Verifying Cockpit Display Units as per the DO-178C Guideline

When United Airlines offered customers up to a million miles for finding security bugs in 2015, it had become evident how important safety and security is for the aerospace industry. Although the bug bounty program was targeted at bugs in the airlines' website and app interfaces, the message was clear – safety and security is paramount in the aerospace industry. And when it comes to in-flight avionics systems, the accuracy and precision of cockpit display units needs to be beyond perfect.

Designing Cockpit Display Units

As technological advances take over the avionic system market and with big players like Boeing implementing touchscreen flight displays for improved usability,  the process of developing, testing and verifying an aircraft’s cockpit display is getting complicated.

·     Embedding the latest technology, processing large number of signals, and prioritizing what information to show at any given time is becoming more and more challenging.

·       Since Cockpit Display Units are used to present critical information to the pilot, including the health of various aircraft systems, flight parameters, and navigational information, it is important that the display unit presents the most relevant information in a clear and concise manner.

·    Cockpit Display Unit design involves developing sophisticated logic to manage devices and display information on various display units.

·   Multiple logics for display need to be applied and prioritized to ensure the most important and relevant information is displayed at all times. 

Verifying as per DO-178C Guideline

As the demand for DO-178C training and best practices implementation gradually increases, verifying cockpit display unit components requires you to conduct software requirements analysis, design, testing, and Quality Assurance (QA) to assess and leverage compliance to FAA and EASA standards and expectations. Since DO-178C offers a strict certification requirement for avionics software, by examining the effects of a software failure in the system, appropriate steps can be taken to ensure safety and airworthiness of the Cockpit Display Units. By verifying Cockpit Display Units for compatibility, consistency and integrity, conformance to the DO-178C standard can be achieved. 

Using Model-based Design Approach for Verification

With model-based design, you can efficiently design and test complex control logic early in the development process, ensuring easy and quick workaround.

·    You can use the model throughout the design life-cycle: from desktop and real-time simulation, and then for implementation of the embedded software.

·   By conducting functional and structural verification on the design model, you can efficiently design the control logic for a Cockpit Display Unit and quickly discover and correct errors before the design is implemented in software.

Continuous Verification & Validation

Creating an executable system specification in the form of a model facilitates continuous verification and validation of Cockpit Display Unit components during the design cycle.

·     Since the cockpit display software is typically built one component at a time, you can develop and functionally verify the behavior of each component in a modular fashion.

·      Using an incremental testing approach, wherein functional and structural completeness of each component within the display unit is independently verified, you can validate whether the model meets the requirements before generating code and implementing the design on hardware.

·       By identifying errors early in the design and test phases, you can save substantial time and efforts and costs.

Ensuring Round-the-Clock Safety

As flying safely requires pilots to have heightened situational awareness and on-demand access to accurate information, high performance cockpit display units are crucial to maximize the display of critical flight information. For this reason, Cockpit Display Units need to be extremely accurate and need to efficiently manage multiple components aboard the aircraft. Using model-based design, you can conduct requirements trace-ability and functional and structural verification and validate if the system components meet the DO-178C guideline requirements and ensure round-the-clock safety of air travel.

DO-254 Certification - An Avionics Requisite

The aerospace industry is undergoing a major metamorphosis. As air travel gets more popular and affordable, there is an essential need for highly efficient avionics systems across commercial, business, military and UAV programs that are compliant as per DO-254, DO-178B, DO-178C, DO-160 and ARP-4754 standards. Compliance with FAA and EASA addresses the business needs of aerospace companies across hardware, software and system and mechanical engineering systems that is crucial for ensuring airworthiness of critical avionics systems.

Verification and Validation Services

Technology partners work in close association with manufacturers and provide various compliance services:

·  EUROCADE ED-12C/RTCA, DO-178B and DO-178C compliant model based design and software architecture development

·      Design and verification for FPGA, ASIC and SoC components in compliance with DO-254 guidelines

·      System-level design, verification and validation in compliance with ARP-4754 guidelines

·      Tools qualification in compliance with EUROCADE ED-215/RTCA DO330

·  Object-oriented technology based development and verification complaint with EUROCAE ED-217/RTCA DO-332

DO-254 Certification Requirement

To meet the high quality, on-time delivery, low total-cost-of-ownership, high value addition and exceptional customer service requirements, compliance to the hardware and software standards set by RTCA and FAA becomes inevitable. The DO-245 or Design Assurance Guidance for Airborne Electronic Hardware provides manufacturers guidance for the development of electronic hardware that is the foundation of critical avionics systems. Recognized by the FAA, the DO-245 certification encompasses critical avionics hardware across FPGAs, PLDs, and ASICs.

As avionics hardware need to incorporate high precision due to the nature of the systems they are part of, the DO-245 certification lays down 5 levels of compliance that defines the effect of failure hardware will have on the operation of the aircraft. While level A failure is the most stringent, having a catastrophic effect on the efficiency of the aircraft, failure of Level E hardware will not affect the safety of the aircraft but is nevertheless important for good performance. Capturing the requirements and tracking them throughout the design and verification process is an important aspect of the DO-254 certification process, which incorporates a Plan for Hardware Aspects of Certification, Hardware Verification Plan, Top-Level Drawing and Hardware Accomplishment Summary.

DO-254 Certification

With avionics system manufacturers developing a host of hardware and software systems that are used in various parts of the aircraft, they need to be certified as per the DO-254 compliance guidelines. By teaming up with technology partners who are competent in handling the DO-254 life cycle, avionics system manufacturers can meet the required compliance needs within a short time-frame. These technology partners provide support for all phases including SOI-1 to SOI-IV and ensure an accelerated process with high efficiency. Using tools like Modelsim10.2C, Libero11.2, DOORS, Clear-Case, Clear-quest, technology partners are able to offer a range of services for DO-254 certification including:

·      Development of scripts to switch functional and post-layout simulation

·      Test bench skeleton creation

·      Integration of all BFMs

·      Assertions to monitor timing requirements of interfaces

Certification Process

The certification process encompasses the following:

1.      Planning: The planning phase is crucial in the DO-254 project life cycle as it defines how all aspects of the project will achieve the DO-254 compliance. The hardware manufacturer declares the approach towards the certification by presenting the plan for hardware aspects of certification to the FAA. In this plan, the manufacturer presents its approach and how DO-254 is implemented as part of the SOI 1.

2.    Requirements Gathering: Requirements capture is vital to the success of the DO-254 program. This phase captures requirements starting from components requirements to system requirements. 

3.     Design: The design phase involves development of a high-level design concept that can be assessed to determine if the resulting implementation will meet the requirements. The actual designing using HDL coding begins in this phase.   

4.      Validation and Verification Process: First the validation process is done which provides assurance that the requirements are correct and complete with respect to system requirements allocated to the hardware. Next, the verification process is conducted which provides assurance that the hardware implementation meets all of the requirements.

Ensuring High Airworthiness

Guidelines like the DO-254 provide design assurance of airborne electronic hardware through the entire life cycle: from conception to certification to ensure high airworthiness and the success and safety of the avionics industry.