Asic fpga board design, development and verification for do 254 compliant systems based on size, intricacy and design assurance levels. Virtex fpga design using vhdl, simulation using modelsim, and lab integration. The do254 standard defines a set of objectives for hardware to be certified for use in airborne systems. This is intended for engineers and management who need to understand fpgas, but who do not intend to personally develop fpga designs. The attendee will leave with a solid foundation of fpga technology, development process, and management. Although the verification tools and procedure may be same, but the array of additional steps that need to be followed in the case of verifying an avionics asic fpga. So they cant do the requirementsbased testing on the fpga chip, which is the main concept of do254, and the majority of design and verification challenges originate from that. Rtca do254 eurocae ed80, design assurance guidance for airborne electronic hardware is a document providing guidance for the development of. Fpga verification for do254 is in the hardware electronics weekly. As more software and embedded code saw use in safetycritical and avionics applications, an industry standard group developed the rtcado178b.
The do 254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements. Aug 01, 2016 design teams strive to ensure that the design requirements are met, while the verification team directs its efforts to ensure that the design adheres to the design specifications. With do 254 ed80, the certification authorities have indicated that avionics equipment contains both hardware and software, and each is critical to safe operation of aircraft. The stringent design assurance guideline imposed by do 254 for custom microcoded devices like fpgas present significant verification challenges within the avionics community.
Functions are classified as either software or hardware, and governed by the processes provided by the guidance of either do 178 or do 254 accordingly. A common question on do254 projects is does hardware need both highlevel and lowlevel requirements like do178cs software. Aks has many manyears of experience in fpga projects. The standard that governs the design of avionic components and systems, do 254, is one of the most poorly understood but widely applicable standards in the avionic industry. Developing fpgas and asics for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. This session introduces field programmable gate array fpga technology and development. The purpose of do 254 is to ensure the safety of inflight hardware. Accelerating do254 verification blue pearl software inc. Do254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do. Do254cts tool qualification data package includes a comprehensive pretool qualification data package that the applicant can easily adapt into their life cycle data.
Do254cts is a fully customised hardware and software platform that increases verification coverage by test for its users. Fpga testing for do254 compliance design and reuse. Highrely, a phoenix, arizonabased process and education consultancy on do254 design assurance, introduces do254 in the following way. Generating do254 compliant documents for fpga projects youtube. Rtcado254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. Verifying a complex fpga design under do254 guidelines for use in safety and missioncritical airborne systems is not without its challenges. Do254 defines a process that airborne applicants and integrators must follow to get their hardware certified for use in avionics. It is mandatory to prove the design correctness of an fpga by verifying its entire feature set. Do 254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean. While not considered a part of the hardware life cycle by do254, the hardware safety assessment does directly impact fpga design. Certification authorities software team cast position paper. Posess the ability to manage entire do 254 process from concept through certification. The fpga design must capture and validate requirements, design to those requirements, and then verify that the design meets them. Patmos is the expert in do 254 design, verification, and certification of complex airborne hardware devices.
Developing plds fpgas, asics and cplds for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. Mar 22, 2017 ddci, a leading supplier of software and professional services for mission and safetycritical applications, and logicircuit, a leading supplier of commercial offtheshelf cots intellectual property ip cores and professional services for do 254 and do 178c compliance, today announced they are collaborating to provide xilinx customers. In 2005 the faa formally recognized rtca do254 as a means of compliance for the design of complex electronic hardware in airborne. The do 254 ed80 standard is the counterpart to the wellestablished software standard rtca do 178ceurocae ed12c. Certification authorities software team cast position paper cast30 simple electronic hardware and rtca document do254 and eurocae document ed80, design assurance guidance for airborne electronic hardware completed august 2007 rev 0 note. Generating do254 compliant documents for fpga projects. Here, do254 is applied at the chip level, which means they dont have any access into the fpga so they cant probe it. This basic course introduces the intent of the do 254 standard for commercial avionics hardware development. Jul 17, 2018 developing fpgas and asics for do 254 compliance entails that applicants submit extensive professional documents and artifacts to the designated certification authority. To ensure your fpga satisfies the verification objectives of do254ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. A s the complexity of electronics for airborne applications continues to rise, an increasing number of applications need to comply with the rtca do 254. Having gained indepth insights into this market and its technological challenges, verisense has developed a set of solutions including hardware testers for do 254 fpga certification. For decades, military organizations have developed hardware and software using a variety of specialized, defenseoriented standards including 2167a, 498, and 882. It provides guidance for the design of complex electronic hardware ceh in airborne systems and equipment for use in aircraft or engines.
Xilinx fpga designs have been placed and routed with ise software. Xilinx wp332 meeting do254 and ed80 guidelines when using. Citeseerx document details isaac councill, lee giles, pradeep teregowda. This assessment determines the dal for each functional block in the system.
Do254 explained by cadence this white paper, the first in a series of do 254 related white papers, will explore the highlevel concepts and activities within the do 254 design assurance guidance for airborne electronic hardware specification, why they exist, and what they mean. Assessing the modelsim and questa tools for use in do254. While information on the general aspects of the standard is easy to obtain, the details of exactly how to implement the. Certon, as part of the relationship, has direct access to vendor ip designs and tool qualifications supporting certification as required by the faa and other regulatory agencies. Of the suggested methodologies elemental analysis is most often implemented by conducting a coverage analysis of a pld fpga asic design at the vhdl design coding language level of abstraction.
Solutions for do 254 do 254 compliance dictates a requirementsbased design and verification strategy that would include designing strictly to the definition of requirements and performing accurate, complete and independent verification of the design against these requirements. The do 254 standard is a companion to the software do 178b standard. The do 254 ed80 standard was formally recognized by the faa in 2005 via ac 20152 as a means of compliance for the design assurance of electronic hardware in airborne systems. While this paper addresses do254 design assurance for xilinx fpgas, it is the hardware system and not the individual components that achieves do254 certification an integrated circuit ic cannot be do254 certified. The avionics hardware industry worldwide is now commonly required to follow do 254 design assurance guidance for airborne electronic hardware for literally all phases of development. The design must be tested in the target device per rtca do 254 specification sections 1. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do254 tool vendors do not qualify their own tools under do254. Xilinx wp332 meeting do254 and ed80 guidelines when. Describe how to apply the do 254 lifecycle and supporting processes, understand system safety assessments and the design assurance level dal, set up a project correctly through proper planning and standards. Do254 testing of high speed fpga interfaces mentor graphics. I mean, may i use the web starter sw versions or i need the licensed ones.
Certification authorities software team cast position. Learn how to satisfy do254 objectives using modelbased design with. Do254 testing of high speed fpga interfaces verification. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to. Accelerating do254 verification blue pearl software.
This white paper addresses where and when to use do 254 and do 178 in fpga designs and recommends practical means for employing widely used commercial off the shelf cots ip in custom fpga. Ddci and logicircuit to deliver enhanced do178c and do254. Rtcado254 design assurance guidance for airborne electronic hardware is a recent standard that is currently being enforced by the federal aviation. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to several processes. For more information about grey cell modeling see rtl analysis for complex fpga designs using a grey cell methodology to improve qor qualifying blue pearl software for do 254 tool vendors do not qualify their own tools under do 254. The fpga configuration is generally specified using a hardware description language hdl, similar to that used for an applicationspecific integrated circuit asic. While not considered a part of the hardware life cycle by do 254, the hardware safety assessment does directly impact fpga design. Any functions of the final fpga that are not based on the requirements must be properly mitigated in order to prevent anomalous operational behavior. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it. Provide an overview and application of rtca do 254, as defined by current faa and easa guidance in airborne electronic systems. We can provide full turnkey development and verification. Do254 templates and checklists the design verification company. Verifying a complex fpga design under do254 guidelines for use in.
Here is where ambiguities enter the do 254 process. Richard porter electronics design, fpga, do254 rdp. Certification authorities software team cast position paper cast30 simple electronic hardware and rtca document do 254 and eurocae document ed80, design assurance guidance for airborne electronic hardware completed august 2007 rev 0 note. When were talking about do 254 for soc fpgas, were really talking about the hardware ip, peripherals, and custom hardware logic on the fpga fabric that have to be verified as part of the entire system. Following requirements, design and implementation standards to manage do 254 compliant designs up to design assurance level a. A fieldprogrammable gate array fpga is an integrated circuit designed to be configured by a customer or a designer after manufacturing hence the term fieldprogrammable. It has the capabilities to handle complex multimillion gate fpga designs. As the complexity of the fpga design increases, so does the verification activities needed to satisfy the verification objectives of do 254. With expertise in designing certified defense and aerospace solutions, mistral has a comprehensive knowledge base with the tools, processes, standards and regulatory to provide do 254, do 178b, do 178c and do 160 compliant testing services for various avionics subsystems. The complexity of asic and fpga based airborne electronic hardware aeh is constantly increasing.
It provides a single and automated environment to test all fpga level requirements with full visibility and controllability at the fpga pin level. Xilinx wp401 do254 for the fpga designer, white paper. From 2007, he is with skytechnology as the head of the hardware design team, managing card development, fpga development, test systems, and do 254 certification support activities dal a, dal b. I am aware of the development flow stated by do 254. In this paper, we will explore the safetyrelated concepts of. Applying do254 for avionics hardware development and. Experienced avionics fpga development and verification engineer, mastering fpga design under do 254 guidelines for use in safety and missioncritical airborne inertial navigation systems. The software apps running on the processor need to comply to do 178c, while the hardware ips on the fpga fabric needs to comply to do 254. Do254 avionics hardware development mercury systems. Do254 cts consists of a fully customized hardware and software package designed to replay rtl simulation during inhardware verification reusing the testbench as test vectors. The do254 standard defines a set of objectives for hardware to be certified for use.
Mercury mission systems is committed to tackling the issues of cost and time to market when it comes to do 254 safetycritical hardware development. The guidance in this document is applicable, but not limited, to such electronic hardware items as. Do 254 cts is a fully customised hardware and software platform that increases verification coverage by test for its users. If i plan to develop a bare vhdl fpga, without using any ip or soft core, are the tools mentioned in my first message suitable to formally design and verify this fpga according do 254. The do 254 standard defines a set of objectives for hardware to be certified for use in airborne systems. Each system, including any fpgas and their associated bitstreams, must be tested and validated. It is modeled after do 178, the equivalent standard for flight software certification. In addition, do 254 is currently vague as it does not have the same measurable objectives as does its software counterpart rtca do 178b via design assurance level from which it was modeled by.
The process of do254 verification planning for avionics systems. The stringency of the process is dictated by the design assurance level dal, or safety rating of the end system, levels a highest through e lowest. All fpga or asic devices that go in systems that fly must now adhere to the do 254 standard. For example, the author of this paper worked on one do254 project where the system was dal b, the software was dal b and dal d, but the fpga was dal c. The basic answer is no hardware only has one level of requirements, but has two levels of design. Hardware design processes covered in rtcado254 section 5 the processes introduce a requirementsbased design process, which means all of the design data must be based on the requirements. Dornerworks primary area of involvement on this project was the generation and execution of the extensive test cases required to fully verify the design according to do 254 traceability and code coverage. Do 254, which the faa began enforcing in 2005 through ac20152, is modeled after do 178b, the equivalent process for certifying software, which was published in its original version do 178 over 25 years ago. The do254 standard gives you design assurance and guidance from conception through initial certification, as well as through postcertification product improvements. Do 254 cts consists of a custom daughter board that contains the specific familypackage or part number of the fpga pld device from vendors such as altera, lattice, microsemi actel and xilinx. Electronics design engineer with a primary focus on fpga design, development and test. As with do178, satisfying do254 objectives can be expensive and timeconsuming due to. Fpga familiarization introduction to field programmable.
Verification activities must ensure that hdl and netlist models correctly implement the hardware requirements, while also being efficient, complete and, crucially, compliant with the do 254 standard. Do 254 templates and checklists do 254 compliant templates and checklists data package. This data package is recommended to be used for design assurance level dal a and b fpgas where reliance to the tools automatic capabilities is critical to testing the target fpga. Do 254 s requirementsbased approach is similar to do 178b for software.
The compliance software application then controls the inhardware. Understanding do254 certification intelligent aerospace. Do 178 is the established software counterpart of do 254. It is modeled after do178, the equivalent standard for flight software certification. She has 18 years of experience in fpga design altera, xilinx, microsemi and 10 years of experience in teaching university courses and altera training.
Do 254 design assurance guidance for airborne electronic hardware, put into effect on fpga asic designs via ac 20152 in 2005 do 297. Do254, design assurance guidance for airborne electronic hardware. Rtca do254 is a means of compliance for the development of airborne electronic hardware containing fpgas, plds and asics. This position paper has been coordinated among representatives from certification authorities in.
Fpga design and verification under do254 guidelines is a rigorous undertaking, and requires special features and capabilities from design, simulation and hardware verification tools. Highspeed interfaces are complicated interfaces which are usually linked to the main functionality of a specific fpga. A system developer has the option of setting a single design assurance level and strategy for an entire hardware item, or a hardware. Xilinx practical use of fpgas and ip in do254 compliant. While do 254 originated as a civil aviation standard, it is also starting to be used on some military projects as well. It also provides the ability to monitor all fpga interfaces, including highspeed interfaces, at the fpga pin level. Do254 asic fpga board design asic fpga board design, development and verification for do254 compliant systems based on size, intricacy and design assurance levels einfochips can assist clients with do254 requirements and. Design for airborne electronics semiconductor engineering. The process of do254 verification planning for avionics. Unlike other asic fpga design and verification cycles, compliance to rtca do 254 standard is far more rigorous and detail oriented. To ensure your fpga satisfies the verification objectives of do 254 ed80, the system allows you to do atspeed testing in target device and provides a single environment to verify all fpga level requirements. The requirements specify four documents that must be delivered to the certification authority. As with do 178, satisfying do 254 objectives can be expensive and timeconsuming due to several processes. The official hardware versus software requirementsdesign depiction is shown in the following graphic see afuzions advanced do254 training, day 2, for.
634 1432 252 1302 63 523 534 948 264 1224 350 1387 1249 694 484 1456 1338 1266 1364 147 305 1241 185 1340 456 1028 413 1358 1523 260 72 62 960 385 746 365 223 1104 495 407 555 353 438 918 283