Automatic Code Generation Tools Development Assurance

This paper clarifies DO-178B/ED-12B section 12.2.1.b, as it applies to automatic code generation (ACG) tools. DO-178B/ED-12B proposes that the software level of a development tool should be considered at least the same as the software level of the airborne system’s software application the tool is being used to develop, unless the applicant can justify a reduction in software level of the tool to the certification authority. According to DO-178B/ED-12B: “A reduction in a tool’s software level can be based upon the significance of the software verification process activity to be eliminated, reduced or automated, with respect to the entire suite of verification activities. This significance is a function of: -the type of software verification process activity to be eliminated, reduced or automated ... -the likelihood that other verification activities would have detected the same errors.” This paper proposes a list of candidate objectives in DO-178B/ED-12B that could potentially be alleviated, when applicants are qualifying Automatic Code Generation Tools, provided that the applicants supply relevant rationale and justification for each objective’s alleviation. The paper also provides a road map to potentially reduce the ACG tool’s software level relative to the level of the airborne software. The approach proposed in this paper is only one of many potential approaches. Other approaches would need to be coordinated with the appropriate certification authorities.