DO-254 short introduction
DO-254 is a specific standard and requirement driven process oriented on a safety standard that is used for developing hardware that contains FPGAs, PLDs and ASICs, used in commercial aircrafts. Each component of the aircraft based on their critical safety can be classified by Design Assurance Level (DAL) as DAL A(B, C, D and E), marking DAL A as the most critical and DAL E as least critical in terms of does the failure of the component can cause failure of the aircraft and consequently falling to the ground. Therefore process of development and testing of the component must be carried out by strict and predetermined planning. Design Assurance Overview is shown in Figure 1.
Design Assurance Level (DAL) | Description | Target System failure Rate | Example System |
---|---|---|---|
Level A (Catastrophic) | Failure causes crash, deaths | <1 X 10-9 chance of failure/flight-hr | Flight controls |
Level B (Hazardous) | Failure may cause crash, deaths | <1 X 10-7 chance of failure/flight-hr | Braking systems |
Level C (Major) | Failure may cause stress, injuries | <1 X 10-5 chance of failure/flight-hr | Backup systems |
Level D (Minor) | Failure may cause inconvenience | No safety metric | Ground navigation systems |
Level E (No effect) | no safety effect on passengers/crew | No safety metric | Passenger entertainment |
Figure 1.
Project Overview.
The goal of the project was to design and verify ethernet switch according to DAL A Assurance Level. Execution of the entire project from start to finish was done in V-model shape process.
Figure 2.
According to the V-model the project consists of three phases :
1.Project definition
- CDD (Conceptual Design Document). The purpose of this document is to provide conceptual design for the implementation of the switch.
- HRD (Hardware Requirements Document). The purpose of this document is to provide detailed requirements definitions for the implementation of the switch
- HVCP (Hardware Verification Coding Protocol). The purpose of this HVCP is to describe the verification strategy, the test environment and the test cases necessary to verify that the design of the ethernet switch is conform to its requirements described in the Hardware Requirement Document (HRD).
2.Implementation (Switch design according to the HRD and the UVM test environment according to the HVCP.)
3.Project test and integration
- Freezing design after implementation, creating UVM Test Procedures according to the HVCP document Test Cases and validating design functionality
- Validation of Test Cases according to the HRD (Does the Test Case covers Hardware Requirements). In this stage of the project if necessary design is thawed and updated along with the HRD. Goal was to hit 100% Code Coverage and 100% requirement coverage this is a must according to the DO-254 DAL A requirement.
- Code review (Code review of the entire project)
Our team of digital design verification engineers was responsible for developing and maintaining UVM environment (Agents, Scoreboards, etc), implementation of Test Procedures (TP) according to the HVCP Test Cases (TC), environment and TP code review. Environment block diagram is shown on Figure 3.
Figure 3.
The entire verification process was done in three stages. First stage was developing environment and basic testing of the design. After making sure that environment is working correctly we moved on to the second phase which was writing TP and execution in Questasim and the third and final phase of verification was code review of the environment and test procedures, 100% Code Coverage and 100% requirement coverage, making sure that everything is according to the DO-254 certification standard.
Main challenges during verification were:
- Waiting for designated authors to finish needed updates (According to the DO-254 certification, each peace of code has to have one owner/author which can not be at the same time a reviewer of same code)
- Doing repetitive tasks in final stage of the project (Code review which was done multiple times)
Conclusion
The project covered the complete process from “black board” to production according to the DO-254 certification standard. All verification steps were conducted or organized by RT-RK, in collaboration with TTTech. Customer requirements were fulfilled at an expected level. On the other side, RT-RK team has grown in knowledge about DO-254 certification process while working according to requirements introduced by the Customer.