The introduction of RTCA/DO-331 Model based Development and Verification Supplement to DO-178C and DO-278A offers new opportunities to leverage the strengths of model based development under RTCA/DO-178C. The concept of model simulation for Executable Object Code (EOC) verification credit allows for the painstaking work of model verification to be reused to partially achieve EOC verification objectives.
This paper explores the conditions under which model verification can be used to partially satisfy EOC verification objectives and identifies areas which should be closely attended to in order to satisfy the regulatory requirements.
Model Based Development and Verification (RTCA/DO-331)
Under DO-178C and DO-331, some aspects of EOC verification can be satisfied using model simulation. Per DO-331 section MB.6.8.2:
Verification of the Executable Object Code is primarily performed by testing. This can be partially assisted by a combination of model simulation and specific analyses as described below. This combination can be used to partially satisfy the following software testing and coverage objectives:
But specific tests should still be performed in the target computer environment, since some errors may be detectable only in this environment.
The following software testing and coverage objectives cannot be satisfied by model simulation since simulation cases should be based on the requirements from which the design model is developed:
It bears repeating that the simulation cases and procedures to be used for model verification are required to be developed from the higher-level requirements from which the Design Model itself was developed. It also should be noted that simulation cases and procedures are subject to the same verification objectives as test cases and procedures used in more traditional paradigms to verify the EOC in the target environment.