Organizations / RTCA
RTCA
RTCA, Inc. / EUROCAE (DO-178C / ED-12C) · www.rtca.org/
RTCA (with EUROCAE) publishes DO-178C, the airborne-software certification standard used worldwide by aviation authorities. Its Annex A objectives — traceability, verification, coverage, configuration management, and certification liaison — are the basis for the pack below.
How the publications map to ponens policies
DO-178C assures airborne software by objectives, organised in Annex A tables A-1 to A-10 and scaled by Design Assurance Level (A–E). Its defining requirement is bidirectional traceability — system requirements → high-level requirements → low-level requirements → source code → tests — and ponens expresses that directly with its P_chain lineage operator over the software life-cycle record treated as a trace. Each traceability objective becomes a policy such as G(SourceCode → P_chain(LLR)), while process-ordering objectives (plans before development, PSAC agreed before development, reviews and structural coverage achieved) become temporal policies over the same trace.
Design Assurance Level maps to a policy's tier (A–D) and the 'with independence' objectives map to Amber escalations, so the pack scales the way DO-178C does. Running it with ponens trace check aggregates the per-objective verdicts to a Green / Amber / Red picture: a missing traceability link, an unverified requirement, an unbaselined configuration item, or an absent Accomplishment Summary is a Red certification gap; softer items such as problem-report closure or independence are Amber. The process-organisation objectives that are not evidenced per artifact (e.g. tool qualification under DO-330) sit outside this pack.
DO-178C Software Assurance
DO-178C's Annex A objectives — traceability, verification, structural coverage, configuration management, and certification liaison — as computable policies over the software life-cycle record.
Maps the RTCA DO-178C / EUROCAE ED-12C airborne-software objectives onto ponens policies. Bidirectional traceability (system → HLR → LLR → code → test) is expressed with ponens' P_chain lineage operator; planning, verification, coverage, configuration-management, quality-assurance and certification-liaison objectives become temporal policies. Design Assurance Level maps to each policy's tier (A–D).
Source: RTCA DO-178C / EUROCAE ED-12C — Software Considerations in Airborne Systems and Equipment Certification.
Planning (A-1) 2
plans_before_development error Plans Before Development
Software plans (PSAC, SDP, SVP, SCMP, SQAP) are established and approved before development of life-cycle data begins.
G((HLR ∨ LLR ∨ SourceCode) → P(plans_approved))standards_defined error Development Standards Defined
Software requirements, design, and coding standards are defined before the corresponding life-cycle data is produced.
G(SourceCode → P(standards_defined))Development & Traceability (A-2) 4
code_trace_to_llr error Code Trace to LLR
Source code is developed from, and traces to, the low-level requirements.
G(SourceCode → P_chain(LLR))derived_requirements_to_safety error Derived Requirements to Safety
Derived requirements (not traceable to a higher level) are provided to the system safety assessment process.
G(DerivedRequirement → P(safety_assessed))hlr_trace_to_system error HLR Trace to System Requirements
High-level requirements are developed from, and trace to, system requirements (bidirectional traceability).
G(HLR → P_chain(SystemRequirement))llr_trace_to_hlr error LLR Trace to HLR
Low-level requirements (software design) are developed from, and trace to, high-level requirements.
G(LLR → P_chain(HLR))Verification (A-3/4/5) 4
code_verified error Code Verified
Source code is verified (review/analysis) for compliance with the low-level requirements and coding standards.
G(SourceCode → reviewed ∨ analyzed)hlr_verified error HLR Verified
High-level requirements are verified for compliance, accuracy and consistency (review/analysis).
G(HLR → reviewed ∧ requirements_accurate)llr_verified error LLR Verified
Low-level requirements / design are verified by review or analysis.
G(LLR → reviewed)verification_independent warning Verification Independence
At DAL A/B, verification of the development outputs is performed with independence.
G((HLR ∨ LLR ∨ SourceCode) ∧ dal_a → independent_review)Testing & Coverage (A-6/7) 3
structural_coverage_achieved error Structural Coverage Achieved
Structural coverage analysis confirms the achieved coverage appropriate to the DAL (MC/DC at A, decision at B, statement at C).
G(CoverageAnalysis → coverage_achieved)test_traces_to_requirement error Test Traces to Requirement
Every test case traces to the requirement it verifies (bidirectional requirements-to-test traceability).
G(Test → P_chain(HLR))tests_requirements_based error Requirements-Based Testing
Test cases are requirements-based, exercising the software against its requirements (normal and robustness).
G(Test → requirements_based)Configuration Management (A-8) 3
artifacts_baselined error Artifacts Baselined
All life-cycle data configuration items are identified and placed under configuration management (baselined).
G((HLR ∨ LLR ∨ SourceCode ∨ Test) → baselined)changes_controlled error Changes Controlled
Changes to baselined configuration items occur only through an approved change-control process.
G(Change → P(change_approved))problem_reports_closed warning Problem Reports Closed
Problem reports are tracked to closure — resolved, or deferred with recorded rationale.
G(ProblemReport → F(resolved ∨ deferred_with_rationale))Quality Assurance (A-9) 1
Certification Liaison (A-10) 2
accomplishment_summary error Accomplishment Summary Produced
A Software Accomplishment Summary (SAS) is produced, showing compliance with the PSAC.
F(AccomplishmentSummary)psac_agreed error PSAC Agreed With Authority
The Plan for Software Aspects of Certification (PSAC) is agreed with the certification authority before development proceeds.
G((HLR ∨ LLR ∨ SourceCode) → P(psac_agreed))