Beruflich Dokumente
Kultur Dokumente
2015
Verification and
Validation of Field
Programmable Gate
Arrays in the Aerospace
and Defense industry
Streamlining FPGA design, verification and validation
through a global collaboration model
Contents
Executive Summary
01
Introduction
01
02
Compliance Requirements:
DO-254 Standard for FPGA
Design in Aerospace and
Defense Projects
03
05
06
Methodologies to Effectively
Meet DO-254 Objectives
09
Documentation and
Organization in Compliance
with DO-254
11
12
13
Conclusion
14
Author
14
References
14
About Cyient
16
The FPGAs
provide several
advantages over
the conventional
ASICs or ASSPs
shorter time to
market, enhanced
application
performance and
longer product life
cycle
Executive Summary
Field Programmable Gate Arrays (FPGAs)
are finding an increasing number of
applications in the Aerospace and Defense
Industry. The field-programmable gate
array (FPGA) is a semiconductor device that
can be programmed on the fieldafter
manufacturingfor product features and
functions, new standards, and specific
applications. They provide rapid prototyping,
easy debugging at an optimized cost, and
help lower the risk of product obsolescence.
Successful implementation of FGPAs require
in-depth knowledge, a security-based
development cycle, process adherence and
expertise.
Verification and validation (V&V) in the
aviation industry requires strict adherence
to stringent design assurance guidelines laid
out by DO 254 for programmable electronic
hardware like FPGAs. In addition, the ever
increasing complexity of designs and high
level of integration of programmable logic
necessitates a specialized V&V approach
for Complex Electronic Hardware (CEHs)
in avionics. Unlike the classical method of
verification and validation, DO-254 hardware
development life cycle requires V&V at each
stage of the design cycle. This results in an
elaborate verification process to ensure full
coverage of requirements at simulation,
followed by on-target verification of FPGA
designs. However, there are several significant
challenges involved in verifying FPGA designs
as per DO-254. Some of these include
establishing requirements traceability at all
levels, creating test vectors that address
simulation and hardware test match, and
testing in multiple environments to cover and
verify different sets of requirements, coverage
requirements, tool flow support, and hardware
test platforms.
This paper discusses the key technical
challenges involved in V&V of FGPA in the
Aerospace and Defence Industry. It highlights
01
Introduction
The Field-Programmable Gate Array (FPGA)
is a set of logical gates fabricated in silicon
chip that can be configured after it is
manufactured. An FPGA is not restricted to
any predetermined digital function, and is a
flexible product whose features and usability
can be programmed, adapted and reconfigured
as per standards and specific application
requirements.
FPGAs allow multiple processing operational
tasks to run simultaneously where each
task is assigned to a dedicated block of chip
and can perform autonomously without any
interference from other blocks. Therefore, the
performance of a segment of an application
is never affected due to addition of new
processing logic. While an application-specific
integrated circuit (ASIC) can perform similar
digital logical function as FPGA, the ability
to re-configure and update post installation
provides additional advantages for several
applications.
Most of the logic blocks in FPGAs include
memory elements either in the form of
simple flip-flops or complete blocks of
memory in varying sizes. In addition, FPGAs
comprise variety of high-speed transceivers,
configurable embedded SRAM, routing
resources, high-speed I/Os and logic blocks
unlike the older generation programmable
logic devices (PLDs) that only use I/Os with
programmable logic and interconnects.
The logic elements (LEs) in an FPGA are
In order to reduce risk, cost, and time-tomarket, industry players are increasingly
using FPGAs devices in safety critical systems
for successful implementation. Key factors
leading to rapid adoption of FPGAs in the
safety systems are parallel computing, high
performance and hardware miniaturization.
FPGAs can provide fast response times with
dedicated design for each task and reduce
the risk of tasks interfering with each other.
Cyber security issues are also negligible with
FPGAs as compared to software, as memory
and functions stored in an FPGA are almost
impossible to alter making it very difficult to
infect. In addition, the EDA tools for FPGA
design provide extensive functionality to
support the design process. High abstraction
level languages and block libraries and various
IP cores provide a good foundation to build
individual applications quickly. Additionally, the
testing/verification tools help with verification
at every step of the design flow.
02
The DO-254 is
a standard that
provides broadlevel process
specification
for designing
and ensuring
safety in airborne
electronic
systems and
requires all the
A&D electronic
safety systems to
comply with this
standard.
03
An Overview
The DO-254 is a standard that provides
guidance for designing and ensuring safety
in airborne electronic systems using ASICs,
FPGAs and PLDs. All the A&D electronic
safety systems are required to comply with
this standard that specifies design assurance
requirements and certification.
System process
Planning
Conceptual design
Detailed design
Derived Requirements
Requirement capture
Supporting processes
Verification and validation process
Configuration management
Process assurance
Certification liaison
Implementation
Production transition
Manufacturing process
Planning
Requirements capture
Conceptual design
SOI-1
RTL design
Detailed design
Synthesis
Place and route
SOI-2
Implementation
Production transition
Validation testing
05
SOI-4
Traceability
Planning
Supporting Process
Process assurance
Configuration management
SOI-4
System-level
requirements
management
tools, like Dynamic
Object Oriented
Requirements
System (DOORS)
provide a
database
mechanism to
store and manage
requirements
effectively as they
evolve throughout
a project while
supporting large
and complex
systems.
Test plan
Test plan
Testing
Coding
Design
Test plan
Validation testing
Coding
Synthesis
06
Functional model
based checking
is a robust
verification
technique for
safety-critical
design that can
comprehensively
prove that a
design performs
its intended
function.
07
Timing verifications
Timing verifications is an important aspect
of the FPGA verification flow. The timing
simulation needs to be performed by rerunning the HDL tests along with the gatelevel delay timing information on the resulting
netlist. This is done when the netlist is
generated after the design is transformed
to logical gate level with help of synthesis,
and place and route. A netlist with timing
information contains far more details than
the mere functional description of the HDL
code, thus making it time-consuming at times.
However, the general DO-254 expectation
is that all test codes should be run even if
the design is very large and complex, and
the execution of all test code is expected to
take days or weeks to simulate. In such cases
we recommend that other methods such as
logical equivalency checking, scale down or
scale up checking may be considered, without
compromising the logic and timing.
Timing verifications are generally divided into
two categories:
Static timing analysis
Static timing analysis (STA) is a technique
that is used to compute the expected timing
of path delays in a digital logic circuit without
any simulations. During the process of design
synthesis and place and route, the STA is
performed to analyze the path delays to ensure
they meet timing constraints. The reports
generated during synthesis process provide
only estimated timing, while reports from the
place and route provide visibility into real-time
delays as the design is being implemented into
the silicon fabric. This method of analysis is
performed by verifying every path, to identify
all set-up and hold time violations, glitches,
slow paths and clock skews. The reports are
reviewed by two independent tools (based
on the selected DAL) to ensure accuracy. The
advantages of performing STA include the
following:
08
Processor
driven verification
Open verification
methodology (OVM)
Assertion based
verification and
test bench
automation
Standards
system verilog PSL
Unified coverage
database
Universal verification
methodology (UVM)
Date:
2001
2004
09
2007
2010
Assertion-based
Verification
methodology
combined with
DO-254 compliant
tools and test and
code coverage
reports review
ensure more
than 95% test
case coverage
and 100% code
coverage
Assertion-Based Verification
Processor-Driven Verification
Assertion
library
Simulations
User defined
(SVA, PSL)
C- based
tests
Compiler
RTL
Formal
verifications
Coverage
database
Emulations
FPGA Platform/
based target
system
Emulation
Simulation
Gated logic/
netlist
RTL
Integrated Hw/
SW debug
Integrated HW/
SW debug
Processor models
Coverage
database
Fig. 6 | Approach of processor-driven verification (PDV)
10
Universal
verification
methodology
uses open libraries
and pre-defined
IP functions to
provide maximum
coverage in a
relatively shorter
duration of time
for verifying large
and complex
designs.
UVM/OVM
The Universal Verification Methodology
(UVM) is a standard verification methodology
developed by the open community. UVM
represents the latest enhancements in
verification technology and is designed to
enable the creation of robust mechanisms,
reusable modules, interoperable verification
IPs, and test bench modules.
Development
Phase
Detailed
Design
Conceptual Requirements
Design
Capture
Planning
Phase
Planning
ENG
V&V
CM
QA
SAFE
PROD
CERT
Stage Inputs
>>>
SSA, SLR
...
Stage Inputs
ENG
V&V
CM
CERT
>>>
ENG
V&V
CM
QA
SAFE
>>>
ENG
V&V
CM
QA
>>>
Process Outputs
PHAC, HDP, HVaLP,
HVerP, HCPM, HPAP
Rs, HDS, HArs, VVs
Review records, Process
records.
Planning
Process Outputs
HR, Test benches, Review Requirements
reviews
records, Process records
Review
Stage Inputs
HR, Test benches,
VVS, HDS, ...
Process Outputs
FPGA architecture design
RTL design
Process Outputs
Stage Inputs
HDRD (CCD), RTL
Code, Test benches,
VVS, HDS, ...
Planning
reviews
Functional simulations
Design reviews
Critical design
review
Implementation
Implementation
Stage Inputs
ENG
V&V
CM
QA
CERT
>>>
Timing simulations
(post-routing)
Physical tests
Process Outputs
HDRD (DDD), VVD
RTL code, Test benches,
Bitstream, Review records,
Process records
Readiness
review
Design reviews
Production a
Phase
Production
Transition
Design database
ENG
Stage Inputs
V & V, CM,
QA, SAFE, >>> Bit stream, PHAC,
HCS, VVS, HDRD
PROD
(DDD), ...
CERT
Design validation
Process Outputs
Fig. 7 | Documentation requirement of DO-254 design process at each step of FPGAs design flow
11
Readiness
Review
Adopting a global
collaborative
model and
outsourcing
the V&V and
redundancy
design processes
to an experienced
global partner
can help derive
significant
time and cost
savings, and also
ensure safety
compliance.
Level A & B
Level C & D
Project manager
Project manager
Assessor
Design/implementer
Assessor
Design/implementer
Verifier, validator
OR
Verifier, validator
Level E
Project manager
Project manager
Assessor
Design/implementer
Verifier
Validator
Assessor
Design/implementer, verifier, validator
Fig. 8 | Case example of independent execution of projects in-line with safety compliance
12
Use of latest
technologies,
innovative
techniques and
low cost skilled
resources ensured
safety, compliance
as per standards,
and provided cost
optimization.
DAL
Level E
Level D
Level C
Level B
Level A
Designer/verifier
Designer/validator
Designer/assessor
NA
Verifier/validator
Verifier/assessor
NA
Validator/assessor
NA
Where,
0 - Can be the same person;
1 - Cannot be the same person;
2 - Cannot be the same sub-system/
equipment Design Team or Project Assurance
Team within a project.
Status
data
drivers
ser_sts[19:0]
ser_cmd[19:0]
Noise
generators
decoder open
tp_reset_state_i
reset_i
fltr_bank_sel[2:0]
tp_ser_sts_fltr[2:0]
Test case
sts_data_lvds
Status data
receiver
sts_data_lvds_i
Log messages
control signals
sts_data_lvds
cmd_data_lvds_i
data transfer
Log
macros
Stimulus
generators
cmd_data_lvds
sts_data_lvds_i
CINRZ
Command
data driver
cmd_data_lvds
cmd_data_lvds_i
slot_strb
4th
generation
SPDA
backplane
FPGA
(DUT)
Clock
generator
Log files/status
phase_strb
Phase
strobe
generator
TB TOP
DUT
TB modules
Procedure/monitors/checker
Manufacturers
are increasingly
leveraging global
collaborative
business models
to take advantage
of the technical
expertise of
strategic partners
to comply
with complex
and evolving
regulatory
standards.
Conclusion
The A&D industry reported its best year ever
in 2013, in terms of revenue and operating
profit, and forecasted the same for the year
2014. Similarly, significant growth has been
noticed in the semiconductor business where
processes including FPGA verification and
validations and designing are being outsourced
to take advantage of huge cost savings and
significant time reduction in project execution.
Verification and validation of FPGAs
as per DO-254 entails rigorous and
complex procedures that require in-depth
understanding of tools and methodologies to
be used for process execution to ensure safety
compliance. Therefore, OEMs are increasingly
leveraging global collaborative business
models to take advantage of the technical
expertise of strategic partners to comply with
complex and evolving regulatory standards.
Cyient has gained significant experience in
the avionics domain and in V&V aspects of
FPGA realizations. We understand the A&D
market needs in relation to DO-254 and have
been working closely with global partners.
Leveraging our successful global partnership
model,we implement best practices and
continuous improvement processes to deliver
increased productivity, shorter timelines, and
optimized costs.
14
Author
L.V.R Prasada Raju is currently associated
with Cyient as a project manager with the
Semiconductor practice. He has over 14 years
of experience in automotive and rail industry.
His areas of expertise are RTL design for
FPGAs/ASICs, and hardware engineering for
safety critical systems.
Prasada Raju received his B.Sc. degree in 1999
and M.Sc. (Tech). Instrumentation degree in
2002, and is currently working towards Ph.D.
degree. His current research interests include
bio-medical systems and sensors, FPGAbased embedded systems, safety electronics,
and digital signal processing.
References
Standard: DO-254, Design Assurance
Guidance for Airborne Electronic Hardware,
published by RTCA, Inc
http://www.rtca.org/onlinecart/product.
cfm?id=194
Article: Functional Safety Certification
for Subsystem Developers;By Wolfgang
Kattermann, Altera Corporation
http://www.altera.com/technology/systemdesign/articles/2013/functional-safetycertification-subsystem.html
Standard: Functional Safety and IEC 61508
www.iec.ch/functionalsafety/
White paper: Code Coverage Explained For
DO-254 Programs
http://s3.mentor.com/public_documents/
whitepaper/resources/mentorpaper_45380.
pdf
White paper: Understanding DO-254 And
Solutions to Facilitate Compliance
http://s3.mentor.com/public_documents/
whitepaper/resources/mentorpaper_60834.
pdf
Additional Informations:
FPGA Fundamentals: http://www.ni.com/
white-paper/6983/en/; Publish Date: May 03,
2012
ReqTracer:www.mentor.com/reqtracer
Methodologies: http://www.mentor.com/
products/fv/methodologies/
Formal verification: http://www.mentor.com/
products/fv/abv/0-in_fv/;includes - collection
of videos and papers.
Market Research Reports: http://www.pwc.
com/en_US/us/industrial-products/assets/
pwc-aerospace-defense-2013-year-inreview-and-2014-forecast.pdf
Tools: Mentor, Synopsys, Xilinx, Altera, Aldec.
Study resources - DO-254:
Demystifying DO-254; http://s3.mentor.com/
public_documents/whitepaper/resources/
mentorpaper_38461.pdf;
The Use of Advanced Verification Methods to
Address DO-254 Design Assurance; Mentor
whitepaper
Mentor Formal Verification for DO-254(and
other Safety-Critical)Designs; Mentor
whitepaper
DO-254 Support for FPGA Design Flows;
Altera whitepaper
DO-254 for the FPGA Designer; Xilinx
whitepaper
15
About Cyient
Cyient is a global provider of engineering,
data analytics, networks and operations
solutions. We collaborate with our clients to
achieve more and shape a better tomorrow.
Our services for the aerospace industry
include:
Aero Engines: We help aircraft Engine OEMs
to develop innovative technology solutions
for improving fuel efficiency, reducing engine
emissions and noise. We provide concept to
certification engineering solutions along with
system level ownership.
Aero Structures: We provide innovative
wing and fuselage sub-assembly design
solutions from preliminary design through to
certification. We offer design & analysis, value
engineering, post design release engineering,
& manufacturing engineering services.
Aero Systems: We provide subsystemlevel engineering solutions for developing
their next generation aircraft systems. Our
systems knowledgecombined with our
expertise in design, structure, thermal and
CFD analysisallows us to provide innovative
design solutions optimized for weight and
cost.
Avionics: We offer complete product
engineering solutions from requirement
definition until #SOI3 audit. We provide civil
and military avionics solutions compliant to
D0-178B and D0-254.
Aero Interiors: we help customers to design
tomorrows clean, spacious and efficient
cabin interiors. We provide aesthetic and light
weight interior designs for commercial and
business jets.
NAM Headquarters
Cyient, Inc.
330 Roberts Street, Suite 102
East Hartford, CT 06108
USA
T: +1 860 528 5430
F: +1 860 528 5873
EMEA Headquarters
Cyient GmbH
Mollenbachstr. 37
71229 Leonberg
Germany
T: +49 7152 94520
F: +49 7152 945290
APAC Headquarters
Cyient Limited
Level 1, 350 Collins Street
Melbourne, Victoria, 3000
Australia
T: +61 3 8605 4815
F: +61 3 8601 1180
Global Headquarters
Cyient Limited
Plot No. 11
Software Units Layout
Infocity, Madhapur
Hyderabad - 500081
India
T: +91 40 6764 1000
F: +91 40 2311 0352
www.cyient.com
insights@cyient.com
2015 Cyient Limited. Cyient believes the information in this publication is accurate as of its publication date; such information is subject to change
without notice. Cyient acknowledges the proprietary rights of the trademarks and product names of other companies mentioned in this document.
16