Thought Leadership

How AMC 20-152A affects your DO-254 program?

The European Union Aviation Safety Agency (EASA) recently released new guidance in the development of electronic hardware in airborne systems. AMC 20-152A, the follow-on to AC 20-152, supplements existing ED-80/DO-254 with guidance in the development of airborne hardware.

Tammy Reeve, President of Siemens partner companies Patmos Engineering and Airworthiness Certification services, summarized the impact of this new guidance on DO-254 programs. The remainder of this post will expand on two aspects of the guidance affecting the design and verification of airborne systems.

DAL C will need to comply with design standards.  Currently DO-254 does not require design standards for DAL C.

Design standards are described in 10.2.2 of the DO-254/ED-80, and they indicate that companies must deliver guidance in the creation of both conceptual and detailed design. Design standards encapsulate a large number of work products, including coding guidelines, naming conventions, approved design tools, definition of approved design construct, and more. Up to this point, design standards are only required for DAL A and DAL B designs. The new guidance now indicates that DAL C designs must deliver and comply to design standards.

“For DAL A and B, the elemental analysis code coverage for HDL will need to consider more than just statement coverage”

For those new to the concept, code coverage is an analysis metric which measures the activity of design RTL for a given set of stimulus. Specifically, for lines of code in the design, statement, branch, toggle, and more is collected. Overall, code coverage is one metric which determines completeness of design verification. Up to this point, one could argue that DO-254 isn’t clear on expectations around the flavors of code coverage expected to be evaluated. However, previous supplemental guidance and industry best practices have pushed the industry to analyze more than statement coverage. AMC 20-152A solidifies expectations indicating that code coverage collection shall be evaluated over statement, branch, condition, line, etc…and any coverage gaps must justified.

You can find Tammy’s complete write up on the Patmos Engineering website. Additionally, Patmos is offering a free training educating the listeners on how AMC 20-152A affects their DO-254 program.

I’d love to hear what you think about the new guidance. Does it provide new clarity? What other challenges do you foresee with this new guidance?

Jacob Wiltgen

Jacob Wiltgen is the Functional Safety Solutions Manager for Mentor, A Siemens Business and responsible for defining and aligning functional safety technologies across the portfolio of IC Verification Solutions. He holds a Bachelor of Science degree in Electrical and Computer Engineering from the University of Colorado Boulder. Prior to Mentor, Jacob has held various design, verification, and leadership roles performing IC and SOC development at Xilinx, Micron, and Broadcom.

More from this author

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at https://blogs.stage.sw.siemens.com/verificationhorizons/2020/10/06/how-amc-20-152a-affects-your-do-254-program/