当前位置:首页 >> 信息与通信 >>

Do254研讨会资料


? ?

? ? 2009?
DO‐254 研讨会资料

?
主办方: 中国民航大学 法国 Aeroconseil 公司 协办方: Mentor Graphics 公司 奥肯思公司?

? ? ? ? 北京? ?11 月 26‐27 日?

DO254 研讨会 - 2009年11

月26日-27日 北京

DO254报告
Lionel Burgaud - Aeroconseil

Th DO254 document The d t seen by b www.wordle.net dl t

Aeroconseil
Corporate Introduction

公司介绍

July 2009

Aeroconseil
Corporate C t Introduction I t d ti 公司介绍 Certification Support for Aircraft Manufacturers 针对飞机制造商的认证支持 Certification Support for System, Equipment Suppliers & Project Teams 针对系统 设备供应商及项目团队的认证支持 针对系统,设备供应商及项目团队的认证支持

Corporate Introduction 公司介绍

2009/July

Facts, Figures and Strategy
Aeronautical pure player 25 years of Success 2008 Turnover : 99,1 M 1050 employees 2 Ranges of Activities
Ai ft & S t E i i Aircraft Systems Engineering Air Transport Services

International Business Partners I t ti l presence & Network N t k of fB i P t

2009/July

Worldwide Presence

in progress

Aeroconseil in Shangha?, China Awac Pacific Air Service in Polynésia Aeroconseil South America i B in Brasil, il S Sao P Paulo l

Aeroconseil France in Toulouse, Paris Aeroconseil Deutschland in Hamburg Aeroconseil Ibérica in Madrid Partnerships Aeroconseil & Stirling Dynamics
in Bristol, Bristol England

Partnership Aeroconseil &Genser
in Bangalore Bangalore, India

Aeroconseil & Bertrandt
in Hamburg, Germany 2009/July

Positioning

20?years?of engineering?background 600?highly?skilled?engineers

2009/July

Multidisciplinary Teams
E perts Experts:
? Engineering experts, working with teams from different aircraft manufacturers, system y suppliers pp and subcontractors. ? Certification & Airworthiness specialists ? Safety S f t specialists i li t ? Aircraft modification teams, with Part 21 agreements

A collaboration between the teams to cover the entire development cycle

2009/July

Offer to System & Equipment Suppliers

8

Positioning and Activities
Aircraft Level
? Support for IP discussions ? Support for TC Certification ? STC with EASA agreements

Part 21 CS25, CS-E, CS23, CS27,… ARP 4754
System Development Process

Equipment, Software and Equipment Hardware levels
? Training ? Design & Process Assurance ? Gap Analysis, ? Process Improvement, Improvement ? Support for Certification audits ? Environmental Aspects p
2009/July

ARP 4761
Safety Assessment

DO178B
Software Development Process

DO254
Hardware Development Process

DO160
Environmental Test Conditions & Procedures

Certification Support for Aircraft Manufacturers 针对飞机制造商的认证支持

2009/July

Aeroconseil 能帮助你
通过提供有经验的工程师来协助组织技术团队
? 根据您的具体情况组织开发团队去定义整个认证开发过程 ? 直接参与到技术团队中

通过提供认证方面的专家,提供:
? 了解有关适航规定, 型号认证 (型号合格证TC)和补充型号合格证 STC), STC) ? 与适航当局讨论关于航空项目的文件 ? 准备认证审计 准备认 审计 ? 定义应用国际标准(如ARP4754/4761, DO178B, DO254,…)的指令 ? 对系统和设备供应商进行评估、审计以及后续跟踪 ? 评审系统和设备供应商提供的文档 评审系统和 备供应商提供的文档 ? 改进系统和设备供应商的过程体系

Certification Support for System, Equipment Suppliers & Project Teams 针对系统,设备供应商及项目团 队的认证支持

2009/July

Aeroconseil 能帮助你
提供认证方面的专家:
? 培训航空认证的相关内容 ? 基于认证的目标,评估贵公司现有过程和实践 ? 定义改进贵公司现有过程的行动计划 ? 跟踪过程改进活动 ? 根据实际情况, 帮助定义一种更好的方式 定义 种更好的方式去实现整个开发过程, ? 提供工具评估&鉴定方面的支持 ? 帮助用户准备认证和/或客户审查工作 ? 对子承包商进行评估、审查以及后续跟踪 ? 评审子承包商提供的文档 ? 改进承包商的过程体系

DO254 研讨会 - 2009年11月26日-27日 北京

DO254报告
Lionel Burgaud - Aeroconseil

Th DO254 document The d t seen by b www.wordle.net dl t

目录
Introduction to DO254 - DO254绪论
? 与其他文件的关系, 与其他文件的关系 DAL定义,生命周期总览 定义 生命周期总览

DO254 Lifecycle and Activities DO254的生命周期及其活动
? 设计活动,V&V活动,构型管理,进程保证

Special Topics : COTS COTS, IPs, IPs Tools 特别专题: COTS, IPs, 工具" C tifi ti in i practice ti - DO254取证实践" DO254 Certification
? ? ? ?
认证基线 (CRI/IP,飞机制造商指令,……) 根据DAL调整DO254活动 审定联络活动 审定的实践

DO-254 Seminar – Beijing – Nov.2009

目录

Introduction to DO254 - DO254绪论
与其他文件的关系 DAL定义,生命周期总览 定义 生命周期总览 ? 与其他文件的关系,

DO-254 Seminar – Beijing – Nov.2009

Aircraft breakdown 飞机分解
STRUCTURE/ MANUFACTURING 结构/ 制造 ENGINES 引擎

Systems 系统

System: a collection of components organized to accomplish a specific function or a set of functions 系统:用来实现某一特定功能或某一组特定功能的部件组合

DO-254 Seminar – Beijing – Nov.2009

System Breakdown 系统分解

Sensor 传感器

Computer 电脑

Actuator 执行器

DO-254 Seminar – Beijing – Nov.2009

Role and responsibilities - 角色与责任
Airlines Airworthiness Authorities

END USER ? Cheap, performance, reliable
航空公司

CERTIFY ? Safety
适航当局

最终用户? 经济,性能,可靠

审定 ? 安全性

Design liability / 设计责任 计
Aircraft Manufacturer 飞机制造商 System/Equipment manufacturer 系统/设备制造商

Component Manufacturer

COTS Provider 零部件制造商 COTS供应商
DO-254 Seminar – Beijing – Nov.2009

System Complexity increases - 系统越来越复杂
A300 (18)
N1 LIMIT AUTO THRT TEST COMPUTER
1 1 2

Airbus Autopilot and Flight Management

空客的自动驾驶仪和飞行管理系统

A310 / A300-600 (10)
TCC
2 2

PITCH TRIM

4

YAW DAMP & LIM

4

FMC FAC/FLC

A320 (4)
FMGC
2 2

LOGIC COMPUTER LONGITUDINAL COMPUTER LATERAL COMPUTER

2 2

4

A340 (2)
FMGEC
2

FCC
2

2

FAC

模拟系统

ANALOG

1st DIGITAL GENERATION (VOLUME: 134 LITRES)

第一代数字系统

2nd DIGITAL GENERATION (VOLUME: 63 LITRES)

3rd DIGITAL GENERATION (VOLUME: 31 LITRES)

第二代数字系统

第三代数字系统

DO-254 Seminar – Beijing – Nov.2009

How to manage complexity? - 如何应对复杂性?

Complexity increases – 复杂性日益增长
? Design error increase – 设计错误增加 ? Development assurance activities are needed to detect these errors
需要开发保障保证活动来发现错误 ? All of those planned and systematic actions used to substantiate, at an
?
adequate level of confidence, that design errors have been identified and corrected such that hardware satisfies the application certification basis 设计保障(design Assurance): 所有策划和系统的活动,能以足够的信心证 所有策划和系统的活动 能以足够的信心证

实设计的错误已经被识别并被纠正,这使硬件满足应用取证基础。

3 Guides to manage assurance g development p 进行开发保障的三个指南
? System level: ED 79/ARP 4754 – 系统级 ? Hardware Level: ED 80/DO 254 – 硬件级 ? Software level: ED 12/DO 178 – 软件级

DO-254 Seminar – Beijing – Nov.2009

Key Guidance - 重要的指南
Guidance documents – 指南文件: ? Acceptable means of compliance of regulatory aspects. ? 规章的可接受的符合性方法

ARP4754/ED-79

结构化的方法确保设备满足(安全)目标

Structured approach to ensure that the equipment WILL meet the (safety) objectives

系统开发进程

ARP 4761
安全评估

综合模块化航电系统 (IMA)

DO-297 / ED-124

DO-178B / ED-12B
软件开发进程

DO-254 / ED-80
电子硬件开发进程

DO-254 Seminar – Beijing – Nov.2009

System Design Process - 系统设计过程
The objective is to identify the structure and the configuration of the entire system. 目的是为了确定整个系统的结构和构型
? ? ? ? ? ?
ARP 4754 is the main guideline to perform this activity in line with certification objectives. ARP4754 是系统设计活动的主要指南,符 合取证目标 The hardware and software components are identified : operational needs, environment, and safety…. 硬件和软件组件被定义:操作需求,环境和 安全 The system Th t development d l t will ill i interact t t with ith the Hardware and Software development 系统的开发与硬件/软件的开发息息相关

System Development Process 系统开发进程

Software Life Cycle Process 软件生命周期进程

Hardware Design Life cycle process 硬件生命周期进程

DO-254 Seminar – Beijing – Nov.2009

Design Process: Basic Rules - 设计过程:基本规则
Structured approach: Phases of design are clearly defined 结构化的方法:明确定义设计的各个阶段 Requirement-based Engineering : 基于需求的工程: ? Capture of requirements which define the need ? 获取需求 ? Verification of the p product against g the requirements q ? 依据需求对产品做验证 Design and safety analysis are performed in parallel 设计与安全分析是并行的 Iterative process: Capture of additional requirements during the development process 迭代过程:在开发过程中获取更多的需求

DO-254 Seminar – Beijing – Nov.2009

Basic rules: Structured processes 基本规则:结构化的过程
SYS SYS 系统
需求 开发计划 产品定义 产品设计 部件实现 产品部件集成 产品

ARP4754/ ED-79 ARP4754/ ED-79

EQPT EQPT 设备

HW /SW SW HW HW / /SW
NEEDS PRODUCT

DO-254 / ED-80 DO-178B DO 178B / ED ED-12B 12B

Plan the development

Integrate the product components

Specify the product

Design the product

Realize the components

ARP 4761

DO-160D DO 160D / ED-14D ED 14D
DO-254 Seminar – Beijing – Nov.2009

System Design & Safety process 系统设计和安全进程
安全进程 FHA
失效条件, 影响, 分类, 安全性, 目标 系统功能 失效条件, 影响, 分类, 安全性, 目标 架构需求 系统架构 飞机功能

飞机级 功能需求

系统 FHA

飞机功能分派到系统

C CCA

PSSA

系统架构的开发

FTA FMEA SSA
结果

项的需求

项的需求分配至硬件和 软件

实施

系统实施
实体系统

认证
DO-254 Seminar – Beijing – Nov.2009

Safety process: Key concept 安全进程:主要概念

FAILURE CONDITION – 失效条件 ? A ? Failure Condition ? is defined at each system level by its effects
on the functioning of the system. ? “失效条件”在每 失效条件 在每一个系统级按照其对系统功能的影响来定义 个系统级按照其对系统功能的影响来定义 ? It is characterized by its effects on : ? 失效条件表征为对如下二个方面的影响: ? the th other th systems t – 其他系统 ? the aircraft. – 飞机

FAILURE CONDITION EXAMPLE –失效条件案例 ? Total Loss of the electric power ? 断电 ? Erratic functioning of f f the power generation and distribution system ? 发电和配电系统功能的不稳定

DO-254 Seminar – Beijing – Nov.2009

Regulatory Safety target 规章的安全目标
Based on statistics, most of severe accidents (loss of aircraft, people l death), d th) world ld wide id rate t i is 1 per million illi of f flight fli ht hours h 根据统计数据,多数严重事故(机毁人亡)每百万飞行小时发生一次 Only 10 percent of fatal accidents have Onl ha e been attributed attrib ted to a critical failure conditions involving aircraft systems 只有百分之十的致命事故是由飞机系统的关键失效条件所导致的 There are approximately 100 catastrophic failure conditions 大约有100种灾难性的失效条件

DO-254 Seminar – Beijing – Nov.2009

Regulatory Safety target 规章的安全目标
The probability of occurrence of each catastrophic failure conditions must be shown to be at most : 每一个灾难性的失效条件发生的概率最多不得超过:

10-6 x (0,1) x (0,01) = 10-9 per flight hour
The certification criteria for large airplanes is based on this fundamental safety target 大飞机的认证标准基于这个基本的安全目标

DO-254 Seminar – Beijing – Nov.2009

Failure Conditions 失效条件

DO-254 Seminar – Beijing – Nov.2009

Safety process: Key concept 安全进程:主要概念
Safety Severity Classes And Associated Objectives 安全严重等级及相关目标
Classes 安全严重等级 Objectives at FC level 故障标准级目标 ≤ 10-9/hr + F il S Fail Safe f criterion it i 失效安全标准 ≤ 10-7/hr 5/hr ≤ 10-5 No objective 没有目标 没有
DO-254 Seminar – Beijing – Nov.2009

Objectives at Aircraft level 飞机级目标 ≤ 10-7/hr + F il S Fail Safe f criterion it i 失效安全标准 j No objective 没有目标 No objective 没有目标 No objective 没有目标 没有

CATASTROPHIC 灾难性的 HAZARDOUS 危险的 MAJOR 主要的 MINOR 次要的

Safety process: Key concept 安全进程:主要概念
Example of Failure condition and Aircraft Effect : Electrical G Generation ti 失效条件和对飞机影响的实例:发电系统
? Total Loss of the Electric Power ? 断电
? Effect on aircraft: Loss of Electrical flight Control System leading to a
possible loss of aircraft control. A/C handling may be possible by mechanical back up. ? 对飞机的影响:飞行控制系统的电力损失将可能导致飞机失控。飞机操控 可能可以被机械操作代替 可能可以被机械操作代替。

? Classification: CATASTROPHIC ? 分级:灾难性的 ? Safety/Operational Reliability objective: 1.0E-09 ? 安全/操作可靠性目标:1.0E-09

DO-254 Seminar – Beijing – Nov.2009

Safety process: Key concept 安全进程:主要概念
Assignment of system development assurance levels (DAL) 系统开发保证等级 (DAL)的确定 ? The is assigned based failure condition Th system DAL i i db d on the h most severe f il di i
classification associated with the applicable aircraft level function ? 系统DAL由其相应的飞机级的功能中最严重失效条件所确定

Failure condition classification 失效条件分类 Catastrophic / 灾难性的 Hazardous a a dous / 危险的/非常重要的 Major/ 主要的 Minor/ 次要的 No safety effect/ 没有影响的
DO-254 Seminar – Beijing – Nov.2009

System DAL

系统开发保证等级
A B C D E

Safety process: Key concept 安全进程:主要概念
Design Assurance Level definition – 设计保证级别的定义 ? The DAL determines the level of rigor and discipline to develop an item ? 设计保证级别决定了某项开发的严格程度 ? System – 系统 y ? Hardware – 硬件 ? Software – 软件 Assignment of f Equipment DAL – 设备DAL的分配 ? The Equipment development assurance level is assigned based on: ? 设备开发保证级别是根据以下来决定的: ? The System DAL – 系统DAL ? Architecture Considerations – 构架的考虑 Rules for equipment DAL assignment are defined in ARP 4754 设备DAL分配的规则定义在ARP4754中

DO-254 Seminar – Beijing – Nov.2009

Safety process: Key concept 安全进程:主要概念

DO-254 Seminar – Beijing – Nov.2009

HW-SW Allocation - 硬件/软件分配
The System development process also determines the Hardware/Software allocation 系统开发进程也决定了硬件/软件的分配
Equipment specification 设备规范

Hardware allocation 硬件分配

Software allocation 软件分配

Hard/Soft Interface specification 硬件/软件接口规范 HW Implementation 硬件实施 SW implementation 软件实施

DO-254 Seminar – Beijing – Nov.2009

Input for Hardware design 硬件设计的输入
Conclusion: The System development process provides the inputs for the Hardware design 结论:系统开发进程提供了硬件设计的输入
? The System development process allocates to the Hardware: ? 系统开发进程给硬件分配了: ? Functional requirements, q , Environmental requirements, q ,
Interface requirements,… ? 功能需求,环境需求,接口需求,… t S f t assessment t allocates ll t to t the th Hardware H d ? S System Safety ? 系统安全评估给硬件分配了: ? DAL ? 开发保证级别 ? Unexpected events with associated failure rate ? 意外事件及其相应的失效率

DO-254 Seminar – Beijing – Nov.2009

DO254 Document - DO254 文件

Now we see how DO254 is related to the System y and Safety processes, so let's analyze the DO254 requirements and impact. 现在,我们了解了DO254与系统和安全进程的关系,接 下来分析一下DO254的要求及其影响

DO-254 Seminar – Beijing – Nov.2009

DO254 Writers - DO254的编写者
The DO254 document has been written by a joint Eurocae / RTCA committee, with participants from: DO254是由欧洲民用航空设备组织/航空无线电委员会共同撰 写 由以下方面参与: 写,由以下方面参与:
? Aircraft manufacturers (Airbus, Boeing, Dassault, Embraer, Bombardier...) ? 飞机制造商(空客,波音,达索,巴西航空工业公司,庞巴迪等) ? Main Avionics suppliers ? 主要的航电供应商 ? Airworthiness Authorities ? 适航当局 ? Space agency: NASA ? 航天局 航天局:NASA

Released in April 2000 – 发布于2000年4月

DO-254 Seminar – Beijing – Nov.2009

DO254所涉及的范围
Written to be applicable for all complex hardware items 为适用于所有复杂的硬件项目而编写

Equipment (LRU) – 现场可更换单元

Board (SRU) – 主板

ASIC, PLD, SOC – 集成电路

COTS components – 商用现货部件
DO-254 Seminar – Beijing – Nov.2009

DO254 Complexity consideration 复杂性的考虑
What does ‘Complex’ p Hardware mean ? “复杂”硬件的含义是什么? DO254 definition – DO254的定义 ? A hardware item is considered simple if a comprehensive combination of
deterministic tests and analyses can ensure correct functional performance under all foreseeable operating conditions with no anomalous behavior ? 如果进行充分的确定性测试与分析,就能保证一个对象在所有可预见的运行 条件下都能正常运行,而不会发生异常,则该对象就可视为“简单的”。

? All items that are not simple are considered to be ‘complex’ ? 所有非简单的对象被视为“复杂的”

DO-254 Seminar – Beijing – Nov.2009

Activities in case of Simple “简单”情况下的活动

Extensive documentation for design process is not required 不需要长篇累牍的设计进程的文档 The verification and configuration management activities need eed to be pe performed o ed but no o extensive e te s e formal o a documentation is required. 验证和构型管理的工作是需要的,但不需要长篇累牍的文档 “Simple” does not mean “Nothing to do” ! “简单”并不代表“什么都不用做”!

DO-254 Seminar – Beijing – Nov.2009

DO254 Applicability 适用性
The Certification Authorities made the DO254 applicable for : 审定机关使得DO254适用于:

? ? ? ?

FPGA ASIC IP Complex COTS

The Aircraft Manufacturer can require application of DO254 for a larger perimeter 飞机制造商可能要求DO254更大范围的应用

? Example : Airbus directives (ABD100). Suppliers are not audited by
EASA but by Airbus, for all the complex hardware (boards,…) ? 例如:空客的指令(ABD100)。对于所有复杂硬件(主板 ) 对于所有复杂硬件(主板···)的提 供商,不是由欧洲航空安全局来负责审查,而是由空客来审查的。

DO-254 Seminar – Beijing – Nov.2009

目录

DO254 Lifecycle and Activities DO254的生命周期及其活动 的 命周期及其活动
? 设计活动,V&V活动,构型管理,进程保证

DO-254 Seminar – Beijing – Nov.2009

DO254 Process Overview 进程一览

System and Manufacturing processes are not described in DO254 系统和制造过程并未在DO254中描述
DO-254 Seminar – Beijing – Nov.2009

Key Concepts -主要概念
Planning g Process – 策划过程 ? To define and introduce before the project the processes that will be
used and the means to comply with certification objectives

? 在项目启动之前定义和介绍将包含的过程以及与取证目标相符的方法

Structured Process - 结构化流程 ? Defined phases phases, and transition criteria between phases ? 定义的阶段,以及各阶段间的转化准则 ? Activities to ensure that defined processes are followed ? 确保被定义的过程顺利进行的各项活动 Requirements Based approach – 基于需求的方法 ? All the technical activities are related to requirements ? 所有技术活动都与需求相关

DO-254 Seminar – Beijing – Nov.2009

Activities are traced to Requirements 建立活动与需求的跟踪关系
系统 需求 每个需求的测试结果是已知的 规格说明书 要 覆盖所有的要 求,但仅仅是 要求 硬件 需求 执行所有的 规格说明 书, 且仅仅是规格说明 书. 跟踪派生需求 验证 计划 定义所有的需求的 验证活动

硬件 设计 测试用例 & 步骤

执行计划中的 每个测试

测试结果

HDL 设计

每个需求的测试结 果是已知的

DO-254 Seminar – Beijing – Nov.2009

Validation / Verification - 确认/验证

The Validation is performed to ensure that requirements are the good ones for the design 确认是为了保证需求对设计而言是好的需求.

The Verification is performed to demonstrate that the design satisfies the requirements 验证是为了证明设计是满足需求的.

DO-254 Seminar – Beijing – Nov.2009

Process Assurance - 过程保障
Objectives – 目标 ? Development is proceeding according to the plans ? 根据计划执行开发过程 ? Hardware Life Cycle Data is produced ? 产生硬件生命周期数据 ? Process Assurance must be independent from the development team ? 过程保障人员必须要独立于开发组成员 Activities – 活动 ? Participate to review meetings, ? 参加评审会议 ? Reader for project documentation (internal and customer), ? 阅读项目文档(内部文档和用户文档) ? Audits on the process (technical team follows internal processes), ? 过程审计(技术小组参照内部流程执行)

DO-254 Seminar – Beijing – Nov.2009

Configuration Management - 配置管理
Provides a control of the configuration, access to data, and changes h 提供对配置,数据获取和更改的控制 Two data control categories are defined: 定义了2种数据控制类别 ? HC2: new data supersedes old data ? HC2: 新数据覆盖旧数据 ? HC1: changes from previous baselines are traced, and data are
process modified through a Problem Report process,

? HC1: 跟踪基线的更改,通过问题报告过程修改数据

Categories for each data are defined in Table A A-1 1 表A-1中定义了每种数据的控制类别

DO-254 Seminar – Beijing – Nov.2009

Verification - 验证

Independence p during g Verification is required q for DAL A and B 对于设计保障等级为A和B来说,验证过程要求具备独立性。 Verification is requirement based 验证是基于需求的 Exhaustiveness E h ti of f the th requirements i t coverage shall h ll be b established 建立需求覆盖的完整性 Specific tests should be added to address unexpected behavior (e.g. reset, erroneous data, test to limit…) 添加特定测试来处理未预期的行为(如重启,错误数据,极限测试…)

DO-254 Seminar – Beijing – Nov.2009

Verification - 验证
Test procedures should be reviewed to assess the consistency of the test against the requirements 通过评审测试程序来评估测试和需求的 致性 通过评审测试程序来评估测试和需求的一致性 Test Procedures define the methods and criteria necessary to assess if a requirement is fulfilled 测试程序定义了必要的方法和准则去评估需求是否已经被执行 Test procedures should include – 测试程序应该包括 ? Purpose of the test, Requirement covered, Identification of HW item,
software and necessary tools, Inputs, Procedure, Expected results, ? 测试目的,被覆盖的需求,硬件项、软件和必要的工具的识别,输入,步骤, 期望的结果

Verification results shall be recorded –必须记录验证结果 ? Record at least the result OK / NOK on the basis of the acceptance p criteria ? 根据验收准则,至少需记录验证结果OK/NOK ? Traceability shall be ensured between requirements and verification results ? 确保需求和验证结果间具有可追溯性
DO-254 Seminar – Beijing – Nov.2009

Problem Reports - 问题报告

During g verification, , non compliances p should be recorded by y PR 在验证过程中,产生的非一致性应该记录在问题报告中 PR should be tracked for correction / modification 为了修正问题,问题报告应该被跟踪 PR should h ld be b under d configuration fi ti management t 问题报告应该置于配置管理下 Corrective action from PR should be traced to demonstrate proper correction (specification, detailed design and test procedures) 问题报告中的修正活动应该被跟踪,从而证明该修正活动是正确的 (规格说明书,详细设计和测试步骤)

DO-254 Seminar – Beijing – Nov.2009

Transition Criteria - 转换准则
Used to assess the completion of a design phase 用于评估一个设计阶段的完整性 Shall be defined in the plan 必须将其定义在计划内 Shall be adapted to the design phase 必须适合于对应的设计阶段 Should be adapted to the hardware item 应该适用于硬件项 Should be adapted to company internal processes 应该适用于公司内部流程 Can address process and technical topics 能够满足过程和技术主题 All criteria should be assessed during a review 应该在评审过程中评估所有转换准则

DO-254 Seminar – Beijing – Nov.2009

Appendix A - 附录A
Each phase corresponds to activities, with defined objectives and data to produce produce, 每个阶段要对应活动,定义的目标以及产生的数据 The Appendix A gives the list of data with DAL modulation 附录A列出了包含设计保障等级调整的数据 Examples of Modulations according to DAL 根据设计保障等级,调整举例 ? HW Validation Plan not requested for level D q ? 等级D不需要硬件确认计划 ? HW Process Assurance Plan for level A & B only ? 硬件过程保障计划仅针对等级A和B ? Standards for level A & B only ? 标准仅针对等级A和B

DO-254 Seminar – Beijing – Nov.2009

Appendix B - 附录B
The Appendix B defines additional considerations for DAL A and B 附录B定义了针对设计保障等级A和B的其他考虑 ? Architectural Mitigation ? 结构化缓解方法 ? Service Experience ? 服务经历 ? Advanced Verification techniques ? 先进的验证技术 Code coverage is an answer to the “elemental analysis” advanced technique at PLD level 代码覆盖是 元素分析 (一种针对PLD层的先进技术)的结 代码覆盖是“元素分析”(一种针对 果

DO-254 Seminar – Beijing – Nov.2009

Certification Liaison Process – 取证联络过程

Link between the project and the Certification Authority 项目和审定机构的联系
? The PHAC is the first support pp of these discussions. ? PHAC是相互讨论的首要支持 ? DO254 defines data to p provide to the certification authority. y ? DO254定义了需提交给审定机构的数据 ? Audits may y take place at the applicant’s facilities or applicant’s
supplier facilities.

? 可能审计申请人的设备,也可能审计其供应商的设备

DO-254 Seminar – Beijing – Nov.2009

DO254介绍 过程阶段详述

DO-254 Seminar – Beijing – Nov.2009

Requirements Capture - 需求捕获
Requirement capture process 需求捕获过程 ? Hardware requirements are identified, defined and documented. ? 辨别,定义和记录硬件需求 Design choices or refinement of higher level requirements are “derived requirements” 设计选择或者高层需求的细化就是“派生需求” Requirements are validated 对需求进行确认 ? To ensure correctness, , consistency, y, completeness,… p , ? 确保需求的正确性,一致性和完整性,… ? To avoid omissions and errors ? 避免遗漏和错误 ? To evaluate safety impact of derived requirements ? 评估派生需求的安全性影响

DO-254 Seminar – Beijing – Nov.2009

Conceptual Design - 概要设计
Defines high level design concepts for requirements implementation 定义高层设计概念用于实现需求 Hardware items are described with functional blocks to show: 使用功能块描述硬件项,它包含了以下信息 ? Architecture description – 结构化描述 ? Description of sub-assemblies and functionalities ? 部件装配和功能描述 ? Allocation of functions to HW/SW – 功能到硬件/软件的分配 ? Main components should be identified p ? 主要组件应该被识别出来 The Design Document shall be written in order to minimize the coder’s d ’ interpretation. i t t ti 书写设计文档从而减少编程人员的解释说明

DO-254 Seminar – Beijing – Nov.2009

Conceptual Design - 概要设计
Examples of Transition Criteria 转换准则举例 ? The architecture is defined and validated ? 定义和确认结构
? The main components are identified ? 识别主要组件 ? Derived requirements (if any) have been justified ? 证明派生需求的合理性(如果有的话) ? Derived requirements are validated and fed back to the safety analysis ? 确认派生需求并反馈到安全分析中 ? A design document is initiated and managed in configuration ? 创建设计文档并置于配置管理下 ? The Th t traceability bilit is i ensured db between t th the d design i d document t and d th the
specification (DAL A & B) ? 确保设计文档和规格说明书(设计保障等级A和B)间具有可追溯性

DO-254 Seminar – Beijing – Nov.2009

Conceptual Design – Validation - 概要设计 – 确认活动
The aim of the validation activities is to ensure that: 确认活动的目的是为了保证: ? The Design Document is correct and complete against the specification ? 设计文档基于规格说明书来说是正确的,完整的。 ? The specification has been updated and new requirements have been p p q
validated ? 规格说明书已经被更新,新需求已经被确认 ? The traceability between the design document and the specification is ensured and correct ? 设计文档和规格说明书间具有可追溯性,是正确的

Validation mean is mainly a peer review of the Design Document against the specification 确认方法主要是对基于规格说明书的设计文档进行同行评审 The traceability shall be ensured between the Design Document and the validation results 保证设计文档和确认结果间具有可 溯性 保证设计文档和确认结果间具有可追溯性
DO-254 Seminar – Beijing – Nov.2009

Detailed Design -详细设计
The objective is to provide the data necessary to implement the hardware in accordance with the requirements 详细设计目标是提供必要的数据产生与需求 致的硬件 详细设计目标是提供必要的数据产生与需求一致的硬件 Activities complete and justify the implementation with the following data: 通过下列数据,说明详细设计活动已经完成,并证明其是正确的 ? Description of the hardware (update of the design document) : description
? ? ? ?
and explanation of the internal architecture (state machines,…) 硬件描述(设计文档的更新):内部结构的描述和解释(状态机,…) Reliability and FMEA – 可靠性和故障类型与影响分析 Hardware / software Interface data – 硬件/软件接口数据 Schematic and code – 电路图和代码

Traceability shall be ensured between requirements, design d document, t and d schematic h ti / code d (for (f DAL A and d B) 确保需求和设计文档以及原理图/代码间具有可追溯性(对于A和B设计 保障等级)
DO-254 Seminar – Beijing – Nov.2009

Detailed Design – Validation - 详细设计 - 确认活动
The aim of the validation activities is to ensure that: 确认活动的目的是为了保证: ? The Code is correct and complete against the requirements and the
? ? ? ? ?
design document 代码基于需求和设计文档来说是正确的,完整的 The Design Document and the Specification have been updated and validated 设计文档和规格说明书已经被更新,被确认 The e traceability aceab y be between ee the e Code, the e Design es g Document ocu e a and d the e Specification is ensured and correct 代码,设计文档和规格说明书间具有跟踪性并且是正确的

Validation mean is mainly a review 确认方法主要是评审 Inconsistency between the code, the Design Document and the Specification shall be identified and recorded 辨别和记录代码、设计文档和规格说明书间的不一致性

DO-254 Seminar – Beijing – Nov.2009

Detailed Design – Verification -详细设计 – 验证活动
At this stage, the verification means are mainly : 这个阶段,验证方法主要有: ? The simulation – 仿真 ? The analysis for non technical requirements – 对非技术需求的分析 Independence is required for DAL A and B 对设计保障等级A和B来说,有独立性要求 Traceability should be ensured between the requirements, the verification ifi ti means, and d the th verification ifi ti results, lt 保证需求、验证方法和验证结果间具有可追踪溯性 For DAL A and B B, code coverage analysis shall be performed 对于设计保障等级A和B来说,必须执行代码覆盖率分析 If inconsistencies are detected, , a Problem Report p shall be opened 如果发现不一致,必须打开一个问题报告

DO-254 Seminar – Beijing – Nov.2009

Detailed Design -详细设计
Examples of transition criteria 转换准则举例 ? The HDL code is written ? 编写HDL代码
? The design document has been updated and explains and justifies the
HDL code ? 已经更新设计文档,解释和证明HDL代码的正确性

? The source code has been reviewed against design standards and the
specification ? 已经评审了基于设计标准和规格说明书的源代码

? The traceability is ensured between the HDL code, the design document,
the specification, the verification procedures and results ? 保证HDL代码,设计文档,设计规格说明书,验证步骤和结果间具有可追 溯性

? …

DO-254 Seminar – Beijing – Nov.2009

Implementation - 实现
This phase is composed of : 这个阶段包括: ? Synthesis – 综合 ? Constraints Capture (pins allocation, timings, …) ? 约束捕获(引脚分配,时序, 约束捕获(引脚分配 时序 …) ? Place And Route – 布局和布线 The purpose is to generate : 目的是生成 ? The binary file to physically program the circuit ? 二进制文件实现电路的物理编程 ? The post PAR simulation model to simulate the final circuit ? 后布局布线仿真模块用于仿真最终电路 ? The timing information necessary for the Static Timing Analysis ? 静态时序分析所必须的时序信息

DO-254 Seminar – Beijing – Nov.2009

Implementation – Verification - 实现 – 验证活动
The purpose of the verification at this stage is to ensure that: 在这个阶段中的验证活动目的是保证: ? The final target totally meet its requirements ? 最终目标完全满足需求 ? The implementation tools have not introduced an error ? 实现工具没有引入任何错误 The verification activities for the implementation consists in: 实现过程中的验证活动包括 ? Reviewing R i i th the synthesis th i report t – 评审综合报告 ? Reviewing the PAR report – 评审布局&布线报告 ? Performing the Static Timing Analysis and correlate the result with the requirements ? 执行静态时序分析并关联需求和结果 ? Simulating and testing the final circuit – 仿真和测试最终电路 Independence rules, traceability and Problem Report records are the same than for verification during the detailed design phase 实现阶段与详细设计阶段中的验证活动一样都要求独立性规则,跟踪性和问 题报告记录
DO-254 Seminar – Beijing – Nov.2009

Implementation - 实现
Example of transition criteria 转换准则举例 ? The PLD has been synthesized and routed ? 已经合成可编程逻辑器,并已布线
? The static timing analysis has been done ? 已经完成静态时序分析 ? The post layout model has been simulated ? 完成对后布局模型的仿真 ? The PLD has been physically verified ? 物理上已经完成对PLD的验证 ? The traceability is ensured between the HDL code, the design document,
the specification, the verification procedures and results ? 保证HDL代码,设计文档,规格说明书,验证步骤和结果间具有可追溯性

? All data are managed under configuration ? 所有数据都置于配置管理下

DO-254 Seminar – Beijing – Nov.2009

Production transition - 产品转换
Objectives – 目标 ? Hardware item is produced from an industrial process, defined by the detailed
design and implementation processes ? 在工业工程中实现硬件项,在细节设计和实现过程中定义硬件项

? Baseline is established (top level drawing and manufacturing data) ? 建立基线(顶层图和生产数据)

Activities – 活动 ? Produced P d dH Hardware d it items should h ld b be t tested t dd during i production d ti b by an ATP ? 在生产过程中通过验收程序测试产生的硬件项 ? Demonstration for the ATP coverage should be established ? 证明验收测试程序覆盖率 ? The ATP should be reviewed against any HW changes (during development
and the product lifetime) ? 基于任何硬件更改(在开发和产品生命周期内),评审验收测试程序 基于任何硬件更改(在开发和产品生命周期内) 评审验收测试程序

? Data produced for the production should be under configuration management ? 产生的生产数据应该置于配置管理下
DO-254 Seminar – Beijing – Nov.2009

目录

Special Topics : COTS, IPs, Tools 特别专题: COTS, IPs, 工具"

DO-254 Seminar – Beijing – Nov.2009

目录

COTS IP COTS, IPs

DO254 Seminar – Beijing – Nov. 2009

Definitions 定义
Commercial Off-The-Shelf Off The Shelf (COTS) Component 商用货架组件 ? Example: Microcontroller, bridge, graphic processor ? 例如: 微型控制器,网桥,图形处理器 Commercial Off-The-Shelf (COTS) Intellectual Properties (IP) 商用货架(COTS) 知识产权(IP) ? Example: IP PCI, IP CAN… ? 例如: IP PCI,IP CAN…

DO254 Seminar – Beijing – Nov. 2009

Why is it difficult to use COTS? - 使用COTS的困难
Market differences 市场的变化 ? Aerospace Market = 0,5% of electronic worldwide market ? 航空市场只占全球电子市场的0.5%
? COTS components are not designed for safety critical applications ? COTS组件并不是直接为高安全性应用而设计的 ? Technology changes every 18 months : 110-90nm for A380, 9065nm for A350, ? 每18个月就有技术革新:对A380型号飞机处理器速度达到110110 90nm, A350为90-65nm,

? Lifecycle for an aircraft is 30 years ? 飞机的生命周期是30年

When selecting a COTS component, specific activities are required i d to t meet t the th safety f t and d certification tifi ti objectives bj ti 当选用货架组件时,所有的规范都必须符合安全和取证目标

DO254 Seminar – Beijing – Nov. 2009

Electronic Component Management Plan 电子元件管理计划
Track record for production of high quality component 高质量组件产品跟踪记录
? ?
The component manufacturing facility shall be assessed to ensure the repeatability of the COTS production
组件制造设备必须通过评估 并确保商用货架产品能重复生产 组件制造设备必须通过评估,并确保商用货架产品能重复生产

Quality control procedure 质量控制程序
? ?
The component manufacturer should have a quality management system. The quality should be assessed from design to shipment
组件制造商需要有一个质量管理系统。这个系统需要对组件从设计到出货进行 全程评估

Service experience experience, in a similar or harsher environment environment. 在相似的严峻环境下服务经历

DO254 Seminar – Beijing – Nov. 2009

Electronic Component Management Plan 电子元件管理计划
Component qualification – 电子元件质量鉴定
? ?
The qualification shall demonstrate that materials materials, design design, performances and long term reliability of the part are consistent with their specifications.
元件质量鉴定必须证明其材料,设计,性能和零件的长期可靠性符合规范

Control quality level – 质量控制等级 Selection on the basis of technical suitability 技术适用性选择
? ?
The component shall suit requirements defined by the HW specification (Functional, EMC, De-rating, De rating, Thermal, SEE).
元件必须符合硬件规范中定义的需求(功能, 电子兼容性, 降额, 热量, 单事件效 应).

Monitoring of component performance and reliability 对元件性能和可靠性的监督

DO254 Seminar – Beijing – Nov. 2009

COTS Procurement 商用货架采购

COTS design data 商用货架设计数据
? ?
Public data, but also non-public data that can be obtained through a specific relationship with the COTS provider
公开数据和非公开数据都可以通过一定渠道从COTS供应商处获取

Variation in component parameter 元件参数的多样性
? ?
Shall be considered by the User
用户应该考虑这点

DO254 Seminar – Beijing – Nov. 2009

COTS Procurement 现货采购
Maturity of technology 技术成熟度
? ?
Tracking the evolution of COTS technology ensures repeatability of serial production production.
追踪COTS技术发展,确保系列产品的一致性

Obsolescence 停产
? ?
OEM must have strategies for last time buy or component replacement or re-qualification
对于将要停产的产品,原设备生产商必须采取措施进行最后采购或元件 替代或重新鉴定。

DO254 Seminar – Beijing – Nov. 2009

DO254 and COTS

The DO254 approach is a top-down, requirements based. DO254采用了一种自上而下,基于需求的方法 采用了 种自上而下,基于需求的方法
? For a COTS component, the design is established by the COTS
supplier and based on commercial market characteristics. ? COTS组件是根据商业市场特点由COTS供应商设计的

? The COTS approach is not in line with the DO254 top-down approach
but the use is not formally prohibited ? COTS设计虽然不符合DO254规定的自上而下的方法,但是也不被强行 禁用。

DO254 Seminar – Beijing – Nov. 2009

DO254 and COTS

DO254 section 11.2 DO254 节11.2
? COTS components p should be verified through g the overall development p
process including the supporting process. ? 应该在整个开发过程中包括支持过程,对COTS元件进行验证。

? The Th use of f an electronic l t i component t management t process in i
conjunction with the design process provides the basis for COTS component use. 元件的使用基础 ? 电子元件管理过程与设计过程相结合提供了COTS元件的使用基础。

DO254 Seminar – Beijing – Nov. 2009

DO254 and COTS
The objectives of DO254 are to address different types of challenges that can come from the COTS usage : DO254的目标是处理可能来自使用COTS引起的不同类型的问题
? Technology of the COTS, Quality processes of the COTS manufacturer
to design design, produce produce…, Quality of subcontractor including distributor distributor, test company,…

? COTS技术,设计、生产COTS的制造商的质量过程…,承包商包括经销
商质量,测试公司的质量

? Specification of the hardware function in which the COTS is involved, ? 包含COTS的硬件功能规范说明书 ? Implementation of the COTS in the design, ? COTS在设计上的实现 ? COTS follow up during serial production. ? COTS批量生产

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Plans need to define – 需要定义的计划
? The COTS selection strategy ? COTS选择策略 ? The Validation and Verification activities around the COTS ? 关于COTS的确认验证活动 ? The management of COTS change and problem ? COTS更改及问题管理

Plans Impacted by complex COTS selection: 复杂COTS的选择可影响下面计划
? ? ? ?
PHAC, V&V Plan – 确认验证计划 Configuration management plan – 配置管理计划, ECMP

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

Requirements Identification 需求识别
? Requirements which have been allocated from the system impacting
th COTS selection l ti the

? 由系统分配的并影响COTS选择的需求 ? Derived requirements including key characteristics of the COTS and
requirements coming from the mitigation strategy

? 包含COTS关键特性的派生需求和来自缓解策略的需求 ? Derived requirements will be captured at system or software level ? 在系统或软件级捕获派生需求

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Conceptual design activities 概要设计活动
? COTS component candidate should be selected according the HW
requirements Derived requirement will be generated requirements.

? 根据硬件需求选择COTS组件,生成派生需求。 ? The failure mode of the COTS shall be determined and effect at
equipment level assessed through FMEA

? 确定COTS的故障模式,并通过失效模式与影响分析评估其对设备级
的影响

? Architectural mitigation shall be implemented to cover potential
robustness defect of COTS components

? 必须执行结构化缓解策略来弥补COTS组件潜在的鲁棒性缺陷

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Detailed design activities 详细设计活动
? COTS Integration (Analysis of design parameter, logic timing, parameter
variation...). ) Schematic and place p & route should be p provided

? COTS集成(设计参数分析,逻辑时序,参数变化)。提供电路图和布局&
布线。

? Architecture: To have a fault tolerant design and to preclude COTS
design error, architectural techniques should considered

? 结构:为了进行容错设计,消除COTS的设计错误,应该考虑结构技术 ? Margins should be taken to allow a correct operation of COTS due to
variability of their parameters

? 由于COTS参数的变化,为了正确使用COTS,应该采用余量设计

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

Implementation activities 实现活动
? Assemble COTS into the product ? 将COTS组装到产品中 ? Interconnect into its assembly ? 关联到总装中

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

Production transition activities 产品转换活动
? Control of manufacturing process: To check that the production
process is in line with the component parameters variability

? 生产过程控制:检查产品过程满足组件参数的变化 ? Control C t l of f any changes: h Th The production d ti process needs d t to b be
assessed against any COTS evolution

? 更改控制:对于COTS技术的任何发展变化都需重新评估其生产过程 ? COTS test coverage: The testability of COTS parameters shall be
established to control potential errors

? COTS测试覆盖:必须确定COTS参数可测试性

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Validation activities 确认活动
? COTS data analysis: Review of data sheet, errata, users manual,
qualification results,…

? COTS数据分析:评审数据手册,勘误表,用户手册,鉴定结果 数据分析 评审数据手册 勘误表 用户手册 鉴定结果 ? HW specification: analysis to ensure that requirements are sufficient
and correct to allow COTS appropriate selection.

? 硬件规范:分析确定需求是充分的、正确的,可以根据需求选择合适的
COTS

? Assessment of derived requirements after COTS selection against q g
safety objectives,

? 选择COTS之后,基于安全目的评估派生需求 ? Traceability between requirements requirements, derived requirements and COTS
use decision shall be performed

? 保证需求,派生需求和COTS使用决策具有可追溯性

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Verification activities 验证活动
? COTS implementation verification against the specification (functional
analysis, y , thermal analysis, y , stress analysis, y , SER analysis, y , S&R analysis) y )

? 根据规范说明(功能分析,热分析,应力分析,单一事件率分析,S&R分析)
对COTS进行验证

? COTS verification coverage: The verification procedure should be reviewed
to ensure that the requirements is well verified (worst-best cases)
最佳情况)

? COTS验证覆盖:验证过程应该被评审,从而保证需求被很好地验证(最糟/ ? Advanced verification: Activities should be planned in case of use of COTS
for DAL A and B functions

? 高级验证:如果使用功能设计确保等级A和B的COTS,应该安排其他活动

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Configuration management activities 配置管理活动
? COTS identification: COTS should be clearly identified in the different
HW baselines

? COTS识别:COTS应该在不同的硬件基线中被清楚地识别出来 ? Baseline identification: COTS should be captured in equipment
and/or hardware baseline for each milestone of equipment life cycle

? 基线识别:COTS应该在设备或/和硬件基线上被捕获 ? COTS problem management: Continuous errata tracking of errata list
published by the component manufacturer

? COTS问题管理:持续跟踪元件制造商发布的勘误表 ? Change g control: Product change g shall be reported p between the
COTS manufacturer and users (Changes to data book/sheet)

? 更改控制:生产商和用户间的产品更改应该被通知(数据手册/表更改)

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

Process assurance activities 过程保障活动
? Process assurance shall check that all topics for the COTS
selection and implementation described in the plans for each key milestone are correctly covered

? 过程保障必须检查所有在每个关键里程碑计划中描述的关于COTS选
择和实现的主题被完全覆盖

? Review or audit shall demonstrate the compliance against the
COTS use strategy described in the plans

? 评审或审计必须证明在计划中描述的COTS使用与实际是一致的

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

Information flow activities dedicated to COTS is essential 构建COTS的信息流是必要的
? Hardware design assurance cannot give a relevant confidence for
COTS use

? 硬件设计保障不能为COTS使用提供相关置信度 ? Need to assess the COTS use in correlation with system and
software design assurance

? 需要对照系统和软件设计保障来评估COTS的使用

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响
Certification liaison activities - 取证联络活动
? ? ? ?
Certification baseline: certification constraints related to COTS use (CRI, ( IP..) shall be known and understood.
认证基线:必须知道和了解与COTS使用相关的认证约束(认证评审项, IP…)

Certification compliance: Data shall be available to demonstrate that the certification requirements are correctly addressed.
认证合格:这些数据可用于证明取证需求被正确处理

Example : EASA requires to assess the Open Problem Report of Complex COTS at system level 例如:欧洲航空安全局要求在系统级评估关于复杂COTS的现有问 题报告
? ?
Errata which covered by a workaround analyzed hich are not co ered b orkaro nd are anal ed and their impacts at system level are assessed.
分析勘误表,评估复杂COTS对系统级的影响

DO254 Seminar – Beijing – Nov. 2009

Impact of COTS usage - COTS使用产生的影响

ERRATA management: For each ERRATA a statement needs to define impact and appropriate means: 勘误管理:对于每个勘误申明需要定义其影响以及正确显示
? In the HW design only. ? 仅对硬件设计 ? In the SW design only. ? 仅对软件设计
I both b th SW and d HW designs. d i ? In ? 既对软件设计又对硬件设计

? In none of the SW or HW design (no impact), impact) ? 对软件和硬件设计都没有影响

DO254 Seminar – Beijing – Nov. 2009

Intellectual Property (IP) - 知识产权(IP)

IP cores, , also known as virtual components, p ,

?

IP核,作为虚拟组件是已知的 The IP cores are specified and exchanged in industry standard format with varying level of details. The IP cores are generally classified in the following three categories according to varying level of details: 在不同细节层以工业标准格式,指定和交换IP核。IP核一般根据不同 的细节层可分为三类:
? Soft IP core –IP软核 ? Firm IP core – IP固核 ? Hard H d IP core – IP硬核

DO254 Seminar – Beijing – Nov. 2009

IP
DO254 is not very explicit about IP management DO254对IP管理描述的不是很详细 ? Some CRIs give some clarification ? 一些认证评审项给出一些具体说明 IP could be addressed either by IP可能被处理通过 ? Demonstration D t ti of f the th compliance li of fD Design i d data t with ith DO254 ? 证明设计数据与DO254一致
? Reverse Engineering 逆向工程 g g – 逆向 程 ? Service Experience – 服务经历 ? Architectural mitigation – 结构缓解 ? Management as COTS device. ? 将其作为COTS设备进行管理

DO254 Seminar – Beijing – Nov. 2009

Soft IP - 软IP
The soft IP cores: IP软核 ? Give access to the maximum level of detail ? 能获得大量的设计细节数据
? Are generally specified in register transfer level (RTL) description in
languages such as Verilog or VHDL

? 一般用 般用Verilog g或VHDL语言描述,在寄存器传输级被指定 ? Allow detailed analysis and optimization. ? 允许详细分析和优化

Full DO-254 design assurance data can be produced 可以生成所有的DO254设计保障数据

DO254 Seminar – Beijing – Nov. 2009

Firm IP -固IP
The firm IP cores come with less details: 对于IP固核所能获得的信息较少 ? Specified in technology-independent netlist level format ? 以技术独立网表格式定义 ? Allow the IP vendor to hide the critical IP details ? 允许IP供应商隐藏关键的IP细节信息 ? Allow the system integrator to perform some limited amount of
analysis and optimization during place and route, and technologyd dependent d t mapping i of f th the IP block bl k ? 允许系统集成商在布局布线,IP块技术相关映射时执行一些限量分析 和优化

Reverse engineering is impossible 不能进行逆向工程 ? Either the IP Vendor is compliant to DO-254, data, or DO 254 and provides data
the IP shall be managed as a COTS ? IP供应商或者选择满足DO254设计要求,提供数据,或者将IP作为 COTS进行管理
DO254 Seminar – Beijing – Nov. 2009

Hard IP - 硬IP
The hard IP cores are the lowest in terms of provided details 根据提供的信息,IP硬核是最便宜的 ? Specified in technology technology-dependent dependent physical layout format using
industry standard languages such as stream, polygon, or GDSII format ? 以技术相关的物理布局格式定义,使用如stream,polygon,或者GDSII 格式的工业标准语言

? Black boxes that cannot be properly analyzed and/or co-optimized ? 是不能被正确分析和/或协同优化的黑箱 ? They come with detailed integration requirement s in terms of clock,
testing, power consumption, and host of other parameters ? 根据时钟,测试,功耗和其他 根据时钟,测试,功耗和其他主机参数, 机参数,IP硬核具有详细的综合需求

Lack of certification feed back 缺少取证反馈 Should be managed as a COTS 应该作为COTS被管理

DO254 Seminar – Beijing – Nov. 2009

Conclusions and Recommendations 结论及建议
Identify appropriate COTS suppliers by establishing strong relationship and specific agreements. 通过建立牢固关系和具体协议寻找合适的COTS供应商 The User shall consider and perform additional activities to address the potential lack of COTS data: 用户必须考虑并执行其他活动来处理COTS数据缺少的情况。 ? Additional engineering activities (testing, reverse engineering,..), ? 其他的工业活动(测试,逆向工程,…)
? Architecture decisions decisions, to mitigate the risk risk. Different fault tolerant
and fail safe mechanisms can be implemented, ? 通过架构判断来缓解COTS使用的风险。可以执行不同的容错和故障 保护机制。

? Strong COTS monitoring during the equipment life. ? 在设备生命周期对COTS进行严格监控
DO254 Seminar – Beijing – Nov. 2009

Conclusions and Recommendations 结论及建议

Work closely with local Airworthiness Authorities to determine acceptable method and hardware architecture to allow the use of COTS in critical safety y system. y 与本地适航当局紧密合作,确定在关键安全系统中允许使用 COTS的可接受的方法和硬件结构

DO254 Seminar – Beijing – Nov. 2009

目录

Tool Assessment and Qualification 工具评估和鉴定

DO-254 Seminar – Beijing – Nov.2009

Tools Classification - 工具分类
? Design Tools: When design tools are used to generate the hardware
item or the hardware design, an error in the tool could introduce an error in the hardware item. ? 设计工具:当设计工具被用于生成硬件项或者硬件设计时,工具中的错误 可能会被引入到硬件项内

? Verification Tools: When verification tools are used to verify the hardware
item, an error in the tool may cause the tool to fail to detect an error in the hardware item or hardware design. ? 验证工具:当验证工具被用于验证硬件项的时候,工具中的错误可能会导致 工具检测不出硬件项或者硬件设计的错误。

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

DO-254 § 11.4
The flowchart supports Tool and Assessment Qualification aspects
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

流程图解释工具评 估和鉴定方面的内 容

9 Design Tool Qualification

Level A or B Design Tool

8 Type of Tool and Level?

Level C Design Tool or Level A or B Verification Tool 10 Complete C l t

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

No alternative: those 2 activities must be performed ! 不可替代:这2个活动必须被执行 Identify the tool (version,…) 辨别工具(版本,…) Identify what you do with the tool in your context 识别出项目中你希望工具做的事情

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

If the tool outputs are verified using g an independent p mean, , no further assessment is necessary. 如果有一种独立性的方法验证了工具 输出,那么不需要进 步对工具进行 输出,那么不需要进一步对工具进行 评估 ? Independent means can be manual
y reviews, or another analysis, equivalent tool. ? 独立性方法可以是人工分析,评审或 者其他等效工具。

In practice, “No” means that you want to rely on the tool outputs without additional verification. 实际上,“不”意思是没有额外的验 证工作,直接相信工具输出

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

Step 4 is a modulation according to DAL 第4步是根据设计保障类别进行分类 The text for step 4 also says you don’t need further assessment for code coverage tool 部 不需要对代 覆盖 具进 第4部以后不需要对代码覆盖工具进 行进一步的评估

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

You want to rely on tool outputs… Confidence could come from service experience 你想要信赖工具的输出…那么服务经 历可以提供对其信任度 Relevant tool history must be justified or demonstrated j 必须证明或者提供相关工具的使用历 史是正确合理的 In practice, it can be very difficult to make the demonstration 实际 ,很难提供 样的 明 实际上,很难提供这样的证明

DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

You want to rely on tool outputs… Confidence cannot come from service experience 你希望依赖工具的输出… 但是服务经历不能提供对其信任度 Confidence can come from specific activities 对工具的信任度可以来自于特定活动 Manage your tool configuration 工具配置管理 Include it in your Problem Report Process 在问题报告过程中包含工具鉴定的相关 内容
DO-254 Seminar – Beijing – Nov.2009

1 Identify the Tool

2 Identify the Process the Tool Supports

Yes

3 Is the Tool Output Independently Assessed? No

DO-254 § 11.4
5 Does the Tool have Relevant History? Yes 7 Basic Tool Qualification No 6 Establish Baseline and Problem Reporting for Tool Qualification Level A or B Design Tool 8 Type of Tool and Level? Level C Design Tool or Level A or B Verification Tool 10 Complete

No

4 Yes Level A, B or C Design Tool or Level A or B Verification Tool?

9 Design Tool Qualification

Design Tool Qualification 设计工具鉴定

A or B Design tool 等级为A或B 设计工具

Type of tool ?
C design tool, or A or B Verification tool 等级C设计工具,等级 设计工具 等级A或 B验证工具

“Basic” Tool Qualification 基本”工具鉴定 工具鉴定 “基本
DO-254 Seminar – Beijing – Nov.2009

Example of a Qualification- 工具鉴定实例

2

3
需要工具鉴定
你想采用哪种方法? 减少对已被工具验证了的数 据的评审工作 已验证过的代码仍需被 评审. 工具仅用于调试.

不需要工具鉴定

DO-254 Seminar – Beijing – Nov.2009

Qualification is your decision ! 是否对工具进行验证取决于你 是否对工具进行验证取决于你!

Reduction of review activities for what has been verified by the tool tool. (for

Additional verification and documentation activities for establishing confidence in the tool. (Once)

ALL projects)

为建立对工具信任度需要 有其他的验证和书面证明

减少对已被工具验证了的数 据的评审工作 (针对所有的项目)

DO-254 Seminar – Beijing – Nov.2009

Qualification Perimeter -工具鉴定范围

Qualify only the perimeter you use (DO-254 §11.4.1) ( ) Automated Doc/Reviews 自动生成文档/评审 Code Quality/Scoring 代码质量/得分
Design Data Management

仅鉴定工具中你所使用的那些功能范围 (DO-254§11.4.1 )

相关设计数据管理

Version Management 版本管理 Requirements Tracking 需求跟踪
DO-254 Seminar – Beijing – Nov.2009

Qualification in practice -如何鉴定
“Basic Tool Qualification” is a black box qualification “基本工具鉴定”是种黑箱鉴定 基本 具鉴定”是种黑箱鉴定 Present Qualification approach in the PHAC 在PHAC中介绍了鉴定方法 For Basic Tool Qualification you have to : 对于基本工具鉴定,你必须: ? Write tool requirements to explain what the tool is supposed to do ? 描述工具需求,解释应该使用什么工具 ? Write a Test Plan, covering all the requirements, ? 编写一个能覆盖所有需求的测试计划 ? Create a a Test package, that you run : inputs, expected outputs,… ? 创建一个可运行的测试包:输入,期望输出,… ? Document the test results. ? 记录测试结果

DO-254 Seminar – Beijing – Nov.2009

What about development tools - ?开发工具如何鉴定?
DO-254 § 11.4.1 [9] - Note: […] Using such a design tool without independent assessment of the tool’s output or establishing relevant history is discouraged discouraged, as it may prove to be a task as challenging as the development of the hardware for which the tool is proposed to be used.

In Practice I P ti – 实际上 ? Qualification of a development tool is addressed by DO-178B ? 在DO-178B中介绍了开发工具的鉴定 ? It means that a Level A development tool has to be developed with the
same requirements as a Level A embedded software… ? 也就是说类别为A的开发工具必须与类别为A的嵌入软件具有相同的开发要 求… ? Same data as for basic qualification, plus data related to the tool development and verification. ? 除了与基本工具鉴定相同的数据之外,还需要与工具开发和验证相关数据
DO-254 Seminar – Beijing – Nov.2009

Summary -总结
Tool Assessment is mandatory, Tool Qualification is not ! 工具验证是必须的,但是工具鉴定并不是必须的! ? Defined D fi d i in th the DO254 fl flowchart h t – 定义在DO254流程图中 Editors can only deliver “qualifiable” tools, they can be “qualified” only once integrated in the customer’s process, 可以仅仅交付“可鉴定的”工具,它们可以是集成在用户项目中,仅被 “鉴定过”一次, It has to be considered as an industrial investment 可被认为是种工业投资 ? Tool price is higher (QA, Additional Documentation,…) and/or you have to
pe o tool perform oo spec specific c ac activities es ? 工具价格很昂贵(质量保证,额外的文档,…)并/或你必须执行工具特定活动 ? You get benefits from the reduction or elimination of activities ? 可以减少或不必执行某些活动,从中受益

Close work with the tool vendor can help to save a lot of time and effort. 与工具厂商 起紧密合作可以帮助节省大量时间和精力。 与工具厂商一起紧密合作可以帮助节省大量时间和精力
DO-254 Seminar – Beijing – Nov.2009

目录 DO254 Certification in practice DO254取证实践

DO-254 Seminar – Beijing – Nov.2009

Safety Regulation 安全条例

DO254 Seminar – Beijing – Nov. 2009

Safety Regulation 安全条例
Some Basic Principles of Safety Regulation… 安全条例中的基础规章 ? The public has the right to be protected from any safety risks in civil
air transportation, either on the ground or in the air,

? 无论是在地面还是空中,每位公民面对来自民用航空运输的安
全风险都拥有受到保护的权利。
? To fulfill this obligation, national governments have established
systems of Authorities / Administrations and regulations to provide a legal framework,

? 为履行这一义务,各国政府须建立机关系统/管理机构及相应法
规以提供法律框架。
? To ensure safety in international air transportation, national Aviation
Authorities/ Administrations cooperate to develop common safety standards,

? 为确保安全性,国际航空运输、国内航空局/管理部门必须相互
合作以制定共同的安全标准。
DO254 Seminar – Beijing – Nov. 2009

Safety Regulation 安全条例
These national or international legal frameworks regulate all aspects of all persons and entities involved in civil air transportation:

这些国家或国际法律框架将规范民用航空运输所涉及的全部 人员和实体的各个方面。
? Aircraft manufacturers (design, production) ? 飞机制造商(设计、生产) ? Maintenance standards standards, organizations and personnel ? 维修标准,机构和人员 ? Operators and their employees including crew members ? 运营商及其包括机务人员在内的员工 ? ? ? ?
Passengers – 乘客 Airports and ground services – 机场与地面服务 Airways – 航空公司 Air traffic control - 空中交通管制

DO254 Seminar – Beijing – Nov. 2009

Airworthiness Authorities 适航局方
Certification Authorities – 审定机构 ? FAA (US) – 美国联邦航空局 ? EASA (Europe) –欧洲航空安全局 ? CAAC (China) – 中国民用航空局 ? TC ( (Canada) ) – 加拿大运输部 ? JCAB (Japan) –日本民用航空局 ? CTA (Brazil) – 巴西航空航天科学与技术署 Authorities are not only dedicated to the follow-up of Complex Electronic Hardware (CEH). Generally they are involved in: 当局不仅致力于跟踪复杂电子硬件,通常还会参与其中。 ? Multi program – 多程序 ? Multi project – 多项目 ? System architecture – 系统架构 ? HW, SW – 硬件,软件 ? Guidelines and Directives – 指南与指令 ? …
DO254 Seminar – Beijing – Nov. 2009

Certification 认证
Definition:

定义 ? Certification - Legal recognition by the certification authority that a
product, service, organization or person complies with the requirements by issue of a certificate requirements, certificate, license, license approval approval. ? 认证 - 法律承认的审定机构,产品、服务、组织或个人符合要求的, 发放证书、许可证及批准书。 Product Certification possibilities 产品审定的方式 ? Type Certificate – 型号合格证 ? Supplemental Type Certificate – 补充型号合格证 ? Technical Standard Orders – 技术标准规定

DO254 Seminar – Beijing – Nov. 2009

Type Certification 型号合格证
Type Certification – 型号合格审定 ? A design d i approval li issued db by th the A Aviation i ti A Authority th it of f a given i country t
when the applicant demonstrates that a product complies with the applicable regulations

? 当申请人证实其产品符合适用的规章条例,所在国家航空管理局将给予
申请人设计批准 ? Certification for B787, A380, ARJ21, C919…. ? 对B787, A380, ARJ21, C919等进行审定

The certification is performed against compliance of Certification Requirements 该审定需要基于遵循审定要求来执行 The aircraft manufacturer is responsible for Type Certification 飞机制造商对型号合格取证负责

DO254 Seminar – Beijing – Nov. 2009

Type Certification Organization 型号审定组织
Supplier 供应商 Aircraft Manufacturer 飞机制造商 Certification Authorities 审定局方

Project leader

System Task Leader
HDA SDA Safety …

Designated C f Certification Specialist

DO254 Seminar – Beijing – Nov. 2009

Type Certification Referential 型号取证建议
Certification Process 取证程序 ? The Th project j t starts t t by b information i f ti of f Certification C tifi ti A Authorities, th iti and d an
agreement between Authorities and Aircraft manufacturer about Certification aspects, Level of Involvement, Delegations,… ? 项目启动需要获得审定局方的信息,以及审定局方与飞机制造商之 间有关审定方面、参与程度与授权等内容的协议。

Certification topics 认证讨论 ? Means of compliance are discussed, ? 符合性方法将被讨论 ? Specific topics (and potentially additional requirements) are
discussed through Issue Papers (FAA) or Certification Review Items (EASA) ? 具体问题(以及可能的附加需求)将通过问题纪要(FAA)或审定 评审项目(EASA)进行讨论

DO254 Seminar – Beijing – Nov. 2009

Your Development Basis - 发展基础
Airworthiness Standards – 适航标准 Part 21 CS25 (EASA), FAR25 (FAA), CCAR25 (CAAC),…

ARP4754/ED-79
System Development Process

Acceptable Means Of Compliance

可接受的符合性方法
DO-178B / ED-12B
Software Development Process

ARP 4761 Safety Assessment

DO-254 / ED-80
Electronic Hardware Development Process

DO254 Seminar – Beijing – Nov. 2009

Your Development Basis - 发展基础
Aircraft Manufacturer Directives

Generic Baseline 通用基础

= How the A/C Manufacturer wants the standards to be applied + additional directives

飞机制造商指令
飞机制造商希望标准如何被执行 + 附加指令

ARP 4754

+
DO254

ARP4761 DO178B

Not really ? Certification Basis ?, but these directives need to be considered ! 并非真正的《审定基础》,但这些指令需要被考虑!

DO254 Seminar – Beijing – Nov. 2009

Your Development Basis - 发展基础
Generic Baseline

通用基础

ARP 4754

ARP4761 DO178B O DO254

Certification Authorities

审定局方

Discussions for Certification of a given aircraft

Aircraft Manufacturer

飞机制造商

特定机型审定的 讨论

Aircraft Manufacturer Directives

飞机制造商指令

Additional Considerations 其它考虑 IP (FAA) CRI (EASA)

DO254 Seminar – Beijing – Nov. 2009

Your Development Basis - 发展基础
Requirements

需求

It’s up to you now ! 现在将取决于你 !
ARP4754, , ARP4761 DO178B, DO254,… Generic Baseline

通用基础

Aircraft Manufacturer Directives

Customer Directives

顾客要求
Results of Discussions for the aircraft certification

飞机制造商指令
CRIs (EASA) Issue Papers (FAA)

飞机审定决议 结果

DO254 Seminar – Beijing – Nov. 2009

Supplemental Type Certification 补充型号合格证
Supplemental Type Certificate (STC) 补充型号合格证 ? Approval of a product (aircraft, engine,…) modification. ? 一个产品(飞机、发动机等)更改的批准 The STC defines ? the product design change, ? 产品设计更改

? how the modification affects the existing type design,
? 更改对现有型号设计的影响

? and lists serial number affectivity.
? 列出序列号

? It also identifies the certification basis listing specific regulatory
compliance for the design change…
? 它还确定了列出具体的设计更改法规符合的审定基础等

DO254 Seminar – Beijing – Nov. 2009

TSO Certification - 技术标准指令认证
Technical Standard Orders (TSO) 技术标准指令

? Minimum performance standard issued by the FAA for
specified materials, parts, processes, and appliances used on civil aircraft.
? 美国联邦航空局针对特定原材料、零部件、工艺以及民用航空器使用
的电器所颁布的最低性能标准。

? Articles with TSO design approval can be used on the US type
certificated products.
? 批准的TSO设计可用于美国型号认证产品之上。

? The TSO authorization does not mean approval for installation
? TSO批准并不意味着安装批准。

The equipment supplier is responsible of TSO certification 设备供应商负责TSO取证

DO254 Seminar – Beijing – Nov. 2009

TSO Certification - 技术标准指令认证
You’re supposed to know the A/C manufacturer context for Equipment selection and integration : 你期望知道的飞机制造商在设备选型和集成方面的有关内容:

? The A/C Manufacturer can require a Level B Software /
Hardware even if the TSO only requires a Level C, ? 即使TSO只需要C级,飞机制造商可以要求B级的软件/硬件

? The Equipment compliance with IP / CRIs will be assessed, ? 设备对IP/CRI的符合性将被评估 ? Additional considerations can be added by the A/C
Manufacturer : typically the DO254 is mentioned only in recent TSOs, but A/C manufacturers ask for DO254 positioning for new programs... ? 飞机制造商可以增加其他要求:只是在最近的TSO中提到DO254,但是飞机制造商可以询问针对新项目的DO-254定位

DO254 Seminar – Beijing – Nov. 2009

TSO Certification - 技术标准指令认证
Certification Authorities 审定局方

Equipment Supplier 设备提供商

A/C Manufacturer 飞机制造商

TSO Requirements TSO要求

CRIs / Issue Papers

ARP4754, ARP4761 DO178B, DO254,…

A/C Manufacturer Directives

飞机制造商指令

DO254 Seminar – Beijing – Nov. 2009

TSOs and DO254 - 技术标准指令和DO254

Recent TSOs mention DO254 (but not the old ones) 近来的TSO提 及DO-254(但 并非过去的)

DO254 Seminar – Beijing – Nov. 2009

DO254 Recognition and Applicability DO254的认可和适用性
FAA recognized the DO254 through: FAA通过如下承认了DO-254 DO 254:
? AC 20-152 “This AC provides a means (but is not the only means) to gain
Federal Aviation Administration (FAA) approval by showing the equipment design is appropriate for its intended function. Further, using this AC will help you satisfy airworthiness requirements when these types of electronic components are implemented.”

? FAA Order 8110.105 “This order accepts RTCA/DO-254 as the means by
which an applicant can seek FAA approval.”

The EASA made DO254 applicable on recent programs (A380, A400M,…) through CRIs EASA通过CRI将DO 254适用于近期的一些计划中(A380、A400M等) DO-254

DO254 Seminar – Beijing – Nov. 2009

Microprocessors -微处理器
What about microprocessors? 微处理器会怎么样? ? Hardware executing Software ? 执行软件的硬件 ? DO178B activities are considered
giving confidence on the target (microprocessor) ? DO-178B活动被认为给予了关注对象 (微处理器)自信心
Et Buffer
Flag and state register
C Z N P O Add And Or ..

st
ENB

S ALU B A

00 01 10 11

1110 0110 0101 1101

D3-D0 1110 Memory

Eacc

Accumulator 1101 1110 Instruction Register CO 11 Operand 10 Sao
ENB

Microprocessors are considered out the scope of DO254 微处理器被认为是超出了DO-254考 虑范围 Micro-controllers 微控制器 ? Same approach for processors S hf ? 与处理器相同的处理方法 ? DO254 applies for peripherals DO 254适用于外围设备 ? DO-254

Eri = 1

A1-A0 Prog Counter 00 Register
Inc
ENB

Spc
ENB

00
RD WR

Add And Or .. Eri

Inc

RD WR

1

1

SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICAION

0

Commnand Unit
acc Sao Spc Et

St
DOCUMENT NO. RTCA/DO-178B December 1, 1992
Prepared by: SC-167

RTCA

“Requirements and Technical Concepts for Aviation”

DO254 Seminar – Beijing – Nov. 2009

Key elements for certification success 取证成功的关键要素
Certification Authorities will not double-check the supplier’s project (technical) work 审定局方不会仔细检查供应商的项目(技术)工作 Audits will not address all the data across the whole life cycle 审查不会涉及到整个生命周期的所有数据 ? “Vertical” sampling: Analysis of how a sampled data is managed during
the whole process, ? “垂直”抽样:采样数据在整个过程中如何被管理的分析

? “Horizontal” sampling: focus on some specific process steps. ? “水平”抽样:关注于一些具体工作步骤

Ability to give the good level of confidence in the design and processes is the key factor for certification success 在设计和加工过程中给予适当级别自信心的能力将是取证成功的关键 因素 ? The quality of the demonstration is crucial. ? 表明的质量将是关键
DO254 Seminar – Beijing – Nov. 2009

Level of Involvement of Certification Authorities 审定当局的参与
Authorities define their involvement (LOI) depending on several l criteria, it i major j ones are: 当局确定他们的参与(LOI)将取决于若干标准,主要有 ? Hardware Criticality Level – 硬件危险级别 ? Complexity C l it of f th the h hardware d d development l t – 硬件开发复杂度 ? Experience of the development team – 开发团队经验 ? Product service history – 产品服务历史 ? Need N df for new policy li d due t to new t technology, h l methods, th d t tools, l ? 由于新技术、方法与工具导致对新政策的需求 Typical Stages of Involvement (SOI) are: 参与(SOI)的典型阶段有: ? SOI 1 : Planning Review – 计划审查 ? SOI 2 : Design Review – 设计审查 ? SOI 3 : Validation and Verification – 确认与验证 ? SOI 4 : Final Review – 最终审查

DO254 Seminar – Beijing – Nov. 2009

Meeting Minutes - 会议纪录

Meeting minutes are very important important. 会议记录是非常重要的。
? They y have to be factual, to understand the rationale of actions,
especially in case of disagreement after the review ? 它们必须是事实,特别是在审查后发生分歧时去理解相关行为的基 本缘由 。

? Next audits will focus mainly on the actions raised, their
management and on the conclusion ? 下一步审查工作将主要集中在行动提出及其管理和结论上。

DO254 Seminar – Beijing – Nov. 2009

Some Typical Mistakes 某些典型错误
Inadequate Plans, 计划不足 Existing plans, but not followed ! 有计划,但没有遵守! Use of emerging and not aerospace-proven technologies 利用新兴的,而不是航空航天领域的成熟技术 ? If any, must be discussed as early as possible ? 如果有,必须尽早讨论 Issues about Requirements 关于需求问题 ? Too general or too detailed detailed, ambiguous ambiguous,… ? 过于笼统或过于详细、模棱两可等

DO254 Seminar – Beijing – Nov. 2009

Some Typical Mistakes 某些典型错误
Non automated requirements traceability: 非自动化的需求可追踪性: ? Traceability not updated, performed at the end, difficulties to perform
impact and non-regression analysis… ? 可追踪性最后没有更新或执行,且难于进行影响与非回归分析

Insufficient independence -没有足够的独立性 ? Verification, but also Validation (A380 CRI…) ? 验证,同时需要确认(A380 CRI) Creation of internal tools – 创建内部工具 Don’t ? Don t forget tool assessment & qualification aspects ? 不要忘记工具评估与认证方面的事情 Lack of Demonstration Effort – 缺乏示范工作量 ? Take time to explain technical choices, give justifications,… ? 需要时间来解释技术选择,作出解释等

DO254 Seminar – Beijing – Nov. 2009

Certification Authorities Software Team 审定局方团队
CAST: International group of certification authority representatives CAST:审定局方国际团体的代表
? Promote harmonization of certification and regulatory positions on
software and complex electronic hardware aspects. ? 促进审定统一及软件与复杂电子硬件方面的管理意见

? Provide their findings in the form of position papers with
recommendations called “CAST paper” ? 以推荐的被称为“CAST paper”的意见书形式提供其调查结果

? Do not constitute official policy or guidance. ? 并不构成官方的政策或指导

DO254 Seminar – Beijing – Nov. 2009

CAST Papers related to HW 和硬件相关的CAST文章
CAST 27 ? DO 254 Clarification – DO-254澄清 CAST 28 ? PHAC, PHAC HAS and Top level drawing content ? PHAC,HAS及顶层图形内容 CAST 29 ? Use of COTS Graphical Processors (CGP) in Airborne Display Systems ? 在机载显示系统中使用COTS图形处理器(CGP) CAST 30 ? Simple Electronic Hardware – 简单电子硬件

CAST papers are often used as input to write CRIs / IPs CAST文章经常在写CRI/IP时被引用

DO254 Seminar – Beijing – Nov. 2009

Evolutions -发展演变

Technologies g move forward 技术不断向前迈进 ? More powerful components, COTS,… ? 更多功能强大的组件、COTS设备等 The DO254 document will not be updated before 5 or 10 years DO 254文档在5年或10年前根本不会被更新 DO-254 CAST, CRIs, Issue Papers,… : All these supports help to disc ss new discuss ne topics and associated requirements req irements on aircraft programs CAST、CRI、Issue Paper等所有这些支持将有助于讨论飞机项目的 新主题和相关规定

DO254 Seminar – Beijing – Nov. 2009


相关文章:
各学科重要国际会议目录_信息与通信_工程科技_专业资料
国际电气工程师学会 国际光学工程学会 美国机械工程师学会 矿物、金属与材料学会...IEEE Intelligent Vehicles Symposium IEEE IVC IEEE 智能车辆研讨会智能交通方面最...
会议的类型_军事/政治_人文社科_专业资料
会议的类型根据会议的性质和内容不同,会议又可以划分为以下几种类型:年会,专业 会议,代表会议,论坛,座谈会、专题讨论会,讲座,研讨会、专家讨论会、讨 论会,专题...
主题研讨会会议纪要样例
主题研讨会会议纪要样例_军事/政治_人文社科_专业资料。工商银行内训师培养体系...授课水平与质量的评价标准 研讨流程: 虞处介绍项目开展的目的 进行项目阐述与...
战略研讨会的流程
战略研讨会的流程_企业管理_经管营销_专业资料。公司战略研讨会的流程 1、 成立战略委员会 确定战略资料的编制人员,及确认人员。 2、公司未来发展战略方向的规划与...
研讨会会议议程
研讨会会议议程_军事/政治_人文社科_专业资料。会议议程***讨论会 会议议程 一、会议时间:*月*日(周*)上午*点 二、会议地点:***会议室 三、主持人:***,...
研讨会开幕式致辞
研讨会开幕式致辞_社会学_人文社科_专业资料。尊敬的各位领导、各位专家、各位来宾、各位同仁: 大家上午好!很高兴能和在座的各位齐聚天津,共同出席今天的 研讨会。...
会议温馨提示_广告/传媒_人文社科_专业资料
会议温馨提示_广告/传媒_人文社科_专业资料。温 馨 提 示 您好!欢迎您参加***工作研讨会。请您注意如下温 馨提示: 一、会议地点 ***酒店 5 楼第二会议室...
研讨会发言材料
研讨会发言材料_工作范文_实用文档。物理研讨会发言材料 2012 年初中教学研 讨会典型发言材料 精心挖掘打造物理实效课堂 一 、精心备课——提高物理课堂的实效 新...
工匠精神主题研讨会
工匠精神主题研讨会_军事/政治_人文社科_专业资料。青岛冲压分会 E 线小组工会学苑“工匠精神”主题研讨会方案一、背景目的:顺应公司对“工匠精神”学习的号召,特...
中国药学会2015年学术会议计划
中国药学会2015年学术会议计划_中医中药_医药卫生_专业资料。中国药学会2015年...项目名称 生物类似药研发与评价技术指导原 则实施和科学问题研讨会 对象 生物...
更多相关标签: