Autonomous driving is just one application example where functionally safe designs are required.
There are several trends in the industry when it comes to functional safety, along with multiple market segments utilizing the specification to help drive engineers to deliver highly reliable and safe applications to the market. In the automotive market, for example, the integration of key sub-systems into single-end devices found in the car like navigation and automated driver assistance systems (ADAS) is growing. There is a need for integrated functional safety due to the greater interaction between people, the car, and the environment. Autonomous driving is just one application example where functionally safe designs are required. FPGAs are a good fit for this application space due to their long lifetimes, high processing bandwidth, and flexibility to integrate many IP technologies.
The need for more processing creates a need for high-speed fabric and higher integration of the sub-systems into a single device, thereby pushing designs to larger devices. To facilitate building functionally safe designs, robust synthesis tools that support defined methods are needed.
With increasing use of FPGAs in critical functions of embedded systems deployed in harsh environments, functional reliability of the FPGA has become paramount. There are many hard and soft errors that can be introduced into the system, which can cause single event upsets in combinational logic. These types of errors can affect registers, logic, memory, and other portions of the FPGA, which can cause serious functional failures of the system; e.g., complete lockup of a state machine. In addition, with shrinking silicon geometries and higher clock frequencies, there is an additional potential to be affected by radiation at elevation. These issues create a need to detect and correct these types of errors before they result in catastrophic errors in the end design.
There are a number of techniques that can be utilized during FPGA design for detection and mitigation of errors, and the systems' requirements will determine which technique -- or combination of techniques -- to use. In addition, there are varying methodologies dependent on the type of FPGAs being used; e.g., radiation hardened, anti-fuse, flash, or SRAM based. These techniques also depend on the type of FPGA resources to be protected such as registers, memories, routing configuration switches, global routes such as clocks, and IO pads.
Figure 1. Internal example of an FPGA device with dedicated blocks enabling different functionality (Source: Synopsys)
When employing redundancy techniques, many FPGA designs need the ability to protect the various FPGA resources using a variety of methods, such as triple modular redundancy (TMR) coupled with Safe FSMs, support for ECC memories and Hamming-3 codes. In addition to these methodologies, it is important to physically separate triplicated logic on the FPGA die. This can help drive a higher level of reliability for the FPGA design since errors effecting one portion of the die will be mitigated by separating the triplicates. SoC FPGAs -- devices that contain hard processor cores in addition to their programmable fabric -- can drive a full system solution by accessing the error-monitoring registers and providing software-driven recovery of the programmable logic. These recovery methods can range from memory scrubbing to a hard reset of the entire system.
Returning to our automotive example above, the overall average lifetime of vehicles is increasing, so automotive OEM manufacturers need to utilize and deploy components that will work reliably for decades. Using a FPGA design tool that automates the implementation of redundancy methods with a single design flow provides designers with the ability to quickly integrate functional safety into their FPGA-based designs, and it also facilitates the porting of their designs across multiple FPGA device technologies as required. Depending on the complexity of the design, teams may save hours or even weeks of design implementation time as compared to manually implementing error detection and mitigation techniques.
Joe Mallett is a senior product marketing manager for the Synplify Pro and Synplify Premier FPGA synthesis software tools at Synopsys. He has 20 years of experience in design and implementation within the semiconductor and EDA industries. Before joining Synopsys, Joe was a senior product marketing manager at Xilinx Semiconductor where he worked to define and launch FPGA products. His background includes SoC design/prototyping, embedded software, HDL Synthesis, IP, and Product/Segment Marketing. Jow holds a BSEE from Portland State University.