DO-254 Best Practices: Top Seven DO-254 Tips from Seven Projects

June 20, 2016 (PRLEAP.COM) Business News
June 20, 2016 - AFuzion has recently engaged an unusually large number of DO-254 projects: in seven months we've completed seven projects in seven countries. Many interesting DO-254 facts were acquired and we share them here including DO-254 best practices. Below we provide one top DO-254 tip from each project/country. For more technical DO-254 details, or advanced DO-254 training, just visit the links at the end of this article.

Tip #1, from a USA project where we provided AFuzion's onsite DO-254 training and DO-254 analysis for a UAV client: DO-254 isn't normally required for UAV's, though DO-178C increasingly is. This client was using C++ within an FPGA: C++ normally comes under DO-178C (software) whereas FPGA implementations are normally covered via DO-254 (silicon Complex Electronic Hardware CEH). So, was this client's FPGA-based solution DO-178C or DO-254? Different authorities have different opinions. However, this client was making a primary flight control computer for which their safety assessment showed DAL B. For DAL B, there is very little difference between DO-178C and DO-254 (quite the opposite for DAL C!!). So we applied DO-178C processes to the C++ baseline even though it would become FPGA firmware. Simply skipping software compliance was arguably possible, but this client wanted to export their UAV showing DO-254 & DO-178C compliance so this was the best choice. Non-technical tip: this was a Midwest client go for the aged beef if you're non-vegetarian; some of the finest in the world.

Tip #2 from an Israel project: Client procured AFuzion's DO-254 Gap Analysis to analyze new, and some very old, legacy logic. A portion of the baseline was perfectly stable but the source no longer existed nor was it developed to any safety critical standard. The DO-254 gap analysis showed the cost to recreate this baseline would have been excessive and unnecessary since no changes were planned and the I/O was well-defined to apply exhaustive DO-254 testing. We proposed a wrapper-solution whereby the I/O was checked for all instances at runtime; DAL C and DAL D were applicable thus obviating the need for white-box DO-254 verification. Client complied with DO-254 while saving 80% of the DO-254 cost otherwise applicable with redeveloping. Non-technical tip: stay in Tel Aviv's Marina District: swim in the warm sea at dawn and try amazing local produce and fruit.

Tip #3 from a DO-254 consulting assignment in Turkey. Client had an existing board deploying both a CPU and several FPGA's; Client needed a DAL A solution for one component and could choose a software (DO-178C) or CEH (DO-254) solution. After receiving AFuzion's DO-254 training, client realized 3rd party DO-254 DAL A testing tools were less mature than DO-178C testing tools and that a software-based approach for DO-178C for their separate DAL A component. Client switched from putting this functionality in an FPGA to instead the CPU-based approach, thus deploying DO-178C with improved testability. Project is now successfully entering flight test. Non-technical tip: though inland, Ankara has incredible fish flown in daily: just ask the cook to grill it the traditional way with olive oil and lemon: amazing.

Tip #4 from a Chinese commercial aircraft project: Client needed DO-254 safety-assessments performed thinking the system required all logic to be DAL B. AFuzion's DO-254 analysis showed that the system's two FPGA's could be partitioned with one DAL A DO-254 FPGA and the other FPGA DAL D DO-254. Instead of putting all the logic in the same FPGA and invoking either expensive partitioning redesign per DO-254 or monolithic DAL B throughout, client was able to move 40% of the logic to the DAL D FPGA thus reducing DO-254 certification cost by 60% (see AFuzion's updated DO-254 Costs Whitepaper which shows why DAL D costs 35% - 60% less that DO-254 DAL B.). Non-technical tip: be sure to stay or stop in Shanghai and visit the last vestiges of traditional neighborhoods before they soon disappear amazing contrast of old and new like nowhere in the world.

Tip #5 from a U.K. DAL D DO-254 project. This client was building an all-new system requiring certification via both EASA ED-80 and FAA DO-254. After receiving AFuzion's ED-80 training for European DO-254, client realized EASA was more strict on DAL D than FAA (where AC 20-152 thinking still often prevails). Instead of applying more liberal AC 20-152 and CAST-27, client developed both systems per stricter EASA DO-254 constraints; added slight cost was offset by cost-reduction of identical DO-254 solutions. See AFuzion's whitepaper "Avoiding DO-254 Top Mistakes" for more details. Non-technical tip: this was a small town with restaurants seemingly closed by 8 pm; instead, hit the Pub where even if the UK's delicious beer isn't to your liking, there's a good chance some fresh pub fare can be cooked up for you at 11 pm.

Tip #6 from Down Under Client was a consulting company itself branching into aviation development on an upcoming DO-254 DAL C project. They were CMMI 3 minus, with aspirations of CMMI 3-plus. They'd been previously told by another DO-254 consultant that they needed all-new processes. While all-new processes are a sure way to eventually achieve DO-254 compliance, it's also expensive, relies upon a corporate culture change, and has seriously negative schedule and adoption impact. Instead, AFuzion recommended to improve the existing processes to fully CMMI Level 3 thus minimizing the DO-254 gap; then fill in the remaining relatively small gap with improved process assurance, hardware design processes, traceability, and DO-254 compliant hardware verification. Non-technical tip: domestic travel is easy and cheap: get out of town and visit the smaller towns which also have the same famous Aussie hospitality.

Tip #7 from an Italian DO-254 Training (combined with DO-178C Training) Client. This client had DO-178C experience but was new to DO-254 and also wanted to procure new DO-254 tools for requirements, configuration management, and process assurance. AFuzion showed how the existing DO-178C tools could be readily adapted for DO-254 thus minimizing cost, risk, and adoption time. Hardware design and VHDL tools were a different story but we showed how DO-254 verification focuses upon the human quotient, e.g. verify primarily the human's output, secondarily the tool's output. Non-technical tip, go native and enjoy Cappuccino only in the morning and eat dinner after 9 pm with pasta "al dente", meaning "firm" as in firmware …

For technical specifics on AFuzion's DO-254 training, see http://afuzion.com/avionics-training/workshops/avionics-hardware-intermediate-do-254-training-class/

For technical specifics on AFuzion's DO-254 Gap Analysis, see http://afuzion.com/gap-analysis/

For free whitepapers on DO-254 (Copyright AFuzion), see http://afuzion.com/avionics-safety-critical-training-whitepapers/

Share Article