FPGA IP Verification for Use in Severe Environments 2005 MAPLD International Conference September 2005 Paper #237

Download Report

Transcript FPGA IP Verification for Use in Severe Environments 2005 MAPLD International Conference September 2005 Paper #237 

FPGA IP Verification for Use
in Severe Environments
2005 MAPLD International Conference
September 2005
Paper #237
Summary
Trends
 With smaller geometries, more functions fit into one device
 With synthesizable HDL, design-reuse is practical
 With large FPGA devices, gate-level design is difficult
 Resource-intensive
 Takes a long time
 Increases likelihood of error
 IP proven by customers in many applications is often more
mature than internal IP
How can a supplier create pre-built IP that meets
the needs of many customers while reducing
risks to space flight?
Land
2
MAPLD 2005/237
IP that Reduces Risk
Structured Development
 Robust design process
 Additional concerns for space applications
 Thorough verification
 Deliverables and documentation for ease of use
MIL-STD-1553 Product Example
 Products
 Design Flow
 Test Results
 Customer-proven
Land
3
MAPLD 2005/237
Robust Design Process
Structured, design flow
 Proposal
 Justification for development and creation of the project plan
 Definition and Planning
 Preliminary datasheet creation defining the core
 Development
 The core is implemented and deliverables are created
 Verification and Validation
 Testing against specification (ie. MIL-STD-1553; PCI PlugFest)
 Release
 Release of product for volume sales
 Configuration Management, Feedback and Revision
Phase
Land
Gate
4
MAPLD 2005/237
Proposal
Business case and/or justification
Lead customers and needs
Product features and benefits
Silicon families including environments
 COM, IND, MIL, AUTOMOTIVE
High-level functional requirements
Preliminary risk review
Project timescales
Land
5
MAPLD 2005/237
Definition and Planning
Plans
 Development – datasheet and schedules
 Verification and validation – test plan
Development plan and preliminary datasheet
 Architectural design elements
 Functional block diagram
 Product Summary
 General Description
 Detailed design elements




Core hardware interfaces
Core software interfaces
Interface Timing
Additional discussion – mathematical theory, etc.
 Coding standards and code coverage requirements
Land
6
MAPLD 2005/237
Definition and Planning (p2)
Test plan
 Verification plan - determine verification level
1. Simulation - every core
2. Hardware – test core on test platform (ie. FPGA on a PCB)
3. Hardware versus a tester
4. Hardware tested to a standard or by a third party
 Validation - proof against a known entity
 Levels 3 and 4 are validation
 Customer demand is driving toward more formal documentation of
process for validation, such as DO-254 certification kits
 Hardware testing
 Determine functional requirements of test platform
 Design and manufacture test platform in parallel to development
Land
7
MAPLD 2005/237
Detailed Design
Core and testbenches
 Source is coded in standard RTL
 Verilog (IEEE 1364-2001 Revision C)
 VHDL (IEEE 1076-1987 or 1993; IEEE 1164)
 Include comments so an engineer can understand code
Design flow (Actel Libero Suite)




Simulation – Mentor ModelSim
Synthesis – Synplify Synplicity
Place and Route – Actel Designer
Physical Optimization – Magma Palace
Netlist and layout considerations
 Synthesis scripts for repeatable netlist generation
 Add timing constraints, if needed
 Example pinouts are often provided
Land
8
MAPLD 2005/237
Detailed Design (p2)
Typical Delivery Structure
Structure matters for design – reuse with a tool flow
Land
9
MAPLD 2005/237
Detailed Design (p3)
Delivery Structure Descriptions
Directory
Contents
Provided with
docs
Pdf files of all the core
documentation
EVAL, NETLIST, RTL
layout
Example layout database files
for the supported families
NETLIST, RTL
mti_libero
Compiled Simulation Models
for Libero
EVAL, NETLIST, RTL
mti_modelsim
Compiled Simulation Models
for full up Modelsim
EVAL, NETLIST, RTL
netlists
Netlists for the supported
families with & without IO
NETLIST, RTL
rtl
Complete Source code
RTL
source
Top level source code etc
NETLIST, RTL
Land
10
MAPLD 2005/237
Detailed Design (p4)
 GUI or delivery platform
 Modern, parametric cores often have a software interface
 Own interface – typically C code
 IP deployment platform – SPIRIT interface
 Considerations for space applications
 Actel devices are SEU immune, but some customers requested
creation of cores with ‘fail-safe state machines’
 Adds redundancy/risk reduction
 Synplicity default could lock if SEU upset
 Certification envelope
 VHDL and Verilog versions
 Different speeds
 Higher coverage standards and well-explained variances
 Toggle and code coverage target of 100%
 Customers frequently desire error detection and correction for memory
 Tool flow documented with versions, for exact design replication
Land
11
MAPLD 2005/237
Verification and Validation
 Verify per the test plan
 Simulations
 RTL
 Gate-level
 Hardware platform
 Verify FPGA programming via a checksum test
 Evaluate against an analyzer, another HW platform and/or validated
tester
 Verify key parameters – frequencies, instructions, timing
 Check corner cases and unlikely scenarios
 Validate
 Actual validation required will vary for each core
 MIL-STD-1553 cores have 3rd-party review at Test Systems, Inc.
 A validation report review - actions and responses
Land
12
MAPLD 2005/237
Release
Design review
 Re-check all elements of directory structure exist
 Re-check results of simulation, hardware and validation tests
 Review coverage numbers
 Check actual design versus original specification (datasheet)
Archive files
 Core database
 Provide certified core layout databases
 Final, production documents
Release
 Signoff (ECN) by multiple parties
After release
 Create mechanism to track errors and enhancements
Land
13
MAPLD 2005/237
Revision and Configuration
A core revision can be caused by
 Discovery of a functional error in the core
 Log findings – Actel has ‘SAR’ system
 Enhancement request for additional or fewer functions
 Support of new Actel FPGA family
 Changes to Actel software or device characterization
Revision development flow is similar
 Last production release is the starting point
 Code changes are documented and included in each release
Configuration management
 Have a system that stores production and work-in-progress
versions of cores (does not need to be the same)
 Have a system to log necessary changes to core
Land
14
MAPLD 2005/237
IP that Reduces Risk
Structured Development
 Robust design
 Thorough verification
 Documentation for ease of use
 Additional Concerns for Space Applications
MIL-STD-1553 Product Example
 Products
 Design Flow
 Test Results
 Customer-proven
Land
15
MAPLD 2005/237
MIL-STD-1553 Products
Simple, small remote terminal interface core
Simple, small bus controller interface core
Combined BC, RT, MT with Advanced RT features
Boards
 Antifuse and Flash FPGA Platforms
Additional Information
 Designing MIL-STD-1553 with 8051 Host
 Design example code to link cores
Land
16
MAPLD 2005/237
Core1553BRM example
 Proposal
 A large portion of market had ‘advanced RT features’
 Circular buffers and indexing for bulk data transfers
 Internal (eliminates system OH) or external (small) legalization
 Separate memory for broadcast messages
 Interrupt history
 Competitors also had combined-function products with BC, RT and MT
 Definition
 MIL-STD-1553 Specification
 Preliminary datasheet highlighting the features in the proposal
 Development
 Developed remote terminal, bus controller and bus monitor with
appropriate, more-complex instruction code
 Used Manchester encoder/decoder from Core1553BRT to reduce risk
Land
17
MAPLD 2005/237
Core1553BRM Example (p2)
Validation
 Stable, tested code with reviewed test results
 Reviewed key parameters, such as 12, 16, 20 and 24 MHz
operation
 Tested against existing MIL-STD-1553 COTS tester and validated
Core1553 Evaluation Board
 Certified Core1553BRM Development Kit at Test Systems, Inc
completely for 12 and 24 MHz and partially for 16, 20 MHz
Release gives first-rate integration
 Core builds complete and in system, board release, release note,
user guide, data sheet, certification papers
Solution improves integration
 Application note, reference design and example designs
available
Land
18
MAPLD 2005/237
Core1553 Customers
Core1553
 Over 30 customers through 2004
 Many customers are top-tier
aerospace customers
 Many repeat customers
Applications
 Satellite payload
 Military aircraft
 Spacecraft IO board
 Military helicopter weapons
 Avionics testers
Land
19
MAPLD 2005/237
One-stop Low-risk SOC FPGA
Spacecraft I/O Board Example
Shared Memory
(on or off-chip)
ASM51 MCU
(Core8051)
Serial
Channel
Remote
Monitor
Land
Prog.
I/O
Sensor
Module
PCI bus to
instrument panel
1553 bus to
rest of craft
PCI
(CorePCI)
1553 RT
(Core1553BRT)
Memory Data Bus
Special Function Register Bus
Synchronous Serial
Channel (CoreSDLC)
Asynchronous Serial
Channel (CoreUART)
Data Transfer Port
Avionics Control Port
20
MAPLD 2005/237
Conclusion
Pre-built and verified IP can reduce risk, if
 A structured, robust development process is followed
 Additional concerns for space applications are considered
 Verification and validation is demonstrated
 Deliverables and documentation ease use
 Use by many customers increases robustness as the core is
used and tested in a variety of environments
Land
21
MAPLD 2005/237