DESIGN AND VERIFICATION THE DOUGLE AND VERIFICATION THE CONFERENCE AND EXHIBITION

EUROPE

MUNICH, GERMANY DECEMBER 6 - 7, 2022

# Types of Robustness Test According to DO-254 Guideline for Avionic Systems Gözde Asena KILINÇ, ASELSAN A.Ş. Yavuz AKSU, ASELSAN A.Ş. Fatih BAYSAL, ASELSAN A.Ş.

## What is DO-254?

- RTCA DO-254 is a safety-critical guideline for aircraft electronic hardware, which consists of five Design Assurance Levels (DAL) to make flights as safe as possible and to prevent time and financial losses.
  - DALA (Catastrophic)
  - DALB (Hazardous)
  - DALC (Major)
  - DALD (Minor)
  - DALE (No safety effects)







#### Robustness Tests

- Robustness testing has two main goals:
  - Guarantee that the product functions properly in normal conditions.
  - Tests and identifies the hardware design limitations that are outside of the requirements to ensure how the system reacts to abnormal conditions.







## Robustness Test Types

- Invalid Access Error Tests
- Clock Robustness Tests
- Reset Robustness Tests
- Glitch Filter Tests (Data Disruption Tests)
- Invalid State Transition Robustness Tests





## Invalid Access Error Tests

- Receiving incorrect combinations of inputs
- Toggling inputs that are not listed in the associated requirement
- Unexpected combinations of inputs





#### Invalid Access Error Tests







## Clock Robustness Tests

- Variation of the system clock duty cycle and/or frequency between given tolerances and beyond the tolerances
- Invalid input timing (e.g., setup and hold violations)
- Asserting and de-asserting input signals between clock edges given to systems





## Clock Robustness Tests





#### Reset Robustness Tests

• Application of reset input to the FPGA while the system is working under normal conditions.







#### Reset Robustness Tests







## Glitch Filter Tests (Data Disruption Tests)

• Data ports are driven to disrupt the data transfer temporarily, while data transfers are continuing for different interfaces.







## Invalid State Transition Robustness Tests

• The system would be forced to enter an unwanted state rather than the states mentioned in design blocks.







## Questions?



