Do-254
White Paper
Understanding DO-254 Compliance for the Verification of Airborne Digital Hardware
October 2009
Authors
Dr. Paul Marriott XtremeEDA Corporation Anthony D. Stone Synopsys, Inc
Abstract
This whitepaper is designed to provide a basic understanding of the main concepts of the DO-254 compliance specification for electronic component design. It outlines the major steps involved in a DO-254 compliant ASIC/FPGA design and verification process, and explains how differentiating tool features can be mapped to enhance and facilitate critical stages of the DO-254 process.
Introduction
As the amount and complexity of electronic content has grown in commercial aircraft, it became necessary for the FAA to establish a baseline of minimum design flow steps for airborne equipment. DO-254 was formally recognized in 2005 as a standard for ensuring the highest level of safety in electronic airborne systems. It includes five levels of compliance, known as Design Assurance Levels (DAL), that range in severity from A (where hardware failure would result in catastrophic failure of an aircraft) to E (where failure would not affect safety). As expected, meeting a “DAL A” level of compliance requires significantly more effort and greater attention to verification than would “DAL E”.
Requirements
Design specification
!
Design RTL
Synthesis
trace
N
Verification plan
Verification RTL
Equivalence
Requirements met?
Analysis
trace Reports Certification
Figure 1: Typical DO-254 design flow steps
Compliance to this standard involves a process that is more rigorous than the standard ASIC/FPGA design and verification flow. While the tools used to design and verify the hardware are the same as in non-DO-254 applications, the process involves additional steps, particularly in the area of functional verification.
Parts of a compliant flow
DO-254 applies to complex airborne hardware, such as ASICs, FPGAs, and PLDs. According to the
Understanding DO-254 Compliance for the Verification of Airborne Digital Hardware
October 2009
Authors
Dr. Paul Marriott XtremeEDA Corporation Anthony D. Stone Synopsys, Inc
Abstract
This whitepaper is designed to provide a basic understanding of the main concepts of the DO-254 compliance specification for electronic component design. It outlines the major steps involved in a DO-254 compliant ASIC/FPGA design and verification process, and explains how differentiating tool features can be mapped to enhance and facilitate critical stages of the DO-254 process.
Introduction
As the amount and complexity of electronic content has grown in commercial aircraft, it became necessary for the FAA to establish a baseline of minimum design flow steps for airborne equipment. DO-254 was formally recognized in 2005 as a standard for ensuring the highest level of safety in electronic airborne systems. It includes five levels of compliance, known as Design Assurance Levels (DAL), that range in severity from A (where hardware failure would result in catastrophic failure of an aircraft) to E (where failure would not affect safety). As expected, meeting a “DAL A” level of compliance requires significantly more effort and greater attention to verification than would “DAL E”.
Requirements
Design specification
!
Design RTL
Synthesis
trace
N
Verification plan
Verification RTL
Equivalence
Requirements met?
Analysis
trace Reports Certification
Figure 1: Typical DO-254 design flow steps
Compliance to this standard involves a process that is more rigorous than the standard ASIC/FPGA design and verification flow. While the tools used to design and verify the hardware are the same as in non-DO-254 applications, the process involves additional steps, particularly in the area of functional verification.
Parts of a compliant flow
DO-254 applies to complex airborne hardware, such as ASICs, FPGAs, and PLDs. According to the