Assessing the modelsim and questa tools for use in do254. Generating do254 compliant documents for fpga projects youtube. For example, the author of this paper worked on one do254 project where the system was dal b, the software was dal b and dal d, but the fpga was dal c. The do254 standard defines a set of objectives for hardware to be certified for use in airborne systems. Certification authorities software team cast position. Certification authorities software team cast position paper cast30 simple electronic hardware and rtca document do254 and eurocae document ed80, design assurance guidance for airborne electronic hardware completed august 2007 rev 0 note.
In 2005 the faa formally recognized rtca do254 as a means of compliance for the design of complex electronic hardware in airborne. Unlike other asic fpga design and verification cycles, compliance to rtca do 254 standard is far more rigorous and detail oriented. Here is where ambiguities enter the do 254 process. Do254 testing of high speed fpga interfaces mentor graphics.
Verifying a complex fpga design under do254 guidelines for use in. Xilinx wp332 meeting do254 and ed80 guidelines when using. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do254 tool vendors do not qualify their own tools under do254. Verification activities must ensure that hdl and netlist models correctly implement the hardware requirements, while also being efficient, complete and, crucially, compliant with the do 254 standard. The do254 standard defines a set of objectives for hardware to be certified for use.
Here, do254 is applied at the chip level, which means they dont have any access into the fpga so they cant probe it. Provide an overview and application of rtca do 254, as defined by current faa and easa guidance in airborne electronic systems. This data package is recommended to be used for design assurance level dal a and b fpgas where reliance to the tools automatic capabilities is critical to testing the target fpga. The requirements specify four documents that must be delivered to the certification authority. The fpga configuration is generally specified using a hardware description language hdl, similar to that used for an applicationspecific integrated circuit asic. It is mandatory to prove the design correctness of an fpga by verifying its entire feature set. Design for airborne electronics semiconductor engineering. Following requirements, design and implementation standards to manage do 254 compliant designs up to design assurance level a. As more software and embedded code saw use in safetycritical and avionics applications, an industry standard group developed the rtcado178b. Xilinx wp332 meeting do254 and ed80 guidelines when. Do 178 is the established software counterpart of do 254.
Do 254 cts is a fully customised hardware and software platform that increases verification coverage by test for its users. Hardware design processes covered in rtcado254 section 5 the processes introduce a requirementsbased design process, which means all of the design data must be based on the requirements. While not considered a part of the hardware life cycle by do 254, the hardware safety assessment does directly impact fpga design. A system developer has the option of setting a single design assurance level and strategy for an entire hardware item, or a hardware. The design must be tested in the target device per rtca do 254 specification sections 1. This basic course introduces the intent of the do 254 standard for commercial avionics hardware development. Fpga design and verification under do254 guidelines is a rigorous undertaking, and requires special features and capabilities from design, simulation and hardware verification tools. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to. Do254cts tool qualification data package includes a comprehensive pretool qualification data package that the applicant can easily adapt into their life cycle data.
Do document, from rtca do 178b software considerations in airborne systems and equipment certification, an aviation industry standard since 1992. Citeseerx document details isaac councill, lee giles, pradeep teregowda. It has the capabilities to handle complex multimillion gate fpga designs. The process of do254 verification planning for avionics systems. Generating do254 compliant documents for fpga projects. White paper do 254 support for fpga design flows july 2008, ver. To ensure your fpga satisfies the verification objectives of do 254 ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. Jul 17, 2018 developing fpgas and asics for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. While not considered a part of the hardware life cycle by do254, the hardware safety assessment does directly impact fpga design.
All fpga or asic devices that go in systems that fly must now adhere to the do 254 standard. Learn how to satisfy do254 objectives using modelbased design with. Experienced avionics fpga development and verification engineer, mastering fpga design under do 254 guidelines for use in safety and missioncritical airborne inertial navigation systems. This position paper has been coordinated among representatives from certification authorities in. A fieldprogrammable gate array fpga is an integrated circuit designed to be configured by a customer or a designer after manufacturing hence the term fieldprogrammable. The official hardware versus software requirementsdesign depiction is shown in the following graphic see afuzions advanced do254 training, day 2, for. While do 254 originated as a civil aviation standard, it is also starting to be used on some military projects as well. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to several processes.
Do254 defines a process that airborne applicants and integrators must follow to get their hardware certified for use in avionics. While information on the general aspects of the standard is easy to obtain, the details of exactly how to implement the. Fpga familiarization introduction to field programmable. Mercury mission systems is committed to tackling the issues of cost and time to market when it comes to do 254 safetycritical hardware development. We can provide full turnkey development and verification. As the complexity of the fpga design increases, so does the verification activities needed to satisfy the verification objectives of do 254. Highspeed interfaces are complicated interfaces which are usually linked to the main functionality of a specific fpga. Do 254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do 178 over 25 years ago. Virtex fpga design using vhdl, simulation using modelsim, and lab integration. Developing fpgas and asics for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. Accelerating do254 verification blue pearl software inc. It also provides the ability to monitor all fpga interfaces, including highspeed interfaces, at the fpga pin level.
The stringency of the process is dictated by the design assurance level dal, or safety rating of the end system, levels a highest through e lowest. The do 254 ed80 standard was formally recognized by the faa in 2005 via ac 20152 as a means of compliance for the design assurance of electronic hardware in airborne systems. Do254, design assurance guidance for airborne electronic hardware. Do 254 s requirementsbased approach is similar to do 178b for software. Applying do254 for avionics hardware development and. Xilinx practical use of fpgas and ip in do254 compliant. The compliance software application then controls the inhardware. In this paper, we will explore the safetyrelated concepts of.
The purpose of do 254 is to ensure the safety of inflight hardware. Highrely, a phoenix, arizonabased process and education consultancy on do254 design assurance, introduces do254 in the following way. Rtca do254 eurocae ed80, design assurance guidance for airborne electronic hardware is a document providing guidance for the development of. She has 18 years of experience in fpga design altera, xilinx, microsemi and 10 years of experience in teaching university courses and altera training. This session introduces field programmable gate array fpga technology and development. Rtcado254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. Do 254 design assurance guidance for airborne electronic hardware, put into effect on fpga asic designs via ac 20152 in 2005 do 297. Asic fpga board design, development and verification for do 254 compliant systems based on size, intricacy and design assurance levels. A common question on do254 projects is does hardware need both highlevel and lowlevel requirements like do178cs software. The avionics hardware industry worldwide is now commonly required to follow do 254 design assurance guidance for airborne electronic hardware for literally all phases of development. Dornerworks primary area of involvement on this project was the generation and execution of the extensive test cases required to fully verify the design according to do 254 traceability and code coverage. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to. The do 254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements. Do 254 templates and checklists do 254 compliant templates and checklists data package.
So they cant do the requirementsbased testing on the fpga chip, which is the main concept of do254, and the majority of design and verification challenges originate from that. Ddci and logicircuit to deliver enhanced do178c and do254. Rtca do254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. Do254 avionics hardware development mercury systems. Although the verification tools and procedure may be same, but the array of additional steps that need to be followed in the case of verifying an avionics asic fpga. This is intended for engineers and management who need to understand fpgas, but who do not intend to personally develop fpga designs. The do254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements.
From 2007, he is with skytechnology as the head of the hardware design team, managing card development, fpga development, test systems, and do 254 certification support activities dal a, dal b. The do 254 standard is a companion to the software do 178b standard. It is modeled after do 178, the equivalent standard for flight software certification. The basic answer is no hardware only has one level of requirements, but has two levels of design. Electronics design engineer with a primary focus on fpga design, development and test.
The guidance in this document is applicable, but not limited, to such electronic hardware items as. The complexity of asic and fpga based airborne electronic hardware aeh is constantly increasing. The attendee will leave with a solid foundation of fpga technology, development process, and management. This white paper addresses where and when to use do 254 and do 178 in fpga designs and recommends practical means for employing widely used commercial off the shelf cots ip in custom fpga. Verifying a complex fpga design under do254 guidelines for use in safety and missioncritical airborne systems is not without its challenges. The do 254 ed80 standard is the counterpart to the wellestablished software standard rtca do 178ceurocae ed12c. It is modeled after do178, the equivalent standard for flight software certification.
Understanding do254 certification intelligent aerospace. Do254 testing of high speed fpga interfaces verification. The stringent design assurance guideline imposed by do 254 for custom microcoded devices like fpgas present significant verification challenges within the avionics community. It provides guidance for the design of complex electronic hardware ceh in airborne systems and equipment for use in aircraft or engines. Aug 01, 2016 design teams strive to ensure that the design requirements are met, while the verification team directs its efforts to ensure that the design adheres to the design specifications. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do 254 tool vendors do not qualify their own tools under do 254. It provides a single and automated environment to test all fpga level requirements with full visibility and controllability at the fpga pin level. When were talking about do 254 for soc fpgas, were really talking about the hardware ip, peripherals, and custom hardware logic on the fpga fabric that have to be verified as part of the entire system.
Do 254 cts consists of a custom daughter board that contains the specific familypackage or part number of the fpga pld device from vendors such as altera, lattice, microsemi actel and xilinx. Mar 22, 2017 ddci, a leading supplier of software and professional services for mission and safetycritical applications, and logicircuit, a leading supplier of commercial offtheshelf cots intellectual property ip cores and professional services for do 254 and do 178c compliance, today announced they are collaborating to provide xilinx customers. The standard that governs the design of avionic components and systems, do 254, is one of the most poorly understood but widely applicable standards in the avionic industry. With expertise in designing certified defense and aerospace solutions, mistral has a comprehensive knowledge base with the tools, processes, standards and regulatory to provide do 254, do 178b, do 178c and do 160 compliant testing services for various avionics subsystems. I mean, may i use the web starter sw versions or i need the licensed ones. Fpga verification for do254 is in the hardware electronics weekly. The process of do254 verification planning for avionics. Functions are classified as either software or hardware, and governed by the processes provided by the guidance of either do 178 or do 254 accordingly. Fpga testing for do254 compliance design and reuse. This assessment determines the dal for each functional block in the system.
For the last few years we have been working with multiple customers on a number of do 254 fpga design and verification projects. Rtcado254 design assurance guidance for airborne electronic hardware is a recent standard that is currently being enforced by the federal aviation. Of the suggested methodologies elemental analysis is most often implemented by conducting a coverage analysis of a pld fpga asic design at the vhdl design coding language level of abstraction. If i plan to develop a bare vhdl fpga, without using any ip or soft core, are the tools mentioned in my first message suitable to formally design and verify this fpga according do 254.
Any functions of the final fpga that are not based on the requirements must be properly mitigated in order to prevent anomalous operational behavior. Richard porter electronics design, fpga, do254 rdp. Accelerating do254 verification blue pearl software. Solutions for do 254 do 254 compliance dictates a requirementsbased design and verification strategy that would include designing strictly to the definition of requirements and performing accurate, complete and independent verification of the design against these requirements. To ensure your fpga satisfies the verification objectives of do254ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. Do254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do. Do254 templates and checklists the design verification company.
The software apps running on the processor need to comply to do 178c, while the hardware ips on the fpga fabric needs to comply to do 254. Do254 cts consists of a fully customized hardware and software package designed to replay rtl simulation during inhardware verification reusing the testbench as test vectors. Certon, as part of the relationship, has direct access to vendor ip designs and tool qualifications supporting certification as required by the faa and other regulatory agencies. Do254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean. A s the complexity of electronics for airborne applications continues to rise, an increasing number of applications need to comply with the rtca do 254. Do 254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean.
Certification authorities software team cast position paper cast30 simple electronic hardware and rtca document do 254 and eurocae document ed80, design assurance guidance for airborne electronic hardware completed august 2007 rev 0 note. Aks has many manyears of experience in fpga projects. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it was modeled by. Xilinx fpga designs have been placed and routed with ise software. Each system, including any fpgas and their associated bitstreams, must be tested and validated. Describe how to apply the do 254 lifecycle and supporting processes, understand system safety assessments and the design assurance level dal, set up a project correctly through proper planning and standards. Patmos is the expert in do 254 design, verification, and certification of complex airborne hardware devices. Do254cts is a fully customised hardware and software platform that increases verification coverage by test for its users. With do 254 ed80, the certification authorities have indicated that avionics equipment contains both hardware and software, and each is critical to safe operation of aircraft. Having gained indepth insights into this market and its technological challenges, verisense has developed a set of solutions including hardware testers for do 254 fpga certification.
While this paper addresses do254 design assurance for xilinx fpgas, it is the hardware system and not the individual components that achieves do254 certification an integrated circuit ic cannot be do254 certified. Xilinx wp401 do254 for the fpga designer, white paper. Posess the ability to manage entire do 254 process from concept through certification. Do254 asic fpga board design asic fpga board design, development and verification for do254 compliant systems based on size, intricacy and design assurance levels einfochips can assist clients with do254 requirements and. Certification authorities software team cast position paper. I am aware of the development flow stated by do 254. The do 254 standard defines a set of objectives for hardware to be certified for use in airborne systems. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it. The fpga design must capture and validate requirements, design to those requirements, and then verify that the design meets them. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to several processes. For decades, military organizations have developed hardware and software using a variety of specialized, defenseoriented standards including 2167a, 498, and 882. Developing plds fpgas, asics and cplds for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority.
1206 933 1191 385 1483 1505 950 569 971 288 314 603 805 638 1370 94 332 906 1508 216 855 1391 217 721 743 137 1324 1382 173 1403 1297 479 1090 1500 447 861 94 404 1155 76 783 484 758 391