By Sharanbasappa Raghapur, Prasanna Venkatesh B (HCL Technologies)
In recent decades, the increasing electronics system complexity significantly shares its functionality and multi-functional peripheral requirement load with Multimillion Gate FPGA/SoC/ASIC. Eventually this resulted in packing multi-module functionality and logic into a Single Chip based solution with Hardware and Software together.
To address this requirement most of the product developers/solution architects choice would be an FPGA based solution because of its; high gate capacity, multi-interface features, on-chip processor, large on chip memory, parallel processing capability, re-programmability and nevertheless equivalent to ASIC like performance in a single chip. Generally most engineers focus on design and implementation of functional aspects of the requirements or specification. Whereas, functional safety is one of the vital and essential requirements in most industry segments (ex: Aerospace, Medical, Automotive and industrial etc.).
Today’s FPGA devices comply with industry specific standard grade requirements. Still to address and handle the functional safety requirements and to comply with SIL (Safety Integrity Level) requirements, a well-defined FPGA design process is essential starting from requirement capture to design implementation using EDA tool. This article at high level briefs IEC61508 based FPGA design methodology and guideline. Figure1 shows safety standards established worldwide.
To develop a SIL compliant FPGA design, a functional safety integrated development process framework is mandatory. This process framework should have well defied template, checklist, design methodology; coding/verification guidelines and matured audit process for each stage of FPGA design lifecycle refer figure2.
Click to enlarge
Requirement Phase: This one of the foremost important phase of safety development process. The functional requirements and safety requirements with recommended prevention/mitigation guidelines need to be thoroughly analyzed. In most scenarios an FPGA will be a leaf level element or device in a sub system. So, the derived safety requirements from the System à Sub system àElement/Device is very essential. All the Fault, Error and Failure modes need to be captured w.r.to an FPGA perspective.
Architecture Phase: Based on the functional and safety requirements captured, it is essential to do a proper device selection, I/O pin planning, I/O interface and block level failsafe/shutoff, redundancy logic need to be derived along with the functional architecture. The HW/SW partitioning with a debug hierarchy planning is essential. In case of soft/hard processor is expected in the design, a Software-implemented fault tolerance (SWIFT) is mandatory.
RTL Design: The RTL code should be written in modular and with reduced complexity. The state-machine logic should have failsafe logic to avoid stuck-at-fault during a crash scenario and recovery criteria. Also certain critical decision making logic blocks can have proper majority voting logic. Also the Registers can be protected with local TMR (LTMR), a simple replication and Memory protected using ECC or parity checks. Figure3 shows sample design techniques.
Verification: The verification test plan should be robust enough to verify and cover all the functional scenarios and safety requirement scenario. The 100% code coverage is recommended for SIL-3 based design. The IO interface level design margin analysis is recommended when FPGA will get interfaced to old legacy printed circuit board (PCB) or subsystem.
Synthesis and PNR: For the design implementation, it is recommended to perform the block level synthesis for consistency check. The design constrains need to be realistic mainly on the IO constraint. It recommended ensuring any unwanted logic optimization performed by the synthesis and place and route tool. In SIL-3 designs it is recommend to perform design synthesis with 2 different EDA tool to ensure the consistency.
Summary: To achieve functional safety in FPGA, robust development process, and safety architecture with TÜV-qualified safety FPGA tools, IP core and devices are very essential. Also FPGA has advantage in handling obsolescence risk for safety design. Considering different SIL levels, FPGAs allows developing scalable/flexible safety designs for various applications.
If you wish to download a copy of this white paper, click here