A Practical Tutorial Decision Coverage on Modified Condition

Abstract This tutorial provides a practical approach to assessing modifiedconditiondecision coverage (MC/DC) for aviation software productsthat must comply with regulatory guidance for DO-178B level Asoftware. The tutorial's approach to MC/DC is a 5-step process thatallows a certification authority or verification analyst to evaluateMC/DC claims without the aid of a coverage tool In addition to theMC/DC approach, the tutorial addresses factors to consider in selectingand qualifying a structural coverage analysis tool tips for reviewing lifecycle data related to MC/DC, and pitfalls common to structural coverageanalysis. 1 Background and Purpose The RTCA/DO-178B document Software Considerations in Airborne Systems and EquipmentCertification is the primary means used by aviation software developers to obtain Federal AviationAdministration (FAA) approval I of airborne computer software (ref. 1, 2). DO-178B describes softwarelife cycle activities and design considerations, and enumerates sets of objectives for the software life cycleprocesses. The objectives applicable to a given piece of software are based on the software leveldetermined by a system safety assessment. The objectives serve as a focal point for approval of thesoftware.This tutorial concerns one particular objective in DO-178B: objective 5 in Table A-7 of Annex A.This objective, which is applicable to level A software only, requires that tests achieve modifiedcondition/decision coverage (MC/DC) of the software structure. The purpose of the tutorial is to providesufficient information upon which a diligent person may build a strong working knowledge of how tomeet the MC/DC objective, and provide a means to assess whether the objective has been met<1.1 Scope of the TutorialThis tutorial provides a broad view of MC/DC, concentrating on practical information for softwareengineers. Topics include the role of MC/DC within the verification process described in DO-178B, therationale for the MC/DC objective, a pragmatic approach for manually evaluating MC/DC, and an aid forassessing an applicant's MC/DC program. Although understanding the rationale for MC/DC is notstrictly necessary for developing a working knowledge of its use, information is included to help reducecurrent well-documented misunderstandings about the topic (ref 3).The tutorial is a self-study course designed for individuals who either develop and verify aviationsoftware products that must comply with the DO-178B objectives for level A, or who provide oversightand assurance of such products. Readers are assumed to have a basic knowledge of Boolean algebra andDO-178B. Specific references to DO-178B and other supporting materials are cited throughout. Alsoincluded throughout are exercises designed to give readers structured opportunities to assess theirunderstanding of the concepts presented; solutions for the exercises are given in Appendix A. Readers1 ED-12B, the European equivalent of DO-178B, is recognized by the Joint Aviation Authorities (JAA) via JAAtemporary guidance leaflet #4 as the primmy means for obtaining approval of airborne computer software.2 This work was supported by the FAA William J. Hughes Technical Center, Atlantic City International Airport,New Jersey.