Graham is VP of Marketing at Real Intent. He has over 20 years experience in the design automation industry. He has founded startups, brought Nassda to an IPO and previously was Sales and Marketing Director at Internet Business Systems, a web portal company. Graham has a Bachelor of Computer … More »
A Verification Standard for Design Reliability
August 13th, 2015 by Graham Bell
The great thing about a standard is that once you decide to use it, your life as a designer is suddenly easier. Using a standard reduces the long list of choices and decisions that need to be made to get a working product out the door. It also gives assurance to the customer that you are following best practices of the industry.
A standard for the world of aviation electronics (avionics) is the RTCA/DO-254, Design Assurance Guidance For Airborne Electronic Hardware. It is a process assurance flow for civilian aerospace design of complex electronic hardware typically implemented using ASICs or big FPGAs. In the USA, the Federal Aviation Administration (FAA) requires that the DO-254 process is followed. In Europe there is an equivalent standard called EUROCAE ED-80.
At first glance the standard seems daunting. It defines how design and verification flows must be strongly tied to both implementation and traceability. In DO-254 projects, HDL coding standards must be documented, and any project code must be reviewed to ensure it follows these standards. They address the following issues:
The specific rules or guidelines can be grouped into the following categories:
A specific guideline, “Coding Practice 6” that ensures safe finite-state-machine (FSM) transitions declares:
Guideline CP6 is an example of the granularity within the standard. It addresses how you write state machines, the coding style you use and the conformity of the state machines to that style. Figure 1 illustrates how environmental radiation can cause incorrect behavior, and the need to prevent that.
While reviews can be done manually, an automated approach (when possible) guarantees a more consistent HDL-code quality assessment. It takes a lot of pain out of the process and makes it less daunting. Automating the HDL code assessment process has the added benefit of promoting regular HDL design-checking steps throughout the design development process, as opposed to waiting for gating design reviews in which issues can be overwhelming and more costly to address.
DO-254 compliance for HDL code is now covered by lint tools, such as Ascent Lint from Real Intent. Their accumulation of design knowledge helps ensure that safety-critical designs will be successful. Automation makes it easy to adopt lint tools into an existing team’s design flow.
To achieve a more robust DO-254 compliance, a linter is an important foundation, but not a standalone solution. You need a suite of tools, also packed with the same kind of design intelligence.
Verification that analyzes the sequential behavior and the deeper intent of RTL code provides an additional level of checking necessary for a safety-critical design. An autoformal tool uses proof engines to find subtle corner conditions that cannot be seen by a lint tool and could easily be missed in simulation. An X-propagation tool assures that designs come out of reset and low-power states correctly.
A suite of focused tools greatly improves the efficiency of existing players delivering projects and also lowers entry barriers for new ones. It boosts competition, resulting in higher quality.
Right now, aviation is an exciting field enabled by advanced electronics. The drone market alone – spurred by interest from the likes of Amazon and Google – is being awarded multi-billion dollar valuations. In the US, the FAA has finally described the operational role for unmanned aerial vehicles (UAVs), albeit relatively small ones for now.
As UAVs become more commonplace, their DO-254 compliance increasingly will be required, even if the FAA is not itself making that mandatory…yet. DO-254 clearly is a standard for high reliability verification in the field of avionics whose importance will soar.
This blog was originally published on EETimes.com.