Transcript Programmable Logic Devices IV&V

Verification and Validation of
Programmable Logic Devices
• James A. Cercone Ph.D., P.E.,
•
•
Chair and Professor of Computer Science
WVU-Tech
• Michael A. Beims
• Senior Systems Engineer
• Science Applications International Corporation
• Kenneth G. McGill
• National Aeronautics and Space Administration’s IV&V Facility
Cercone
1
113/MAPLD 2004
Abbreviations:
Cercone
IV&V
Independent Verification and Validation
V&V
Verification and Validation
PL
Programmable Logic
FPGA
Field Programmable Gate Array
VHDL
VLSI (Very Large Scale Integration)
Hardware Design Language
2
113/MAPLD 2004
PLD/FPGA Software
• Designs are tested for
– Functionality
– Boundary conditions
– Operational simulation, electrical criteria
• Designs are not routinely subjected to
– Formal Verification and Validation (V&V)
– Independent Verification and Validation
• Existing V&V methods adaptable to
designs (e.g. Fagan and Gibbs inspections)
Cercone
3
113/MAPLD 2004
Pilot Project
• Utilize a current NASA Space System
Project
• A good candidate has
– Significant reliance on PL devices for critical
spacecraft control.
– Significant reliance on PL devices for critical
science instrument functionality.
– An ongoing IV&V process with an interface to the
Project
Cercone
4
113/MAPLD 2004
Relevance to Safety and
Mission Assurance
• Design methodologies for PLD/FPGAs
widely vary
• Design teams do not always follow the
proven practices of software design
• Problems observed in design reviews at
satellite vendors
• Late in life cycle hardware changes have
been driven by faulty PLD logic
Cercone
5
113/MAPLD 2004
Some types of defects
• May go undetected during
compilation and simulation
• Reset related:
– Reset inputs derived from sources
external to FPGA
– Outputs and internal inputs in unknown
state during reset
• Clocking related:
– Poor clocking strategies
– Asynchronous designs crossing clocking
barriers
Cercone
6
113/MAPLD 2004
Types of Defects (cont.)
• Coding practices related:
– Coding style – mixing of structural and behavioral
modeling
– Unstable and unnecessary code “circuitry” included in
design
– Inappropriate use of commercial core codeware
• State Machine related:
– Poor design of state machines (such as unintentional
race and dynamic hazards)
– Incorporation of “One Hot” design Finite State Machine
Designs that have excess unused states
• Transient related:
– Susceptibility to single event effects
– Startup transients created by unused (programmed)
input/output pin connections
Cercone
7
113/MAPLD 2004
Methods and
Procedures
• Collection of existing PLD/FPGA fault data
from NASA users
• On site visits and direct contact with NASA
PLD/FPGA designers
• Investigate V&V methodologies that may
be adapted
– Inspections:
• Fagan and Gibbs
• Other Software Code analysis methods
– Consideration of compiler specific variations
• Attributes not apparent during simulation (e.g. the
number of flip-flops used for finite state machines.)
Cercone
8
113/MAPLD 2004
Technology Transfer
• Appears to be a critical need for an
upcoming space telescope
– Large number of FPGA’s for domain specific
optimized data compression
– High complexity logic
– Numerous design iterations
– Size of the logic may need a larger die late in the
life cycle of the instrument
• Results applicable to other developers
– A spacecraft related to this telescope
experienced an FPGA design defect that required
a hardware change late in the life cycle
• Results can be applied to future missions
Cercone
9
113/MAPLD 2004
Success Criteria
• a) Identify PLD/FPGA design logic faults.
• b) Identify applicable existing methodologies by
tracing design defects to their common cause.
• c) Suggest enhancements to the design phase,
peer and design reviews.
• d) Provide field prototyped training materials for PL
software V&V.
• e) Successfully complete a pilot project.
Cercone
10
113/MAPLD 2004
Uniqueness of Research
• FPGA “software” is not currently required to
undergo V&V evaluation according to:
– Previous studies and standards such as the FAA –
DO-254
– Some European based studies
• No specific / current guideline for PLD/FPGA IV&V
– Methodology has not evolved much beyond the
classical sequential development methodology
of: specify requirements, create the design,
code, simulate and test.
Cercone
11
113/MAPLD 2004
Research Team
• James A. Cercone Ph.D., P.E.,
•
•
Chair and Professor of Computer Science
WVU-Tech
• Michael A. Beims
•
•
Senior Systems Engineer
Science Applications International Corporation
• William Clark
•
•
Associate Professor of Computer Science
WVU-Tech
• Sidney Valentine
•
•
Cercone
Assistant Professor of Electrical Engineering Technology
WVU-Tech
12
113/MAPLD 2004