DO-254 & THE BASICS OF HARDWARE VERIFICATION
In general, one can organize RTL code into two categories, asynchronous vs. synchronous code. Each serves a huge purpose. Asynchronous design is very attractive to high-speed applications and it is also used for in-between chip communication where clock propagation is just a headache to deal with. Synchronous design is more mainstream and is used for designs where accuracy and dependency are very important. Obviously, there is a huge clock dependency here which results in a taxing overhead. Nonetheless, a good majority of the designs found in today’s technology are synchronous. In fact, a small number of RTL developers can do effective asynchronous coding.
Verification of asynchronous code is not deterministic and neither is it predictable; therefore by nature, it is not a good fit for commercial aerospace. In most recent asynchronous designs an alternate mode is incorporated; this is placed in a synchronous mode for which self-test mechanisms such as scan tests can be initiated. The amount of time and resources to verify asynchronous designs depend on the required quality of the end-product. You can spend years verifying asynchronous code and still not be confident of all the possible permutations! The most effective approaches for this type of implementation have been to reduce the scope of operation to a minimal subset of all the modes in which the code should be verified.
In general, there are two main challenges in testing HDL components, controllability and visibility. All test efforts are scoped toward getting the Device Under Test (DUT) to behave via a predefined set of stimulus in a predictable fashion.
The purpose of this whitepaper is to educate the reader in how a leading avionics services company considers DO-254 approaches for hardware verification activities on a regular basis.