Top Seven DO-254 Tips from AFuzion

11 Jun

AFuzion receintly engaged seven different DO-254 projects the past seven months; what were the Top DO-254 Tips?  Our DO-254 whitepapers at http://www.afuzion.com provide many more DO-254 Answers, but the Top Seven DO-254 Tips below are compelling.  Enjoy (or come to our DO-254 Training to learn more:  AFuzion’s DO-254 trainers have trained more engineers in DO-254 than all the other trainers in the world, combined.  Enjoy the following.

Tip Number One: from a USA project where we provided AFuzion’s onsite DO-254 training and DO-254 analysis for a UAV client: DO-254 isn’t normally required for UAV’s, though DO-178C increasingly is. This client was using C++ within an FPGA:  C++ normally comes under DO-178C (software) whereas FPGA implementations are normally covered via DO-254 (silicon Complex Electronic Hardware – CEH).  So, was this client’s FPGA-based solution DO-178C or DO-254?  Different authorities have different opinions. However, this client was making a primary flight control computer for which their safety assessment showed DAL B.  For DAL B, there is very little difference between DO-178C and DO-254 (quite the opposite for DAL C!!).  So we applied DO-178C processes to the C++ baseline even though it would become FPGA firmware. Simply skipping software compliance was arguably possible, but this client wanted to export their UAV showing DO-254 & DO-178C compliance so this was the best choice.  Non-technical tip:  this was a Midwest client – go for the aged beef if you’re non-vegetarian; some of the finest in the world.

Tip Number Two AFuzion_World_Map-Titled-World-of-AFuzion.PNG from an Israel project: Client procured AFuzion’s DO-254 Gap Analysis to analyze new, and some very old, legacy logic.   A portion of the baseline was perfectly stable but the source no longer existed nor was it developed to any safety critical standard. The DO-254 gap analysis showed the cost to recreate this baseline would have been excessive and unnecessary since no changes were planned and the I/O was well-defined to apply exhaustive DO-254 testing.  We proposed a wrapper-solution whereby the I/O was checked for all instances at runtime; DAL C and DAL D were applicable thus obviating the need for white-box DO-254 verification.  Client complied with DO-254 while saving 80% of the DO-254 cost otherwise applicable with redeveloping.  Non-technical tip: stay in Tel Aviv’s Marina District: swim in the warm sea at dawn and try amazing local produce and fruit.

Tip #3 from a DO-254 consulting assignment in Turkey.  Client had an existing board deploying both a CPU and several FPGA’s; Client needed a DAL A solution for one component and could choose a software (DO-178C) or CEH (DO-254) solution.  After receiving AFuzion’s DO-254 training, client realized 3rd party DO-254 DAL A testing tools were less mature than DO-178C testing tools and that a software-based approach for DO-178C for their separate DAL A component. Client switched from putting this functionality in an FPGA to instead the CPU-based approach, thus deploying DO-178C with improved testability.  Project is now successfully entering flight test.  Non-technical tip: though inland, Ankara has incredible fish flown in daily: just ask the cook to grill it the traditional way with olive oil and lemon: amazing.

Tip #4 from a Chinese commercial aircraft project: Client needed DO-254 safety-assessments performed thinking the system required all logic to be DAL B.  AFuzion’s DO-254 analysis showed that the system’s two FPGA’s could be partitioned with one DAL A DO-254 FPGA and the other FPGA DAL D DO-254.  Instead of putting all the logic in the same FPGA and invoking either expensive partitioning redesign per DO-254 or monolithic DAL B throughout, client was able to move 40% of the logic to the DAL D FPGA thus reducing DO-254 certification cost by 60% (see AFuzion’s updated DO-254 Costs Whitepaper which shows why DAL D costs 35% – 60% less that DO-254 DAL B.).  Non-technical tip: be sure to stay or stop in Shanghai and visit the last vestiges of traditional neighborhoods before they soon disappear – amazing contrast of old and new like nowhere in the world.

Tip #5 from a U.K.  DAL D DO-254 project.  This client was building an all-new system requiring certification via both EASA ED-80 and FAA DO-254.  After receiving AFuzion’s ED-80 training for European DO-254, client realized EASA was more strict on DAL D than FAA (where AC 20-152 thinking still often prevails). Instead of applying more liberal AC 20-152 and CAST-27, client developed both systems per stricter EASA DO-254 constraints; added slight cost was offset by cost-reduction of identical DO-254 solutions. See AFuzion’s whitepaper “Avoiding DO-254 Top Mistakes” for more details. Non-technical tip: this was a small town with restaurants seemingly closed by 8 pm; instead, hit the Pub where even if the UK’s delicious beer isn’t to your liking, there’s a good chance some fresh pub fare can be cooked up for you at 11 pm.

Tip #6 from Down Under Client was a consulting company itself branching into aviation development on an upcoming DO-254 DAL C project. They were CMMI 3 minus, with aspirations of CMMI 3-plus. They’d been previously told by another DO-254 consultant that they needed all-new processes. While all-new processes are a sure way to eventually achieve DO-254 compliance, it’s also expensive, relies upon a corporate culture change, and has seriously negative schedule and adoption impact. Instead, AFuzion recommended to improve the existing processes to fully CMMI Level 3 thus minimizing the DO-254 gap; then fill in the remaining relatively small gap with improved process assurance, hardware design processes, traceability, and DO-254 compliant hardware verification.  Non-technical tip:  domestic travel is easy and cheap:  get out of town and visit the smaller towns which also have the same famous Aussie hospitality.

Tip #7 from an Italian DO-254 Training (combined with DO-178C Training) Client.  This client had DO-178C experience but was new to DO-254 and also wanted to procure new DO-254 tools for requirements, configuration management, and process assurance. AFuzion showed how the existing DO-178C tools could be readily adapted for DO-254 thus minimizing cost, risk, and adoption time. Hardware design and VHDL tools were a different story but we showed how DO-254 verification focuses upon the human quotient, e.g. verify primarily the human’s output, secondarily the tool’s output. Non-technical tip, go native and enjoy Cappuccino only in the morning and eat dinner after 9 pm with pasta “al dente”, meaning “firm” as in firmware …

For technical specifics on AFuzion’s DO-254 training, see http://afuzion.com/avionics-training/workshops/avionics-hardware-intermediate-do-254-training-class/

For technical specifics on AFuzion’s DO-254 Gap Analysis, see http://afuzion.com/gap-analysis/

For free whitepapers on DO-254 (Copyright AFuzion), see http://afuzion.com/avionics-safety-critical-training-whitepapers/

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: