Independent validation and verification of the TCAS II collision avoidance subsystem

This paper describes the specification-based testing, analysis tools, and associated processes that were used to independently validate, verify, and ultimately provide for certifying, safety-critical software developed for the Traffic Alert and Collision Avoidance System (TCAS II) program. These tools and processes comprise an effective and Independent Validation and Verification (IV&V) activity applied to the Collision Avoidance Subsystem (CAS) software development process. A requirements specification language called the Requirements State Machine Language (RSML), originally developed by the University of California, Irvine (UCI), was employed for the specification of CAS. The end result is the next generation of TCAS II collision avoidance logic, referred to as Version 7, that is of a higher quality than its predecessors, meets the certification requirements of DO-178B Level B, and can be shown to satisfy the new operational requirements it was developed to address