The V V process of the FPGA development
The V&V process of the FPGA development includes equivalence checking (Huang and Cheng, 1998, Huang et al., 2000, Kuehlmann and Krohm, 1997, Kuehlmann et al., 1995, Burch et al., 1994) as well as the simulation techniques. The equivalence checking can prove that two given designs have the same functionality, i.e., “whether they show the same behavior for all possible input sequences.” For example, it AZD8186 can prove that an RTL design and the gate-level design synthesized from the RTL design always show the same behavior. As the synthesis and optimization of EDA tools becomes increasingly sophisticated, we may encounter various unintended and unexpected behavior of FPGA designs. The equivalence checking can help us ensure that the synthesis or optimization worked correctly.
The COTS SW dedication All software which were not developed in accordance with 10CFR50 App.B or NQA-1 certification should be first dedicated by EPRI NP-5652/TR-106439 to be used directly in digital I&Cs or indirectly to develop (e.g., compile, synthesis, testing, et. al.) other directly-used software. They try to verify the software through appropriate processes and methods, and demonstrate that the software can be regarded as the same one developed in accordance with 10CFR50. EPRI NP-5652 set up dedication guidelines about commercial mechanical/electrical items, and EPRI TR-106439 added guidelines for software-based digital equipments (e.g., PLC). These EPRI reports, however, do not distinguish direct and indirect software specifically. TR-1025243 has been recently proposed to supplement them with the judgment criteria for indirect COTS SW. NUREG/CR-6421 is a guideline for COTS software in nuclear power plants and considers indirect software in details, but it has no common position yet.
The acceptance process and evaluation criteria for indirect COTS SW This paper proposes an acceptance process and evaluation criteria, i.e., ‘dedication process’, for not only direct COTS SW but also indirect ones such as FPGA logic synthesis tools which are being used to develop FPGA-based digital I&Cs. It keeps pace with EPRI NP-5652/TR-106439. Detailed acceptance criteria and acceptance methods will be selected as the reports, but the acceptance criteria are now strengthened with the ones based on ‘safety category’ which we adopted and modified from NUREG/CR-6421. Since NP-5652/TR-106439 uses critical characteristics (e.g., physical, performance and dependability) as the information source of acceptance criteria, vasectomy provides only ambiguous guidelines to determine the acceptance. We now have specific and clear criteria for each safety category like A, B and C, and the determination of acceptance will be more objective and verifiable. Fig. 6 overviews the extended and refined dedication process, consisting of four parts: 1. Basic Analysis, 2. Identifying Acceptance Criteria, 3. Determining Acceptance Methods, and 4. Dedication.
Case study This section performs a case study with an indirect COTS SW, which are widely used to develop a new FPGA-based digital I&C in Korea (Choi and Lee, 2012) and also should be dedicated before long. The indirect COTS SW to dedicate is a FPGA logic synthesis tool ‘Synopsys Synplify Pro (Synopsys, 2015)’ used embedded in ‘Actel Libero SoC’ EDA (Microsemi Libero SoC, 2015) as shown in Fig. 7. The FPGA logic synthesis software plays an important role in the FPGA development as explained in Fig. 1, since it translates an RTL design to an equivalent gate-level design without human intervention. Its correct operation is a preliminary prerequisite for the safety of FPGA-based digital I&Cs. We tried to dedicate the indirect COTS SW in accordance with the proposed evaluation criteria and acceptance process in the order named.
Related work Table 7 reviews additional standards and technical reports for CGI (Commercial Grade Item) dedication. EPRI TR-017218 (1999) provides the guidelines on sampling COTS HW. It can be used to determine the number of samples to apply special tests. EPRI NP-6406 (1989) and TR-1008256 (2006) are supplementary guidelines for technical evaluation, and they consist of the first half of NP-5652. They also provide examples about performing technical evaluation for direct COTS SW and HW. TR-112579 (2000) provides seismic critical characteristics and assurance means to verify them. Its main target is direct COTS HW like PLC-based systems.