are numbered as X.0 throughout this document. It should be noted that references to an entire section are identified as “section X”; whereas, references to the content between section headers X.0 and X.1 are referenced as “section X.0”.

o. 本文档存在一个或多个补充，并将本文档中的指导扩展到特定技术。 补充材料与本文件一起使用，并且可以相互结合使用。 除非使用替代方案（参见 1.4.i），否则如果特定技术存在补充，则应使用该补充来添加、删除或以其他方式修改本文档中的目标、活动、解释性文本和软件生命周期数据，以解决 该技术在每个补充中都有适当的定义。 申请人有责任确保补充剂的使用被适当的认证机构所接受。 作为软件规划过程的一部分，申请人应审查所有潜在相关的补充并确定将使用的补充。 补充材料中的信息应与本文件一起使用，并以与本文件相同的方式使用。 每个补充文件的附录 A 明确了如何相对于该补充文件所涉及的具体技术来修订本文件的目标。

 One or more supplements to this document exist and extend the guidance in this document to a specific technique. Supplements are used in conjunction with this document and may be used in conjunction with one another. Unless alternatives are used (see 1.4.i), if a supplement exists for a specific technique, the supplement should be used to add, delete, or otherwise modify objectives, activities, explanatory text, and software life cycle data in this document to address that technique, as defined appropriately in each supplement. It is the responsibility of the applicant to ensure that the supplement’s use is acceptable to the appropriate certification authority. As part of the software planning process, the applicant should review all potentially relevant supplements and identify those that will be used. The information in supplements should be used with and in the same way as this document. Annex A of each supplement identifies how the objectives of this document are revised relative to the specific technique addressed by the supplement.

p. 当通过执行所有计划的活动并捕获相关证据来满足所有适用的目标时，即达到合规性。

 Compliance is achieved when all applicable objectives have been satisfied by performing all planned activities and capturing the related evidence.

1.5 文档概述 Document Overview

图 1-1 是本文档各部分及其相互关系的图示概述。

Figure 1-1 is a pictorial overview of this document’s sections and their relationship to each other.

图1-1 文档概览

Figure 1-1 Document Overview