Do254 testing of high speed fpga interfaces verification. This basic course introduces the intent of the do 254 standard for commercial avionics hardware development. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do254 tool vendors do not qualify their own tools under do254. The do254 standard defines a set of objectives for hardware to be certified for use. This data package is recommended to be used for design assurance level dal a and b fpgas where reliance to the tools automatic capabilities is critical to testing the target fpga. A system developer has the option of setting a single design assurance level and strategy for an entire hardware item, or a hardware. Do254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean. The do 254 ed80 standard is the counterpart to the wellestablished software standard rtca do 178ceurocae ed12c. It also provides the ability to monitor all fpga interfaces, including highspeed interfaces, at the fpga pin level.
The complexity of asic and fpga based airborne electronic hardware aeh is constantly increasing. Dornerworks primary area of involvement on this project was the generation and execution of the extensive test cases required to fully verify the design according to do 254 traceability and code coverage. Understanding do254 certification intelligent aerospace. The design must be tested in the target device per rtca do 254 specification sections 1.
Richard porter electronics design, fpga, do254 rdp. White paper do 254 support for fpga design flows july 2008, ver. Do 254 templates and checklists do 254 compliant templates and checklists data package. The fpga configuration is generally specified using a hardware description language hdl, similar to that used for an applicationspecific integrated circuit asic. Do254, design assurance guidance for airborne electronic hardware. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to. Patmos is the expert in do 254 design, verification, and certification of complex airborne hardware devices. Fpga verification for do254 is in the hardware electronics weekly. Design for airborne electronics semiconductor engineering. In 2005 the faa formally recognized rtca do254 as a means of compliance for the design of complex electronic hardware in airborne. Do 254 s requirementsbased approach is similar to do 178b for software. Developing fpgas and asics for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. Rtcado254 design assurance guidance for airborne electronic hardware is a recent standard that is currently being enforced by the federal aviation. Functions are classified as either software or hardware, and governed by the processes provided by the guidance of either do 178 or do 254 accordingly.
The do 254 ed80 standard was formally recognized by the faa in 2005 via ac 20152 as a means of compliance for the design assurance of electronic hardware in airborne systems. Xilinx wp332 meeting do254 and ed80 guidelines when. Do document, from rtca do 178b software considerations in airborne systems and equipment certification, an aviation industry standard since 1992. Generating do254 compliant documents for fpga projects. It has the capabilities to handle complex multimillion gate fpga designs. The process of do254 verification planning for avionics systems. Do254 asic fpga board design asic fpga board design, development and verification for do254 compliant systems based on size, intricacy and design assurance levels einfochips can assist clients with do254 requirements and. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do 254 tool vendors do not qualify their own tools under do 254. Fpga design and verification under do254 guidelines is a rigorous undertaking, and requires special features and capabilities from design, simulation and hardware verification tools. Xilinx wp332 meeting do254 and ed80 guidelines when using. She has 18 years of experience in fpga design altera, xilinx, microsemi and 10 years of experience in teaching university courses and altera training. The software apps running on the processor need to comply to do 178c, while the hardware ips on the fpga fabric needs to comply to do 254.
While information on the general aspects of the standard is easy to obtain, the details of exactly how to implement the. Any functions of the final fpga that are not based on the requirements must be properly mitigated in order to prevent anomalous operational behavior. Here, do254 is applied at the chip level, which means they dont have any access into the fpga so they cant probe it. We can provide full turnkey development and verification. While not considered a part of the hardware life cycle by do 254, the hardware safety assessment does directly impact fpga design. This position paper has been coordinated among representatives from certification authorities in. The do 254 standard defines a set of objectives for hardware to be certified for use in airborne systems. This assessment determines the dal for each functional block in the system. To ensure your fpga satisfies the verification objectives of do 254 ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. Highrely, a phoenix, arizonabased process and education consultancy on do254 design assurance, introduces do254 in the following way. For example, the author of this paper worked on one do254 project where the system was dal b, the software was dal b and dal d, but the fpga was dal c. Rtcado254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. Ddci and logicircuit to deliver enhanced do178c and do254. The do 254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements.
Learn how to satisfy do254 objectives using modelbased design with. It is modeled after do 178, the equivalent standard for flight software certification. Do 254 cts is a fully customised hardware and software platform that increases verification coverage by test for its users. A fieldprogrammable gate array fpga is an integrated circuit designed to be configured by a customer or a designer after manufacturing hence the term fieldprogrammable. All fpga or asic devices that go in systems that fly must now adhere to the do 254 standard. The do254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements. Developing plds fpgas, asics and cplds for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. Certon, as part of the relationship, has direct access to vendor ip designs and tool qualifications supporting certification as required by the faa and other regulatory agencies. While do 254 originated as a civil aviation standard, it is also starting to be used on some military projects as well. Mar 22, 2017 ddci, a leading supplier of software and professional services for mission and safetycritical applications, and logicircuit, a leading supplier of commercial offtheshelf cots intellectual property ip cores and professional services for do 254 and do 178c compliance, today announced they are collaborating to provide xilinx customers.
Citeseerx document details isaac councill, lee giles, pradeep teregowda. The official hardware versus software requirementsdesign depiction is shown in the following graphic see afuzions advanced do254 training, day 2, for. Do254 defines a process that airborne applicants and integrators must follow to get their hardware certified for use in avionics. This session introduces field programmable gate array fpga technology and development. Do 178 is the established software counterpart of do 254. It is modeled after do178, the equivalent standard for flight software certification. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it. While this paper addresses do254 design assurance for xilinx fpgas, it is the hardware system and not the individual components that achieves do254 certification an integrated circuit ic cannot be do254 certified.
Hardware design processes covered in rtcado254 section 5 the processes introduce a requirementsbased design process, which means all of the design data must be based on the requirements. As the complexity of the fpga design increases, so does the verification activities needed to satisfy the verification objectives of do 254. The stringency of the process is dictated by the design assurance level dal, or safety rating of the end system, levels a highest through e lowest. Applying do254 for avionics hardware development and. Experienced avionics fpga development and verification engineer, mastering fpga design under do 254 guidelines for use in safety and missioncritical airborne inertial navigation systems. Mercury mission systems is committed to tackling the issues of cost and time to market when it comes to do 254 safetycritical hardware development. Xilinx fpga designs have been placed and routed with ise software. Do254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do. Highspeed interfaces are complicated interfaces which are usually linked to the main functionality of a specific fpga. With do 254 ed80, the certification authorities have indicated that avionics equipment contains both hardware and software, and each is critical to safe operation of aircraft. Do254 avionics hardware development mercury systems. This is intended for engineers and management who need to understand fpgas, but who do not intend to personally develop fpga designs. Do254 cts consists of a fully customized hardware and software package designed to replay rtl simulation during inhardware verification reusing the testbench as test vectors. Describe how to apply the do 254 lifecycle and supporting processes, understand system safety assessments and the design assurance level dal, set up a project correctly through proper planning and standards.
Assessing the modelsim and questa tools for use in do254. The attendee will leave with a solid foundation of fpga technology, development process, and management. The purpose of do 254 is to ensure the safety of inflight hardware. Although the verification tools and procedure may be same, but the array of additional steps that need to be followed in the case of verifying an avionics asic fpga.
Provide an overview and application of rtca do 254, as defined by current faa and easa guidance in airborne electronic systems. Certification authorities software team cast position paper cast30 simple electronic hardware and rtca document do254 and eurocae document ed80, design assurance guidance for airborne electronic hardware completed august 2007 rev 0 note. Verifying a complex fpga design under do254 guidelines for use in. As more software and embedded code saw use in safetycritical and avionics applications, an industry standard group developed the rtcado178b. Rtca do254 eurocae ed80, design assurance guidance for airborne electronic hardware is a document providing guidance for the development of. It provides a single and automated environment to test all fpga level requirements with full visibility and controllability at the fpga pin level. I am aware of the development flow stated by do 254. Following requirements, design and implementation standards to manage do 254 compliant designs up to design assurance level a. Do 254 design assurance guidance for airborne electronic hardware, put into effect on fpga asic designs via ac 20152 in 2005 do 297. Do254 testing of high speed fpga interfaces mentor graphics.
The fpga design must capture and validate requirements, design to those requirements, and then verify that the design meets them. The avionics hardware industry worldwide is now commonly required to follow do 254 design assurance guidance for airborne electronic hardware for literally all phases of development. The guidance in this document is applicable, but not limited, to such electronic hardware items as. Verifying a complex fpga design under do254 guidelines for use in safety and missioncritical airborne systems is not without its challenges. Rtca do254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. Here is where ambiguities enter the do 254 process.
The do 254 standard is a companion to the software do 178b standard. The standard that governs the design of avionic components and systems, do 254, is one of the most poorly understood but widely applicable standards in the avionic industry. Fpga familiarization introduction to field programmable. Do254cts tool qualification data package includes a comprehensive pretool qualification data package that the applicant can easily adapt into their life cycle data. It is mandatory to prove the design correctness of an fpga by verifying its entire feature set.
Xilinx wp401 do254 for the fpga designer, white paper. Unlike other asic fpga design and verification cycles, compliance to rtca do 254 standard is far more rigorous and detail oriented. Accelerating do254 verification blue pearl software inc. I mean, may i use the web starter sw versions or i need the licensed ones. The stringent design assurance guideline imposed by do 254 for custom microcoded devices like fpgas present significant verification challenges within the avionics community. The process of do254 verification planning for avionics. Solutions for do 254 do 254 compliance dictates a requirementsbased design and verification strategy that would include designing strictly to the definition of requirements and performing accurate, complete and independent verification of the design against these requirements. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to several processes. The compliance software application then controls the inhardware. The do254 standard defines a set of objectives for hardware to be certified for use in airborne systems. Certification authorities software team cast position.
Aks has many manyears of experience in fpga projects. Accelerating do254 verification blue pearl software. So they cant do the requirementsbased testing on the fpga chip, which is the main concept of do254, and the majority of design and verification challenges originate from that. While not considered a part of the hardware life cycle by do254, the hardware safety assessment does directly impact fpga design. Xilinx practical use of fpgas and ip in do254 compliant. The basic answer is no hardware only has one level of requirements, but has two levels of design. Do254cts is a fully customised hardware and software platform that increases verification coverage by test for its users.
Each system, including any fpgas and their associated bitstreams, must be tested and validated. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it was modeled by. From 2007, he is with skytechnology as the head of the hardware design team, managing card development, fpga development, test systems, and do 254 certification support activities dal a, dal b. A s the complexity of electronics for airborne applications continues to rise, an increasing number of applications need to comply with the rtca do 254. Of the suggested methodologies elemental analysis is most often implemented by conducting a coverage analysis of a pld fpga asic design at the vhdl design coding language level of abstraction. The requirements specify four documents that must be delivered to the certification authority. If i plan to develop a bare vhdl fpga, without using any ip or soft core, are the tools mentioned in my first message suitable to formally design and verify this fpga according do 254. In this paper, we will explore the safetyrelated concepts of. Verification activities must ensure that hdl and netlist models correctly implement the hardware requirements, while also being efficient, complete and, crucially, compliant with the do 254 standard. To ensure your fpga satisfies the verification objectives of do254ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. It provides guidance for the design of complex electronic hardware ceh in airborne systems and equipment for use in aircraft or engines. Do 254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean.
Fpga testing for do254 compliance design and reuse. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to. For the last few years we have been working with multiple customers on a number of do 254 fpga design and verification projects. Electronics design engineer with a primary focus on fpga design, development and test. Generating do254 compliant documents for fpga projects youtube. Do254 templates and checklists the design verification company. Having gained indepth insights into this market and its technological challenges, verisense has developed a set of solutions including hardware testers for do 254 fpga certification. Do 254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do 178 over 25 years ago. This white paper addresses where and when to use do 254 and do 178 in fpga designs and recommends practical means for employing widely used commercial off the shelf cots ip in custom fpga. A common question on do254 projects is does hardware need both highlevel and lowlevel requirements like do178cs software. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to several processes. Do 254 cts consists of a custom daughter board that contains the specific familypackage or part number of the fpga pld device from vendors such as altera, lattice, microsemi actel and xilinx. Aug 01, 2016 design teams strive to ensure that the design requirements are met, while the verification team directs its efforts to ensure that the design adheres to the design specifications. Posess the ability to manage entire do 254 process from concept through certification.
1082 1275 1133 603 1424 1495 683 1428 451 792 500 977 1048 458 536 527 1008 1036 1276 1561 1440 178 246 32 1262 303 948 437 1592 955 326 469 1261 127 687 6 310 262 259 796 428