Conclusions

7.2.1 Future Standards and Processes

If today, DO-254 is not applicable for DAL-D ASIC and FPGA through application of Advisory Circulars, CRI and other guidelines which would

“zeroize” certification costs for DAL-D developments, it is foreseen next “DO-254A” release will be as stringent for hardware as DO-178C will be for software.

Also, it is foreseen in the near future that Model Based Development techniques and associated qualified tools will be used following similar processes and will produce similar artefacts for both hardware and software.

“Pressing a button” will produce indifferently certified code for a general purpose processor or for an FPGA, once the model has been thoroughly verified. If so, DO-254A certification costs should be similar to DO-178C certification costs at equivalent DAL.

Nevertheless, though a branch of the standard “V” process as been “sawed”

by developing with MBD techniques, it is not sure certifications cost will be much lower than presently. Indeed, the verification activities (which basically make the costs) will have to be performed anyway, even if slightly easier to perform on the model itself than they were on the code and executable.

7.2.2 Platforms and Certification Costs Estimates

It is today very difficult and risky to project what certification costs will be in the evolving environment in which technology runs much faster than

standardisation, and economical considerations need to be taken into account. What would have seemed initially an “arithmetic” exercise (sum of SLOC numbers multiplied by metrics) turned out to be investigations for what is to be expected in the near future in terms of recommended practices, methods and tools ending in a “not that crystal clear crystal ball” exercise.

Hence the figures provided in this document are best guesses of what RCF foresees in the next future during which IEEE802.16e C-band radios would be developed. These figures are based on the following assumptions:

• DO-254 and DO-178 certification costs are likely similar (same objectives, same process, same artefacts, same tools)

• Use of MBD suites will not significantly reduce the overall certification costs (less code verification, but greater model verification)

• COTS chipsets (e.g. TRF2436 and SQN1130) and reprogrammable devices (e.g. PC6530) can only be used on DAL D designs (no detailed artefacts available from the manufacturers) based on their In Service Experience in commercial mobile wireless IEEE805.16e equipment

• Sophisticated FPGA (e.g. Virtex5) embedding FPGA, DSP and microprocessor cores will be qualified as FPGA (DO-254) for their logical processing features, and as microprocessors and DSP (DO-178C) for their general purpose and digital processing features

As far as the lower layers, i.e. front end and baseband modules, are

concerned, all solutions are equivalent as long as the aim is developing and certifying a DAL D transceiver.

The main cost driver (ref. §6.2.2) is the higher level protocol stacks (i.e. IPv6) and the SCA modules of a software defined radio. These were only

considered for the SDR-based solution and possibly for the “Virtex FPGA-based” solutions, which are the only solutions foreseen to be certifiable at levels higher than DAL D. However, the numbers will remain extremely high (several M€), as long as no certified IPv6 stack and ORB are available.

Issues, pros and cons for the different platforms as well as associated certification cost estimates are summarized in the following tables.

SDR-based Development

Issues • ORB:

o No certified ORB available

o ORB not certified “as is” (dynamic allocation)

• Core Framework:

o No certified CF available

• RTOS:

o Few Certified RTOS available, and quite expensive

• IP Stacks:

o Different from kernel IP stack, hence to be certified separately

Pros • Standard Architecture

• Adapted to support multiple waveforms (maybe not relevant for Mobile WiMAX only)

Cons • Huge software

COTS-based Development Issues • DO-254 DAL-D only

o no chipset qualified

o no certification package available Pros • Simple hardware design

• Compact hardware design (maybe not relevant for 3⁺ MCU)

• Simple integration

Cons • Limited choice of COTS chipsets

• High prices for chipset purchase (today)

• Difficulty to justify level higher than DAL-D

• Will require In Service Experience justification of the chip to enable their use in critical avionics solutions

FPGA-based Development Issues • Potential sensitivity to heavy particles Pros • Integrated devices

o “SDR on chip” (maybe not relevant for 3⁺ MCU) Cons • Price (today)

• Will require In Service Experience justification of the chip to enable their use in critical avionics solutions

Reprogrammable Processor-based Development Issues • DO-254 DAL-D only

o no chipset qualified

o no certification package available

Pros • Simple hardware design

• Compact hardware design (maybe not relevant for 3⁺ MCU)

• Simple integration

Cons • Limited choice of COTS chipsets

• High prices for chipset purchase (today)

• Difficulty to justify level higher than DAL-D

• Will require In Service Experience justification of the chip to enable their use in critical avionics solutions

Table 15: Issues, Pros and Cons of Each Platform

Two transceivers classes have been identified:

1. DAL-D only capable: developed using COTS-based or

Reprogrammable solutions, highly integrated and supported by minimal software

2. DAL-C (and higher) capable: developed using SDR compatible

architecture, either through split FPGA/DSP/GPP or through integrated FPGA architectures and supported by full featured software

Certification costs effort main figures (expressed in person.day) for the two classes are summarized in the following table. Min and Max values are also provided for the “SDR platforms” by applying different metrics listed earlier (§5.5).

Function / Module Number Of SLOC

Function / Module Number 6258 8978 10590 11162 6354 9833 14241 17208 IPv6 Stack (full) 413000 NA

6453 10325 20650 34417 NA NA NA NA NA NA NA NA IPv6 Stack (µIPv6) 2300 40

NA NA NA NA 8788 12609 14872 15676 8923 13810 20000 34417 ORB and

Middleware

580000 NA

9063 14500 29000 48333 242 348 410 432 246 381 552 667 Core Framework 16000 NA

250 400 800 1333 667 957 1128 1189 677 1048 1517 1833 Generated

CORBA Code

44000 NA

688 1100 2200 3667 30 43 51 54 Total 1093950 40²¹

17 093 27 349 54 698 91 163 Other Costs (Efforts person.day)

Environmental Qualification 140 140 140 140 140

Other Costs (Expenses k€)

Environmental Qualification 50 50 50 50 50

Table 16: Major Certification Costs for COTS-based and SDR-based Platforms