Experts Discuss DO-178C Language and Tooling
Elon Musk noted that SpaceX uses C/C++ for its DO-178C certified software due to the maturity of available safety tools, while using Rust for its xAI division. Meanwhile, security firm wolfSSL is hosting a webinar on February 25 to detail how its cryptographic and secure boot products achieve DO-178C DAL-A compliance. The firm also released a blog post on certified cryptography for avionics security.
- The DO-178C standard, also known as ED-12C in Europe, is the primary means by which certification authorities like the FAA and EASA approve all commercial software-based aerospace systems. It provides a flexible, objective-based framework rather than a prescriptive "how-to" guide. - The standard defines five Design Assurance Levels (DALs) based on the potential consequences of a software failure, from DAL A (catastrophic) to DAL E (no safety effect). DAL A, for functions whose failure would cause a loss of the aircraft, requires satisfying the most objectives and the highest rigor of verification, including Modified Condition/Decision Coverage (MC/DC) testing. - To manage the risks of using C and C++ in safety-critical systems, developers rely on strict coding standards like MISRA C++ or the JSF C++ standard, which define a safer subset of the language to avoid constructs that can lead to unintended behavior. - Rust is gaining traction for safety-critical systems due to its built-in memory safety guarantees, which prevent entire classes of bugs like buffer overflows at compile time. This contrasts with C/C++, where such errors are a persistent risk that must be mitigated through disciplined coding and extensive testing. - A key challenge for adopting newer languages is the need for a qualified compiler toolchain. For Rust, the Ferrocene toolchain is the first to be qualified under safety standards like ISO 26262 and is pursuing qualification for aerospace standards like DO-178C. - The wolfCrypt DO-178C certification kit provides Commercial Off-The-Shelf (COTS) cryptographic components that have already completed all four Stages of Involvement (SOI) audits. The kit includes traceable artifacts for algorithms like AES, RSA, SHA-256, and ChaCha20-Poly1305 to support functions like secure boot and encrypted data loading. - To ensure objectivity, DO-178C requires that for higher DALs, many verification activities be performed "with independence," meaning the person verifying an artifact cannot be the person who created it. - DO-178C is complemented by other documents that provide guidance for specific modern software development techniques. These include DO-331 for Model-Based Development and Verification, DO-332 for Object-Oriented Technologies, and DO-333 for Formal Methods.
