DO-254 Without Tears

This article was originally published on TechDesignForums and is reproduced here by permission.

At first glance the DO-254 aviation standard, ‘Design Assurance Guideline for Airborne Electronic Hardware’, seems daunting. It defines design and verification flows tightly with regard to both implementation and traceability.

Here’s an example of the granularity within the standard: a sizeable block addresses how you write state machines, the coding style you use and the conformity of those state machines to that style.

This kind of stylistic, lower-level semantic requirement – and there are many within DO-254 – makes design managers stop and think. So it should. The standard is focused on aviation’s safety-critical demands, assessing the hardware design’s execution and functionality in appropriate depth right up to the consequences of a catastrophic failure.

Nevertheless, one pervasive and understandable concern has been the degree to which such a tightly-drawn standard will impact on and be compatible with established flows. This particularly goes for new entrants in avionics and its related markets.

Your company has a certain way of doing things so you inevitably wonder how easily that can be adapted and extended to meet the requirements of DO-254… or will a painful and expensive rethink be necessary? Can we realistically do this?

Here’s the good news. The demands of the standard map closely to how EDA tools have developed and continue to evolve. Automation therefore takes a lot of pain out of the process.

DO-254 and EDA in harmony

At Real Intent, we have just placed DO-254 at the forefront of the new release of our Ascent Lint tool. It is a good illustration of what I mean.

First, what is a linter if not largely an accumulation of design knowledge that is applied to a new project in the light of what has been discovered on earlier ones? That’s where most of the rules come from. This has obvious and very beneficial implications for designs that observe predefined coding styles.

Our lint tool can guide you to the right places to look. When you have that information, it becomes a lot easier to adapt your flow and your design practices.

But let’s go further and look at the philosophy behind DO-254.

Consider the implications of ‘complexity’. It may be the most overused word in EDA but it’s still true that the increasing challenges faced by electronics system design have seen more intelligence fed into tools of all types.

To achieve DO-254 compliance specifically, I would argue that a linter is an important foundation, but you need to go further. You need a suite of tools, also packed with the same kind of semantic intelligence.

The kind of hierarchical RTL verification offered by our Ascent IIV tool and the depth of understanding of unknowns within our Ascent XV X-verification tool illustrate the extra checks and traces that are likely to be needed for a safety-critical design.

And there they are already in our tools – and yes, those of some of our competitors. These tools have evolved largely in parallel with the needs of this particular standard, but more importantly with the broader needs of all electronic system design.

Processes alone can only take you so far. Processes that highlight the need for an informed approach to design are what we need. That last quality strikes me as a key and very welcome aspect of DO-254.

DO-254 has its rewards

None of this means that DO-254 compliance is ‘easy’. No safety-first design should be. Attention to detail matters. But again, you already knew that even if you have never worked on an aviation project before. Today, nothing is easy.

In that context, today’s EDA tools include capabilities that greatly improve the efficiency with which existing players in aviation deliver projects and also lower the barriers to entry for new ones. That boosts competition and thereby quality.

Right now, aviation is an exciting field. The drone market alone – spurred by interest from the likes of Amazon and Google – is being awarded multi-billion dollar valuations. In the US, the FAA has this month finally described how it sees UAVs operating, albeit relatively small ones for now.

As UAVs become more commonplace, their DO-254-compliance will increasingly be required… even if the FAA is not itself making that mandatory. Yet.

A tremendous opportunity exists and EDA can help a great many of its customers take advantage of it. DO-254 does present challenges, but they are not so different from those we already face – with the right tools you can adapt without tears.

This entry was posted in pranav-ashar by Pranav Ashar, Chief Technology Officer. Bookmark the permalink.

About Pranav Ashar, Chief Technology Officer

Dr. Pranav Ashar brings more than two decades of EDA expertise to Real Intent. Previously he was Department Head at NEC Labs in Princeton, NJ where he developed a number of EDA technologies that have influenced the industry. Pranav has authored about 70 refereed publications with more than 1500 citations, and co-authored a book titled "Sequential Logic Synthesis". His paper titled "Accelerating Boolean Satisfiability with Configurable Hardware" was selected as one of 25 significant contributions from 20 Years of the IEEE Symposium on Field-Programmable Custom Computing Machines. He has 35 patents granted or pending, a few of which have led to business enablement. Pranav was adjunct CSEE faculty at Columbia University where he has taught VLSI design and verification courses. Pranav received his Ph.D. in EECS from the University of California, Berkeley.