DO 254 Explained Cadence Design Systems

Do 254 Explained Cadence Design Systems-Free PDF

  • Date:18 Feb 2020
  • Views:60
  • Downloads:0
  • Pages:6
  • Size:304.64 KB

Share Pdf : Do 254 Explained Cadence Design Systems

Download and Preview : Do 254 Explained Cadence Design Systems


Report CopyRight/DMCA Form For : Do 254 Explained Cadence Design Systems


Transcription:

DO 254 Explained, Based on their safety criticality different parts of the aircraft are designated different Design Assurance Levels. or DALs for short Figure 1 A system that is highly critical will receive a higher DAL with DAL A reserved for the. most critical systems This criticality is determined by a safety assessment of the aircraft and interacting systems. to determine the required target failure rate For DO 254 the difference between meeting DAL A and DAL B is. minimal so they are frequently referred to as DAL A B in various writings including aspects of this whitepaper. Design Assurance Description Target System Example System. Level DAL Failure Rate, Level A Failure causes 1 x 10 9 chance Flight controls. Catastrophic crash deaths of failure flight hr, Level B Failure may cause 1 x 10 7 chance Braking systems. Hazardous crash deaths of failure flight hr, Level C Failure may cause 1 x 10 5 chance Backup systems. Major stress injuries of failure flight hr, Level D Failure may cause No safety metric Ground navigation.
Minor inconvenience systems, Level E No safety effect on No safety metric Passenger. No effect passengers crew entertainment,Figure 1 Design Assurance Levels DALs. Because DO 254 is a process oriented standard it s important to understand the overall flow shown in Figure 2. and in Figure 5 1 of the DO 254 specification expected by a DO 254 certification official. Supporting Processes,Validation and Verification Processes Section 6. Configuration Management Section 7,Processes Assurance Section 8. Certification Liaison Section 9,Hardware Design,System Processes Section 2.
Processes Section 5,Manufacturing Processes, Requirements Conceptual Detailed Implementation Product. Capture Design Design Transition, Section 5 1 Section 5 2 Section 5 3 Section 5 4 Section 5 5. Derived Requirements,Figure 2 DO 254 flow, Let s walk through this process to briefly explain each component of this flow. Planning is a critical piece of the DO 254 certification It s important to document your project flow up front and. approach your certification official to gain their approval early in the project Typically the high level plans are. documented in the Plan for Hardware Aspects of Certification PHAC commonly pronounced as pea hack This. plan should include all aspects of your project and how you will meet the DO 254 requirements. www cadence com 2,DO 254 Explained,Requirements Capture and Validation. The DO 254 specification utilizes a requirements based design and verification approach This means that the. entire hardware project revolves around a formal set of high level requirements Before any RTL is written each of. these requirements must be written down given a unique reference name and reviewed for a variety of criteria. including understandability testability verifiability etc. Conceptual Design, At the conceptual design stage a larger design is broken down into smaller more manageable components This.
might be thought of as a high level block diagram Note For a sufficiently simple system the conceptual design. step may be skipped or merged with the Detailed Design step. Detailed Design, This step is where the real design work takes place For each component detailed in the conceptual design the RTL. hardware design should implement each and every requirement for that component Each high level requirement. should be traced to the top level RTL module implementing that requirement This traceability can happen in a. variety of ways and it is up to the implementation team to determine the desired approach. Separately the verification team should create verification tests to verify that each requirement has been met by. the RTL including a message to the log file showing the expected result the actual result seen in the simulation. and the result pass fail Each test must also be linked to the high level requirement including the pass fail criteria. all must pass obviously Constrained random testing can also be used for more complex designs however special. care must be used to create additional verification coverage components tied to all the requirements If you are. using an advanced verification tool such as the Cadence vManager Metric Driven Signoff Platform then the. additional traceability automation needed is built into the tool. Requirements This is the device you,New or Change want to build. Make sure you are going,to build the right device Requirements. validate requirements Validation,Treceability is Critical. Device Device,Implementation Verification,Build the device Make sure the device.
controlled repeatable flow meets its requirements, Figure 3 Requirements driven flow including traceability. Implementation, The implementation process is obviously technology specific For an RTL based design such as an FPGA or ASIC. the implementation step includes the synthesis process of converting RTL into actual technology specific gates For. an FPGA this also includes creating the programming file to load into the FPGA For an ASIC this step includes the. backend design verification steps Here the main point is to follow the process detailed in your PHAC document. up front The DO 254 specification typically allows you to remain somewhat high level while documenting your. activities during implementation especially during ASIC implementation This is due to the fact that there will be. significant testing performed on the final design,Production Transition. This is the final stage when you are transferring your design over to manufacturing Typically this ensures such. aspects as, How can you be sure you re using the correct version of the programming file during the manufacturing process. www cadence com 3,DO 254 Explained, How can you be sure you re using the correct part ASIC and FPGA.
Have you properly handled any errata for the device. This portion of the process can be quite complex and can involve several systems flowing back into the. requirements process tools such as IBM DOORS and is critically important to ensure the final system receives the. results of all processes,Process Assurance, Along with your DO 254 compliant plan you should also document how you will ensure you will meet this. plan typically documented in a Process Assurance or Quality Assurance plan This plan documents who will be. designated as the process assurance person or organization to double check that your PHAC and other plans are. followed and how this checking will be performed, It s important to realize that you must be able to prove that this checking happened typically by creating a paper. trail of internal meetings reviews internal audits etc Typically a DO 254 certification official wants this process. assurance performed by a separate qualified person or organization for example someone knowledgeable about. design verification but not someone on this design or verification team This person organization must also be. given the authority to carry out this process and be provided access to the engineers and design environment. Configuration Management, In addition to the Process Assurance plan you should also create a Configuration Management CM plan In. this plan you will document how you will ensure the development process and artifact generation process is. repeatable This typically includes a revision control and bug tracking systems for all design verification files as well. as all documentation and artifact documents, The DO 254 specification refers to the importance of tracking all design artifacts throughout the design process. Certification officials understand that design and verification files will go through many iterations However once. they are stable you are expected to baseline the design In typical commercial electronics this is analogous to a. design freeze a point in a schedule when subsequent changes are closely controlled and documented as shown. in Figure 4,Design Process Milestones,Start Initial Code Freeze Release.
Sandbox HC2 HC1, Little Control Needed Revision Control Revision Control. and Bug Tracking,Figure 4 Design process and baselines. Certification Liaison, Typically a single person is selected as the main communication point for the certification officials This single. point of contact enables clean communication and ensures that the certification official obtains a clear view of. the overall design process Typically this certification liaison has previous DO 254 experience with the skill to. communicate the details in a way that the certification official can understand. In Target Testing, Although not shown in the diagram in Figure 2 in target testing is a critical component of the DO 254. specification and is a required part of the overall flow From a DO 254 perspective all verification done in a. simulator was performed on a model of the design There is no guarantee that the model used in simulation. www cadence com 4,DO 254 Explained, matches the actual device as it sits on the target board that will be installed in the aircraft In addition that.
simulation is typically limited and does not include the actual hardware physics such as voltage and temperature. variations as will as signal degradation ringing pin capacitance loading etc. To ensure the final device performs as expected you must somehow demonstrate that the final device sitting on. the target system that will go into the aircraft meets its requirements In an ideal world the certification official. would like to see ALL requirements tested on the final part However realistically this is frequently impossible as. internal controllability and observe ability would be required As a result you can decide up front how you will. address this final testing procedure against your requirements in your PHAC document and discuss this thoroughly. with your certification official to reach agreement. Certification Officials, So who are the certification officials referred to throughout this paper There are several people that you might. interact with throughout your project, Designated Engineering Representatives DERs and Authorized Representatives ARs have FAA permission to. approve a design The DER will also find compliance when the overall project is done and everything is in. place DERs are typically an independent consultant or may be an employee of a company The AR is a somewhat. newer role and is typically an employee of a larger company Typically during DO 254 approval audits you will. interact with a DER or AR It s up to you to hire one if you will be handling the certification approval but it s best. to hire this person early during the planning process. The FAA also has Aircraft Certification Officers ACOs to provide guidance on aircraft certification related. activities ACOs assist with,Design approval and certificate management. US production approvals,Engineering and analysis questions. Investigating and reporting aircraft accidents incidents and service difficulties. DER oversight,I Still Don t Get It, Understanding the DO 254 specification and how to achieve DO 254 approval is unfortunately not as simple.
as downloading and thoroughly reading the document The DO 254 specification itself is only part of the story. There are additional supplemental papers that clarify restrict and limit how the DO 254 specification is applied In. addition there are follow on papers created by other bodies such as the international Commercial Aviation Safety. Team CAST and the European Aviation Safety Association EASA as well as additional regulations set by air. framers such as Airbus and Boeing There are also a variety of commonly accepted industry practices expected by. certification officials A minimal understanding of these documents and their organization is important as these. papers limit the scope and clarify details necessary to successfully complete a DO 254 project. The DO 254 specification was created by an RTCA committee back in the 1990s and was written to apply to all. levels of hardware including circuit boards resistors and capacitors as well as chips such as FPGAs and ASICs. So if you simply go to the RTCA website and download and read the DO 254 specification you d be left with the. impression that the document applies to a significant amount of electronic components in your system. However when the FAA enacted the DO 254 specification as policy in 2005 it chose to limit the scope to. complex custom micro coded components PALs PLDs FPGAs and ASICs For example this means an ASIC. or FPGA on your board needs to meet the specification but the board itself does not This is described in an. FAA Advisory Circular paper2 entitled AC 20 152 To make things more confusing the FAA later released Order. 8110 1053 that attempted to clarify DO 254 ambiguities and firmly close several perceived loopholes. AC 20 152 is available on the FAA website http www faa gov documentLibrary media Advisory Circular AC 20 152 pdf. FAA Order 8110 105 is available on the FAA website. http www faa gov regulations policies orders notices index cfm go document information documentID 73625. www cadence com 5,DO 254 Explained, There are also other related documents such as the AEH Job Aid 4 a collection of instructions and questionnaires. to help FAA authorized auditors audit your Airborne Electronic Hardware project. There are more documents and certification bodies that play a part but those described above are typically

Related Books