Verification and Validation of Programmable Logic Devices James

Verification and Validation of Programmable Logic Devices • James A. Cercone Ph. D. , P. E. , • • Chair and Professor of Computer Science WVU-Tech • Michael A. Beims • Senior Systems Engineer • Science Applications International Corporation • Kenneth G. Mc. Gill • National Aeronautics and Space Administration’s IV&V Facility Cercone 1 113/MAPLD 2004

Abbreviations: Cercone IV&V Independent Verification and Validation V&V Verification and Validation PL Programmable Logic FPGA Field Programmable Gate Array VHDL VLSI (Very Large Scale Integration) Hardware Design Language 2 113/MAPLD 2004

PLD/FPGA Software • Designs are tested for – Functionality – Boundary conditions – Operational simulation, electrical criteria • Designs are not routinely subjected to – Formal Verification and Validation (V&V) – Independent Verification and Validation • Existing V&V methods adaptable to designs (e. g. Fagan and Gibbs inspections) Cercone 3 113/MAPLD 2004

Pilot Project • Utilize a current NASA Space System Project • A good candidate has – Significant reliance on PL devices for critical spacecraft control. – Significant reliance on PL devices for critical science instrument functionality. – An ongoing IV&V process with an interface to the Project Cercone 4 113/MAPLD 2004

Relevance to Safety and Mission Assurance • Design methodologies for PLD/FPGAs widely vary • Design teams do not always follow the proven practices of software design • Problems observed in design reviews at satellite vendors • Late in life cycle hardware changes have been driven by faulty PLD logic Cercone 5 113/MAPLD 2004

Some types of defects • May go undetected during compilation and simulation • Reset related: – Reset inputs derived from sources external to FPGA – Outputs and internal inputs in unknown state during reset • Clocking related: – Poor clocking strategies – Asynchronous designs crossing clocking barriers Cercone 6 113/MAPLD 2004

Types of Defects (cont. ) • Coding practices related: – Coding style – mixing of structural and behavioral modeling – Unstable and unnecessary code “circuitry” included in design – Inappropriate use of commercial core codeware • State Machine related: – Poor design of state machines (such as unintentional race and dynamic hazards) – Incorporation of “One Hot” design Finite State Machine Designs that have excess unused states • Transient related: – Susceptibility to single event effects – Startup transients created by unused (programmed) input/output pin connections Cercone 7 113/MAPLD 2004

Methods and Procedures • Collection of existing PLD/FPGA fault data from NASA users • On site visits and direct contact with NASA PLD/FPGA designers • Investigate V&V methodologies that may be adapted – Inspections: • Fagan and Gibbs • Other Software Code analysis methods – Consideration of compiler specific variations • Attributes not apparent during simulation (e. g. the number of flip-flops used for finite state machines. ) Cercone 8 113/MAPLD 2004

Technology Transfer • Appears to be a critical need for an upcoming space telescope – Large number of FPGA’s for domain specific optimized data compression – High complexity logic – Numerous design iterations – Size of the logic may need a larger die late in the life cycle of the instrument • Results applicable to other developers – A spacecraft related to this telescope experienced an FPGA design defect that required a hardware change late in the life cycle • Results can be applied to future missions Cercone 9 113/MAPLD 2004

Success Criteria • a) Identify PLD/FPGA design logic faults. • b) Identify applicable existing methodologies by tracing design defects to their common cause. • c) Suggest enhancements to the design phase, peer and design reviews. • d) Provide field prototyped training materials for PL software V&V. • e) Successfully complete a pilot project. Cercone 10 113/MAPLD 2004

Uniqueness of Research • FPGA “software” is not currently required to undergo V&V evaluation according to: – Previous studies and standards such as the FAA – DO-254 – Some European based studies • No specific / current guideline for PLD/FPGA IV&V – Methodology has not evolved much beyond the classical sequential development methodology of: specify requirements, create the design, code, simulate and test. Cercone 11 113/MAPLD 2004

Research Team • James A. Cercone Ph. D. , P. E. , • • Chair and Professor of Computer Science WVU-Tech • Michael A. Beims • • Senior Systems Engineer Science Applications International Corporation • William Clark • • Associate Professor of Computer Science WVU-Tech • Sidney Valentine • • Cercone Assistant Professor of Electrical Engineering Technology WVU-Tech 12 113/MAPLD 2004