User2User - Santa Clara

Tuesday, May 20th-8:00 AM PDT

Check out the User2User North America 2025 conference session catalog and plan the sessions you'll attend.

Register Now!

Productivity Webinar

Wednesday, May 21st-8:00 AM PDT

Solving the Semiconductor Verification Crisis: From Problem to Productivity

Register Now!

Traceability Webinar

Wednesday, May 28th-8:00 AM PDT

Streamlining Requirements Traceability Using Questa Verification IQ Testplan Author

Register Now!

Verification Academy Live

Tuesday, Jun 03rd-6:30 AM PDT

Hudson, MA | American Heritage Museum

Register Now!

Verification Academy Live

Thursday, Jun 05th-7:30 AM PDT

Huntsville, AL | Siemens Training Center

Register Now!

Coverage Webinar

Wednesday, Jun 18th-8:00 AM PDT

Accelerating Functional Coverage with Questa One CX

Register Now!
SIEMENS Verification Academy

Functional Safety for DO-254

DO-254 (Design Assurance Guidance for Airborne Electronic Hardware) is the industry standard for ensuring the safety, reliability, and compliance of airborne electronic hardware. DO-254 defines stringent design assurance requirements for FPGAs and ASICs used in airborne systems. Compliance ensures that these programmable and custom devices meet safety, reliability, and regulatory standards.

Jacob Wiltgen

  1. Key Objectives for FPGA/ASIC Development under DO-254:

    1. Design Assurance Levels (DALs)

    • FPGA/ASICs are categorized from DAL A (most critical) to DAL E (least critical) based on their impact on flight safety.
    • Higher DALs (A & B) require comprehensive verification, traceability, and error mitigation.

    2. Requirements Traceability

    • Every FPGA/ASIC function must be traced from initial system requirements through implementation and verification to certification.
    • Ensures consistency and completeness of design.

    3. Rigorous Verification & Validation (V&V)

    • Functional verification through RTL simulation, formal methods, and gate-level verification ensures correctness.
    • Hardware testing (lab validation, in-system test) confirms real-world operation.
    • Equivalence checking for FPGA-to-ASIC conversions guarantees consistency.

    4. Configuration & Change Management

    • Strict version control and tracking of design iterations, modifications, and updates.
    • Guarantees that all changes meet safety and compliance standards.

    5. Failure Mode and Risk Mitigation

    • Analysis methods like FMEDA (Failure Modes, Effects, and Diagnostic Analysis) ensure robustness.
    • Triple Modular Redundancy (TMR), Error Correction Codes (ECC), and Built-In Self-Test (BIST) help mitigate failures in high-reliability applications.

    6. Comprehensive Documentation & Reviews

    • Every stage—from planning, design, verification, and validation to production—requires documentation for SIO (Statement of Intent) certification audits.
    • Certifying authorities like FAA, EASA, and RTCA require detailed design reviews at each phase.

    7. Predictable & Repeatable Development Process

    • Establishes structured workflows and best practices to ensure FPGA/ASIC projects meet deadlines without compromising safety.

  2. Introduction to DO-254

    Learn more by viewing the Introduction to DO-254 track.

    • Introduction to DO-254

      Functional Safety Oct 04, 2018 Byron Brinson Track

      The purpose of this track is to provide engineers or technical leads with basic understanding of DO-254 key concepts. DO-254 has been around for over 15 years and has been applied almost exclusively in the commercial Aerospace industry. Because it has been focused on a subset of the electronic hardware market, many engineers and companies have little to no knowledge of DO-254.

  3. Questa One Functional Safety for DO-254

    Siemens is the industry leader in delivering solutions tailored to DO-254 development process and workflows. The Questa One Functional Safety solution is built upon years of industry experience and its suite of verification technologies are tailored explicitly for avionics safety workflows.

  4. Metastability Analysis with Questa One

    Metastability Analysis with Questa One

    Learn about how Questa One Functional Safety CDC/RDC analysis are deployed to satisfy DO-254 metastability objectives.

    • Automating Clock-Domain Crossing Verification for DO-254 (and Other Safety-Critical) Designs

      Functional Safety May 15, 2020 Kurt Takara Paper

      Metastability is a serious problem in safety-critical designs, frequently causing chips to exhibit intermittent bugs that may not be caught until an in-flight failure. Traditional simulation does not accurately analyze multi-clock designs and relies on a manual, error-prone process. This paper describes the automated clock-domain crossing verification solution DO-254 projects need and tool assessment tips.

  5. Verification and Validation

    Verification and Validation

    Read about best practices deploying formal verification into a DO-254 framework.

    • Formal Verification for DO-254 (and other Safety-Critical) Designs

      Functional Safety Jul 01, 2021 David Landoll Paper

      DO-254 defines a process that hardware vendors must follow to get their hardware certified for use in avionics. All in-flight hardware (i.e., PLD, FPGA or ASIC designs) must comply with DO-254. This document focuses on the issue of advanced verification and tool assessment for DO-254, specifically for the Siemens EDA Questa Formal Verification tool.

    • What is “Verification” in the Context of DO-254 (Avionics) Programs?

      Functional Safety Mar 03, 2021 Michelle Lange, Jeff Reeve And Tammy Reeve - Patmos Engineering Services Article

      If you are a hardware design or verification engineer, you probably have a good idea of what verification entails. However, add compliance to RTCA/DO-254 as a requirement, and suddenly the definition of “verification” may not be so clear. First, the term “verification” must be understood alongside the synergistic term “validation.” Next, in a DO-254 context, verification spans a wider scope than it does traditionally, so understanding this is crucial.

    • Understanding Formal Methods for Use in DO-254 Programs

      Functional Safety Jul 01, 2021 Harry Foster Paper

      This paper seeks to take the mystery out of the use of formal methods for hardware verification. We will first explain formal methods as clearly and concisely as possible. We will then look at the state of the industry and the changes over the last decade or so that have enabled the widespread use of formal methods for hardware verification. Finally, we will bring this information together and provide recommendations for using formal methods on a DO- 254 project.

    • Understanding Formal Methods for Use in DO-254 Programs

      Functional Safety Jul 01, 2021 Harry Foster Paper

      This paper seeks to take the mystery out of the use of formal methods for hardware verification. We will first explain formal methods as clearly and concisely as possible. We will then look at the state of the industry and the changes over the last decade or so that have enabled the widespread use of formal methods for hardware verification. Finally, we will bring this information together and provide recommendations for using formal methods on a DO- 254 project.

  6. Tool Assessment

    Tool Assessment

    Learn about tool assessment in DO-254: When qualification is needed, methodologies to avoid tool qualification, and more.

    • How Do You “Qualify” Tools for DO-254 Programs?

      Functional Safety Mar 02, 2022 Michelle Lange, Tammy Reeve - Patmos Engineering Services Article

      Tools used in the design and verification of electronics have played a massive role in the dramatic evolution of these devices over the past few decades. After all, there is a limit to the amount of work and detail that even a good aerospace engineer can handle, but add the use of tools, and the sky (pun intended) is the limit.

  7. Questa One and MathWorks

    Questa One and MathWorks

    Learn about how Questa One and MathWorks solutions compliment each other to deliver a seamless flow from Planning -> Conceptual Design -> Detailed Design -> Implementation, incorporating verification and validation supporting processes.

    • Enabling Model-Based Design for DO-254 Certification Compliance

      Functional Safety Mar 02, 2022 Jacob Wiltgen Article

      Engineers can use Model-Based Design for requirements analysis, algorithm design, automatic HDL code generation, and verification to produce airborne electronic hardware that adheres to the DO-254 standard. The proposed Model-Based Design approach for DO-254 combines tools from MathWorks® and Siemens EDA for both design and verification. This workflow supports development phases from concept through implementation, streamlining development, and reducing costs.

  8. Deploying High-Level-Synthesis (HLS) in a DO-254 workflow

    Deploying High-Level-Synthesis (HLS) in a DO-254 workflow

    Learn about how to deploy a high-level synthesis flow within a DO-254 framework.

    • Deploying HLS in a DO-254/ED-80 Workflow

      Functional Safety Sep 01, 2021 Tammy Reeve - Patmos Engineering Services Article

      The adoption of tools into safety-critical workflows is often challenging as these new technologies must demonstrate sufficient safeness to use before being deployed in production environments. The demand for High-Level Synthesis capabilities within DO-254 projects is growing and this paper describes the requirements and considerations to successfully use High-Level Synthesis within a DO-254 workflow.

  9. Blog Posts

    Blog Posts

    Read about other DO-254 topics.

    • Deploying Formal in a DO-254 Program

      Functional Safety Aug 02, 2021 Jacob Wiltgen link

      The primary focus of DO-254, referred to as ED-80 in Europe, is hardware reliability of airborne electronic hardware. DO-254 is considered state of the art and compliance is compulsory for any company putting an IC on an aircraft. One component of the standard is the verification of functional behavior.

    • How to Use Checklists for DO-254 Verification

      Functional Safety Jul 07, 2022 Tammy Reeve - Patmos Engineering Services link

      Document DO-254 provides aerospace and defense companies with the needed guidance to develop and verify airborne electronic hardware. Some clients use products like Siemens’ Questa to fulfill vital verification objectives of DO-254 such as hardware behavior simulation and code coverage as a means for elemental analysis. But did you know a simple checklist can also be an effective DO-254 verification tool?