Abstract As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale production. FPGAs can be considered as a technology crossing between hardware and software. Only a small-number of standards for the design of safety-critical systems give guidelines and recommendations that take the peculiarities of the FPGA technology into consideration. The main contribution of this paper is an overview of the existing design standards that regulate the design and verification of FPGA-based systems in safety-critical application fields. Moreover, the paper proposes a survey of significant published research proposals and existing industrial guidelines about the topic, and collects and reports about some lessons learned from industrial and research projects involving the use of FPGA devices.
About author: Cinzia Bernardeschi received her Laurea degree and Ph.D. degree in computer science in 1987 and 1996 respectively, both from the University of Pisa. She is an associate professor with the Department of Information Engineering of the University of Pisa. Her research interests are in the area of software engineering, dependable systems and application of formal methods for specification and verification of safety-critical systems. Her most recent work is related to the application of theorem proving and model checking techniques for fault simulation and reliability analysis of electronic circuits and systems.
Cite this article:
Cinzia Bernardeschi, Luca Cassano, Andrea Domenici.SRAM-Based FPGA Systems for Safety-Critical Applications: A Survey on Design Standards and Proposed Methodologies[J] Journal of Computer Science and Technology, 2015,V30(2): 373-390
 Cardells-Tormo F, Valls-Coquillat J, Almenar-Terre V, Torres-Carot V. Efficient FPGA-based QPSK demodulation loops: Application to the DVB standard. In Proc. the 12th Int. Conf. Field-Programmable Logic and Applications, Sept. 2002, pp.102-111. Mazzeo A, Romano L, Saggese G P, Mazzocca N. FPGAbased implementation of a serial RSA processor. In Proc. Conf. Design, Automation and Test in Europe, March 2003, pp.582-587. Christophersen H B, Pickell W J, Koller A A, Kannan S K, Johnson E N. Small adaptive flight control systems for UAVs using FPGA/DSP technology. In Proc. the 3rd American Institute of Aeronautics and Astronautic (AIAA) Unmanned Unlimited Technical Conf., Workshop, and Exhibit, Sept. 2004, pp.1-8. Lédeczi Á, Völgyesi P, Maróti M, Simon G, Balogh G, Nádas A, Kusy B, Dóra S, Pap G. Multiple simultaneous acoustic source localization in urban terrain. In Proc. the 4th Int. Symp. Information Processing in Sensor Networks, April 2005, Article No. 69. Dobias R, Kubatova H. FPGA based design of the railway's interlocking equipments. In Proc. the Digital System Design EUROMICRO Systems, Aug. 31-Sept. 3, 2004, pp.467-473. She J, Jiang J. Application of FPGA to shutdown system No.1 in Candu. In Proc. the 6th American Nuclear Society Int. Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, April 2009, pp.1562-1573. Sterpone L, Violante M. Analysis of the robustness of the TMR architecture in SRAM-based FPGAs. IEEE Transactions on Nuclear Science, 2005, 52(5): 1545-1549. Sutton A. No room for error: Creating highly reliable, high-availability FPGA Designs, April 2012. http://www. synopsys.com / Solutions / IndustrySegmentSolutions/-MilAero/Documents/FPGA-high-rel.pdf, Nov. 2014. Sabena D, Sterpone L, Schölzel M, Koal T, Vierhaus H, Wong S, Glein R, Rittner F, Stender C, Porrmann M, Hagemeyer J. Reconfigurable high performance architectures: How much are they ready for safetycritical applications? In Proc. the 19th IEEE European Test Symp., May 2014. International Electrotechnical Commission (IEC). 61508-2 ed2.0: Functional safety of electrical/electronic/ programmable electronic safety-related systems — Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems, April 2010. http://webstore. iec.ch/webstore/webstore.nsf/Artnum PK/43983, Nov. 2014. Bowen J P, Stavridou V. Safety-critical systems, formal methods and standards. Software Engineering Journal, 1993, 8(4): 189-209. León A F. Field programmable gate arrays in space. IEEE Instrumentation Measurement Magazine, 2003, 6(4): 42-48. Cercone J A, Beims M A, McGill K G. Verification and validation of programmable logic devices. In Proc. the 7th Military and Aerospace Programmable Logic Devices Int. Conf., September 2004. Habinc S. Lessons learned from FPGA developments. Technical Report, FPGA-001-01, Gaisler Research, Sept. 2002. http://microelectronics.esa.int/asic/fpga 001 01-0-2.pdf, Nov. 2014. Gibbons W, Ames H. Use of FPGAs in critical space flight applications — A hard lesson. In Proc. the Military and Aerospace Applications of the Programmable Devices and Technologies Conf., 1999. Söderberg A, Hérard J, Mortensen L B. Guideline for design and safety validation of safety-critical functions realized with hardware description language. Technical Report 578. http://www.nordtest.info/index.php/technical-reports/item/guideline-fordesign-and-safety-validationof-safetycritical-functions-rea lized-with-hardwaredescription-language-nt-tr-578.html, Nov. 2014. Kuon I, Tessier R, Rose J. FPGA architecture: Survey and challenges. Foundations and Trends in Electronic Design Automation, 2008, 2(2): 135-253. Kuon I, Rose J. Measuring the gap between FPGAs and ASICs. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2007, 26(2): 203-215. International Electrotechnical Commission (IEC). 61508-3 ed2.0: Functional safety of electrical /electronic /programmable electronic safety-related systems — Part 3: Software requirements, April 2010. European Cooperation for Space Standardization (ECSS). Q-ST-60-02C space product assurance: ASIC and FPGA development, July 2008. http://everyspec.com /ESA/ECSS-Q-ST-60-02C 48182/, Nov. 2014. Radio Technical Commission for Aeronautics (RTCA). DO-254 design assurance guidance for airborne electronic hardware, April 2000. http://www.faa.gov/regulationspolicies/ advisorycirculars/index.cfm/go/document.information/ documentID/22211, Nov. 2014. International Organization for Standardization (ISO). 26262-5: Road vehicles — Functional safety — Part 5: Product development at the hardware level, November 2011. https://global.ihs.com/doc detail.cfm?document name=ISO%2026262-5, Nov. 2014. International Organization for Standardization (ISO). 26262-6: Road vehicles — Functional safety — Part 6: Product development at the software level, November 2011. https://global.ihs.com/doc detail.cfm?document name=ISO%2026262-6, Oct. 2014. European Committee for Electrotechnical Standardization (CENELEC). EN 50128: Railway applications — Communications, signaling and processing systems — Software for railway control and protection systems, November 2011. European Committee for Electrotechnical Standardization (CENELEC). EN 50129: Railway applications — Communications, signaling and processing systems — Safety related electronic systems for signaling, February 2003. Hilton A J, Townson G, Hall J G. FPGAs in critical hardware/ software systems. In Proc. the 11th ACM/SIGDA International Symposium on Field Programmable Gate Arrays, Feb. 2003, p.244 Gomes L, Barros J P, Costa A. Modelling formalisms for embedded system. In Embedded Systems Handbook, Zurawski R (ed.), CRC Press, Boca Raton, FL, 2006, pp.134-168. Gupta S, Dutt N, Gupta R, Nicolau A. Spark: A highlevel synthesis framework for applying parallelizing compiler transformations. In Proc. the 16th Int. Conf. VLSI Design, Jan. 2003, pp.461-466. Conmy P, Pygott C, Bate I. A VHDL guidance for safe and certifiable FPGA design. In Proc. the 5th IET Conference on System Safety, October 2010, pp.1-6. Sterpone L, Reorda M S, Violante M. RoRA: A reliabilityoriented place and route algorithm for SRAM-based FPGAs. In Proc. PhD Research in Microelectronics and Electronics, Vol.1, July 2005, pp.173-176. Zarandi H R, Miremadi S G, Pradhan D K, Mathew J. SEUmitigation placement and routing algorithms and their impact in SRAM-based FPGAs. In Proc. the 8th Int. Symp. Quality Electronic Design, March 2007, pp.380-385. Huang W, Meyer F, Park N, Lombardi F. Testing memory modules in SRAM-based configurable FPGAs. In Proc. Int. Workshop on Memory Technology, Design and Testing, Aug. 1997, pp.79-86. Golshan S, Bozorgzadeh E. Single-event-upset (SEU) awareness in FPGA routing. In Proc. the 44th ACM/IEEE Design Automation Conf., June 2007, pp.330-333. Sterpone L, Battezzati N. A new placement algorithm for the mitigation of multiple cell upsets in SRAM-based FPGAs. In Proc. Conf. Design, Automation and Test in Europe, March 2010, pp.1231-1236. Graf J. Change detection platform for FPGA trust. In Proc. Government Microcircuit Applications and Critical Technology Conf., March 2011. Baumann R. Radiation-induced soft errors in advanced semiconductor technologies. IEEE Transactions on Device and Materials Reliability, 2005, 5(3): 305-316. Graham P, Caffrey M, Zimmerman J, Sundararajan P, Johnson E, Patterson C. Consequences and categories of SRAM FPGA configuration SEUs. In Proc. the 6th Military and Aerospace Applications of Programmable Logic Devices, September 2003. Wang J J, Cronquist B, McCollum J, Hawley F, Yu D, Chan R, Katz R, Kleyner I. Total dose and SEE of metalto-metal antifuse FPGA. In Proc. the 2nd Military and Aerospace Applications of Programmable Devices and Technologies Conf., September 1999. Rezgui S, Wang J J, Sun Y, Cronquist B, McCollum J. Configuration and routing effects on the SET propagation in flash-based FPGAs. IEEE Transactions on Nuclear Science, 2008, 55(6): 3328-3335. Normand E. Single event effects in avionics and on the ground. Int. Journ. High Speed Electronics and Systems, 2004, 14(2): 285-298. Carmichael C, Fuller E, Fabula J, Lima F D. Proton testing of SEU mitigation methods for the Virtex FPGA. In Proc. Military and Aerospace Applications of Programmable Logic Devices, September 2001. Alderighi M, Casini F, D'Angelo S, Pastore S, Sechi G, Weigand R. Evaluation of single event upset mitigation schemes for SRAM based FPGAs using the FLIPPER fault injection platform. In Proc. the 22nd IEEE Int. Symp. Defect and Fault-Tolerance in VLSI Systems, September 2007, pp.105-113. Aguirre M, Tombs J N, Muñoz F, Baena V, Torralba A J, Fernández-León A, Tortosa-López F. FT-UNSHADES: A new system for SEU injection, analysis and diagnostics over post synthesis netlist. In Proc. the 8th Military and Aerospace Programmable Logic Devices Int. Conf., September 2005. Sterpone L, Violante M. A new analytical approach to estimate the effects of SEUs in TMR architectures implemented through SRAM-based FPGAs. IEEE Transactions on Nuclear Science, 2005, 52(6): 2217-2223. Asadi G, Tahoori M B. An analytical approach for soft error rate estimation of SRAM-based FPGAs. In Proc. the 7th Military and Aerospace Programmable Logic Devices Int. Conf., Sept. 2004. Heron O, Arnaout T, Wunderlich H J. On the reliability evaluation of SRAM-based FPGA designs. In Proc. Int. Conf. Field Programmable Logic and Applications, August 2005, pp.403-408. Schulz S, Beltrame G, Merodio-Codinachs D. Smart behavioral netlist simulation for SEU protection verification. In Proc. the 9th European Conf. Radiation and Its Effects on Components and Systems, September 2008, pp.406-411. Calienes Bartra W, Reis R. SET and SEU simulation toolkit for LabVIEW. In Proc. the 12th European Conf. Radiation and Its Effects on Components and Systems, Sept. 2011, pp.829-836. Gutiérrez D G. Single event upsets simulation tool functional description. Technical Report, TEC-EDM/ DGG-SST2, European Space Agency, 2004. http://microelectronics. esa.int/asic/SSTFunctionalDescription1-3.pdf, Nov. 2014. Bernardeschi C, Cassano L, Domenici A, Sterpone L. Accurate simulation of SEUs in the configuration memory of SRAM-based FPGAs. In Proc. IEEE Int. Symp. Defect and Fault Tolerance in VLSI and Nanotechnology Systems, October 2012, pp.115-120. Bernardeschi C, Cassano L, Domenici A, Sterpone L. ASSESS: A simulator of soft errors in the configuration memory of SRAM-based FPGAs. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014, 33(9): 1342-1355. Kastensmidt F L, Carro L, Reis R. Fault-Tolerance Techniques for SRAM-Based FPGAs. Secaucus, USA: Springer-Verlag New York, Inc., 2006. IBM. SOI technology: IBM's next advance in chip design, January 2000. http://wwwibm.com/chips/bluelogic-/showcase/soi/soipaper.pdf, Oct. 2014. Calin T, Nicolaidis M, Velazco R. Upset hardened memory design for submicron CMOS technology. IEEE Transactions on Nuclear Science, 1996, 43(6): 2874-2878. Carmichael C, Fuller E, Blain P, Caffrey M. SEU mitigation techniques for Virtex FPGAs in space applications. In Proc. Military and Aerospace Programmable Logic Devices Int. Conf., September 1999. Gokhale M, Graham P, Johnson E, Rollins N, Wirthlin M. Dynamic reconfiguration for management of radiationinduced faults in FPGAs. In Proc. the 18th Int. Parallel and Distributed Processing Symp., April 2004, pp.28-38. Heiner J, Collins N, Wirthlin M. Fault tolerant ICAP controller for high-reliable internal scrubbing. In Proc. IEEE Aerospace Conf., March 2008. Hammarberg J, Nadjm-Tehrani S. Formal verification of fault tolerance in safetycritical reconfigurable modules. Int. J. Softw. Tools Technol. Transf., 2005, 7(3): 268-279. Andrashov A, Kharchenko V, Sklyar V, Siora A, Reva L. Verification of FPGA-based NPP I&C systems: General approach and techniques. In Proc. the 19th Int. Conf. Nuclear Engineering in Osaka, October 2011. Traub M, Sander O, Rathner A, Becker J. Generating hardware descriptions from automotive function models for an FPGA-based body controller: A case study. In Proc. MathWorks Automotive Conf., April 2008. http://www.mathworks.it/automotive/macde2008/proceedings/ day2/ 04daimlergenertinghwdescriptionswithhdlcoderpaper. pdf, Oct. 2014. Osterloh B, Michalik H, Habinc S, Fiethe B. Dynamic partial reconfiguration in space applications. In Proc. NASA/ESA Conf. Adaptive Hardware and Systems, July 29-August 1, 2009, pp.336-343. Bernardeschi C, Cassano L, Domenici A. SEU-X: A SEU un-eXcitability prover for SRAM-FPGAs. In Proc. the 18th IEEE Int. On-Line Testing Symp., June 2012, pp.25-30. Bernardeschi C, Cassano L, Domenici A, Sterpone L. Unexcitability analysis of SEUs affecting the routing structure of SRAM-based FPGAs. In Proc. the 23rd ACM Int. Conf. Great Lakes Symp. VLSI, May 2013, pp.7-12.
Copyright 2010 by Journal of Computer Science and Technology