Verification of additional Code

Under certain conditions DO-178B/ED-12B section 6.4.4.2.b required the applicant to verify the traceability between Source Code and Object Code. In case of non-direct traceability, additional verification activities were expected in order to demonstrate the correctness of the generated code sequences. There was nothing about this in the A-7 objective table.

This DO-178B/ED-12B text and the associated expectations have often been misunderstood. Therefore, clarifications were needed and are now incorporated in DO-178C/ED-12C:

  • In DO-178B/ED-12B, the wording “the analysis may be performed on the source code, unless …” seemed to suggest that the adequate level was the object code, which was not the initial intent. The text has been updated: Structural coverage analysis may now be performed at any level, i.e, source code, object code or executable object code. It is up to the applicant to choose the most appropriate level.
  • Independent of the form of the code used to perform the structural coverage analysis, if the software level is A, an analysis of the code produced by compiler/linker or other tools used to generate the executable object code needs to be conducted. If such tools generate additional code sequences that are not directly traceable to source code, additional verification should be conducted.
  • The meaning of the words “direct traceability” is now clarified in a note. It explains that “branches” and “side effects” should be considered.
  • The table A-7 reflects this change. A new objective, applicable only to level A is added.

It should be noted that compared to DO-178B/ED-12B, there is no extra information in DO-178C/ED-12C regarding the exact nature of this “additional verification”. The guidance remains focused on the general verification objective consisting in establishing “the correctness of such generated code sequences”.

Regarding this additional verification, DO-178B/ED-12B and CAST paper #12 were clearly limited to the compiler effects. The new text in section 6.4.4.2.b brings the other generation tools in the game. Therefore, the activity may no longer be limited to traceability analysis between source code and object code but may also need to consider the effects of all tools used in the Executable Object Code Generation chain