The European Union Aviation Safety Agency (EASA) recently released new guidance in the development of electronic hardware in airborne systems. AMC 20-152A, the follow-on to AC 20-152, supplements existing ED-80/DO-254 with guidance in the development of airborne hardware.
Tammy Reeve, President of Siemens partner companies Patmos Engineering and Airworthiness Certification services, summarized the impact of this new guidance on DO-254 programs. The remainder of this post will expand on two aspects of the guidance affecting the design and verification of airborne systems.
“DAL C will need to comply with design standards. Currently DO-254 does not require design standards for DAL C.“
Design standards are described in 10.2.2 of the DO-254/ED-80, and they indicate that companies must deliver guidance in the creation of both conceptual and detailed design. Design standards encapsulate a large number of work products, including coding guidelines, naming conventions, approved design tools, definition of approved design construct, and more. Up to this point, design standards are only required for DAL A and DAL B designs. The new guidance now indicates that DAL C designs must deliver and comply to design standards.
“For DAL A and B, the elemental analysis code coverage for HDL will need to consider more than just statement coverage”
For those new to the concept, code coverage is an analysis metric which measures the activity of design RTL for a given set of stimulus. Specifically, for lines of code in the design, statement, branch, toggle, and more is collected. Overall, code coverage is one metric which determines completeness of design verification. Up to this point, one could argue that DO-254 isn’t clear on expectations around the flavors of code coverage expected to be evaluated. However, previous supplemental guidance and industry best practices have pushed the industry to analyze more than statement coverage. AMC 20-152A solidifies expectations indicating that code coverage collection shall be evaluated over statement, branch, condition, line, etc…and any coverage gaps must justified.
You can find Tammy’s complete write up on the Patmos Engineering website.
I’d love to hear what you think about the new guidance. Does it provide new clarity? What other challenges do you foresee with this new guidance?