DO-254 without tears

By Pranav Ashar |  1 Comment  |  Posted: February 25, 2015
Topics/Categories: EDA - Verification  |  Tags: , , , ,  | Organizations:

Pranav AsharDr Pranav Ashar is chief technology officer of Real Intent. He previously worked at NEC Labs developing formal verification technologies for VLSI design. With 35 patents granted and pending, he has authored about 70 papers and co-authored the book ‘Sequential Logic Synthesis’.

At first glance the DO-254 aviation standard, ‘Design Assurance Guideline for Airborne Electronic Hardware’, seems daunting. It defines design and verification flows tightly with regard to both implementation and traceability.

Here’s an example of the granularity within the standard: a sizeable block addresses how you write state machines, the coding style you use and the conformity of those state machines to that style.

This kind of stylistic, lower-level semantic requirement – and there are many within DO-254 – makes design managers stop and think. So it should. The standard is focused on aviation’s safety-critical demands, assessing the hardware design’s execution and functionality in appropriate depth right up to the consequences of a catastrophic failure.

Nevertheless, one pervasive and understandable concern has been the degree to which such a tightly-drawn standard will impact on and be compatible with established flows. This particularly goes for new entrants in avionics and its related markets.

Your company has a certain way of doing things so you inevitably wonder how easily that can be adapted and extended to meet the requirements of DO-254… or will a painful and expensive rethink be necessary? Can we realistically do this?

Here’s the good news. The demands of the standard map closely to how EDA tools have developed and continue to evolve. Automation therefore takes a lot of pain out of the process.

DO-254 and EDA in harmony

At Real Intent, we have just placed DO-254 at the forefront of the new release of our Ascent Lint tool. It is a good illustration of what I mean.

First, what is a linter if not largely an accumulation of design knowledge that is applied to a new project in the light of what has been discovered on earlier ones? That’s where most of the rules come from. This has obvious and very beneficial implications for designs that observe predefined coding styles.

Our lint tool can guide you to the right places to look. When you have that information, it becomes a lot easier to adapt your flow and your design practices.

But let’s go further and look at the philosophy behind DO-254.

Consider the implications of ‘complexity’. It may be the most overused word in EDA but it’s still true that the increasing challenges faced by electronics system design have seen more intelligence fed into tools of all types.

To achieve DO-254 compliance specifically, I would argue that a linter is an important foundation, but you need to go further. You need a suite of tools, also packed with the same kind of semantic intelligence.

The kind of hierarchical RTL verification offered by our Ascent IIV tool and the depth of understanding of unknowns within our Ascent XV X-verification tool illustrate the extra checks and traces that are likely to be needed for a safety-critical design.

And there they are already in our tools – and yes, those of some of our competitors. These tools have evolved largely in parallel with the needs of this particular standard, but more importantly with the broader needs of all electronic system design.

Processes alone can only take you so far. Processes that highlight the need for an informed approach to design are what we need. That last quality strikes me as a key and very welcome aspect of DO-254.

DO-254 has its rewards

None of this means that DO-254 compliance is ‘easy’. No safety-first design should be. Attention to detail matters. But again, you already knew that even if you have never worked on an aviation project before. Today, nothing is easy.

In that context, today’s EDA tools include capabilities that greatly improve the efficiency with which existing players in aviation deliver projects and also lower the barriers to entry for new ones. That boosts competition and thereby quality.

Right now, aviation is an exciting field. The drone market alone – spurred by interest from the likes of Amazon and Google – is being awarded multi-billion dollar valuations. In the US, the FAA has this month finally described how it sees UAVs operating, albeit relatively small ones for now.

As UAVs become more commonplace, their DO-254-compliance will increasingly be required… even if the FAA is not itself making that mandatory. Yet.

A tremendous opportunity exists and EDA can help a great many of its customers take advantage of it. DO-254 does present challenges, but they are not so different from those we already face – with the right tools you can adapt without tears.

Comments are closed.

PLATINUM SPONSORS

Synopsys Cadence Design Systems Siemens EDA
View All Sponsors