120 likes | 213 Vues
Verification and Validation of Programmable Logic Devices. James A. Cercone Ph.D., P.E., Chair and Professor of Computer Science WVU-Tech Michael A. Beims Senior Systems Engineer Science Applications International Corporation Kenneth G. McGill
E N D
Verification and Validation of Programmable Logic Devices • James A. Cercone Ph.D., P.E., • Chair and Professor of Computer Science • WVU-Tech • Michael A. Beims • Senior Systems Engineer • Science Applications International Corporation • Kenneth G. McGill • National Aeronautics and Space Administration’s IV&V Facility Cercone 1 113/MAPLD 2004
Abbreviations: IV&V Independent Verification and Validation V&V Verification and Validation PL Programmable Logic FPGA Field Programmable Gate Array VHDL VLSI (Very Large Scale Integration) Hardware Design Language Cercone 2 113/MAPLD 2004
PLD/FPGA Software • Designs are tested for • Functionality • Boundary conditions • Operational simulation, electrical criteria • Designs are not routinely subjected to • Formal Verification and Validation (V&V) • Independent Verification and Validation • Existing V&V methods adaptable to designs (e.g. Fagan and Gibbs inspections) Cercone 3 113/MAPLD 2004
Pilot Project • Utilize a current NASA Space System Project • A good candidate has • Significant reliance on PL devices for critical spacecraft control. • Significant reliance on PL devices for critical science instrument functionality. • An ongoing IV&V process with an interface to the Project Cercone 4 113/MAPLD 2004
Relevance to Safety and Mission Assurance • Design methodologies for PLD/FPGAs widely vary • Design teams do not always follow the proven practices of software design • Problems observed in design reviews at satellite vendors • Late in life cycle hardware changes have been driven by faulty PLD logic Cercone 5 113/MAPLD 2004
Some types of defects • May go undetected during compilation and simulation • Reset related: • Reset inputs derived from sources external to FPGA • Outputs and internal inputs in unknown state during reset • Clocking related: • Poor clocking strategies • Asynchronous designs crossing clocking barriers Cercone 6 113/MAPLD 2004
Types of Defects (cont.) • Coding practices related: • Coding style – mixing of structural and behavioral modeling • Unstable and unnecessary code “circuitry” included in design • Inappropriate use of commercial core codeware • State Machine related: • Poor design of state machines (such as unintentional race and dynamic hazards) • Incorporation of “One Hot” design Finite State Machine Designs that have excess unused states • Transient related: • Susceptibility to single event effects • Startup transients created by unused (programmed) input/output pin connections Cercone 7 113/MAPLD 2004
Methods and Procedures • Collection of existing PLD/FPGA fault data from NASA users • On site visits and direct contact with NASA PLD/FPGA designers • Investigate V&V methodologies that may be adapted • Inspections: • Fagan and Gibbs • Other Software Code analysis methods • Consideration of compiler specific variations • Attributes not apparent during simulation (e.g. the number of flip-flops used for finite state machines.) Cercone 8 113/MAPLD 2004
Technology Transfer • Appears to be a critical need for an upcoming space telescope • Large number of FPGA’s for domain specific optimized data compression • High complexity logic • Numerous design iterations • Size of the logic may need a larger die late in the life cycle of the instrument • Results applicable to other developers • A spacecraft related to this telescope experienced an FPGA design defect that required a hardware change late in the life cycle • Results can be applied to future missions Cercone 9 113/MAPLD 2004
Success Criteria • a) Identify PLD/FPGA design logic faults. • b) Identify applicable existing methodologies by tracing design defects to their common cause. • c) Suggest enhancements to the design phase, peer and design reviews. • d) Provide field prototyped training materials for PL software V&V. • e) Successfully complete a pilot project. Cercone 10 113/MAPLD 2004
Uniqueness of Research • FPGA “software” is not currently required to undergo V&V evaluation according to: • Previous studies and standards such as the FAA – DO-254 • Some European based studies • No specific / current guideline for PLD/FPGA IV&V • Methodology has not evolved much beyond the classical sequential development methodology of: specify requirements, create the design, code, simulate and test. Cercone 11 113/MAPLD 2004
Research Team • James A. Cercone Ph.D., P.E., • Chair and Professor of Computer Science • WVU-Tech • Michael A. Beims • Senior Systems Engineer • Science Applications International Corporation • William Clark • Associate Professor of Computer Science • WVU-Tech • Sidney Valentine • Assistant Professor of Electrical Engineering Technology • WVU-Tech Cercone 12 113/MAPLD 2004