Component-Based Safety Analysis of FPGAs

Component-based and modular software development techniques have become established in recent years. Without complementary verification and certification methods the benefits of these development techniques are reduced. As part of certification, it is necessary to show a system is acceptably safe which subsumes both the normal and abnormal (failure) cases. However, nonfunctional properties, such as safety and failures, are abstraction breakers, cutting across multiple components. Also, much of the work on component-based engineering has been applied to software-based systems rather than field programmable gate array (FPGA)-based systems whose use is becoming more popular in industry. In this paper, we show how a modular design embedded on a FPGA can be exhaustively analyzed (from a safety perspective) to derive the failure and safety properties to give the evidence needed for a safety case. The specific challenges faced are analyzing the fault characteristics of individual electronic components, combining the results across software modules, and then feeding this into a system safety case. A secondary benefit of taking this approach is that there is less uncertainty in the performance of the device, hence, it can be used for higher integrity systems. Finally, design improvements can be specifically targeted at areas of safety concern, leading to more optimal utilization of the FPGA device.

[1]  J. J. Storey From memory to monitor-pixel display architectures , 1992 .

[2]  Jean-Didier Legat,et al.  Enabling certification for dynamic partial reconfiguration using a minimal flow , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[3]  Richard F. Paige,et al.  Probabilistic Failure Propagation and Transformation Analysis , 2009, SAFECOMP.

[4]  Simin Nadjm-Tehrani,et al.  Development of Safety-Critical Reconfigurable Hardware with Esterel , 2003, FMICS.

[5]  Richard F. Paige,et al.  Automated Safety Analysis for Domain-Specific Languages , 2008 .

[6]  L. Sterpone,et al.  A new analytical approach to estimate the effects of SEUs in TMR architectures implemented through SRAM-based FPGAs , 2005, IEEE Transactions on Nuclear Science.

[7]  Jon G. Hall,et al.  Developing critical systems with PLD components , 2005, FMICS '05.

[8]  Iain Bate,et al.  Safe composition of real time software , 2005, Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE'05).

[9]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .

[10]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[11]  Malcolm Wallace,et al.  Modular Architectural Representation and Analysis of Fault Propagation and Transformation , 2005, FESCA@ETAPS.

[12]  Simin Nadjm-Tehrani,et al.  Tool Support for Incremental Failure Mode and Effects Analysis of Component-Based Systems , 2008, 2008 Design, Automation and Test in Europe.

[13]  David de Andrés,et al.  Fault Emulation for Dependability Evaluation of VLSI Systems , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[14]  Yiannis Papadopoulos,et al.  Automating the failure modes and effects analysis of safety critical systems , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[15]  Luigi Carro,et al.  On the optimal design of triple modular redundancy logic for SRAM-based FPGAs , 2005, Design, Automation and Test in Europe.

[16]  Lars Grunske,et al.  A Comparative Study into Architecture-Based Safety Evaluation Methodologies Using AADL's Error Annex and Failure Propagation Models , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[17]  P. Sundararajan,et al.  Consequences and Categories of SRAM FPGA Configuration SEUs , 2003 .

[18]  Simin Nadjm-Tehrani,et al.  Formal verification of fault tolerance in safety-critical reconfigurable modules , 2005, International Journal on Software Tools for Technology Transfer.

[19]  E. Normand Single-event effects in avionics , 1996 .

[20]  D. Weigand,et al.  A Radiation-Tolerant Low-Power Transceiver Design for Reconfigurable Communications and Navigation Applications , 2003 .

[21]  Charles E. Stroud,et al.  Dynamic fault tolerance in FPGAs via partial reconfiguration , 2000, Proceedings 2000 IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00871).

[22]  Peter A. Lindsay,et al.  An Automated Failure Mode and Effect Analysis Based on High-Level Design Specification with Behavior Trees , 2005, IFM.

[23]  Richard F. Paige,et al.  FPTC: Automated Safety Analysis for Domain-Specific Languages , 2008, MoDELS Workshops.

[24]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[25]  Mathai Joseph,et al.  Real-time systems - specification, verification and analysis , 1995, Prentice Hall International series in computer science.

[26]  John A. McDermid,et al.  Analysis and synthesis of the behaviour of complex programmable electronic systems in conditions of failure , 2001, Reliab. Eng. Syst. Saf..