AN 704: FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

Download PDF
ID 683720
Date 9/01/2018
Public
Document Table of Contents
Document Table of Contents x
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification x
About the Functional Safety Separation Flow Work Flows Functional Safety Separation of a Motor Control Design Example Appendix A: Terminology Appendix B: Design Checklist Document Revision History for AN 704: FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification
Work Flows x
Design Creation Flow Design Modification Flow
Functional Safety Separation of a Motor Control Design Example x
Design Considerations Design Creation Flow Using the Design Modification Flow
Design Considerations x
About Safety IP Partitions and LogicLock Regions Assigning I/O Pins Clocks, PLLs and Resets Routing Across Safety IP Partitions
Design Creation Flow x
Design Hierarchy and safety IP partitions Preparing the Design Example in the Intel® Quartus® Prime Software DC Link Monitor safety IP partition Creating a Safety IP partition for the DC Link Monitor and PLL Subsystem Component Creating a Safety IP partition for the PWM Interface Component Creating a Safety IP LogicLock Region for the DC Link Monitor Creating a LogicLock Region for the PWM Interface Creating a Fixed Size and Origin for a LogicLock Region Removing Precomiled Netlists Using the Intel® Quartus® Prime Incremental Compilation Compiling the Design The Fitter Report Exporting Safety IP Partition Generating Safety IP Bitstream Files
Using the Intel® Quartus® Prime Incremental Compilation x
Creating a Partition for the FOC Fixed-Point Component Creating a LogicLock Region for the FOC Fixed-Point Component
Generating Safety IP Bitstream Files x
Generating Complete FPGA Bitstream File
Using the Design Modification Flow x
Changing Nonsafety IP - Changing FOC Algorithm Parameter Adding New Features to Nonsafety IP Importing Safety IP Partition
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

Using the Design Modification Flow

Use this flow if you improve an algorithm, or fix a bug, or add a new feature in the nonsafety IP. For the design modification flow, you may change any of the nonsafety IP partitions of the design if the safety IP partitions remain unchanged. If you need to make any changes to a safety IP partition, you must use the design creation flow.

For example, use this flow to:

  • Change parameters for the FOC algorithm component (algorithm improvement or bug fix).
  • Add a timer component to the Nios II system (adding a new feature).
  1. Change the nonsafety IP partitions of the design.
  2. Import safety IP partitions. Turn on Design Partition Window to ensure the Intel® Quartus® Prime software preserves the the safety IP place and route that it saves in the design creation flow stage.
  3. Recompile the complete design.
    Note: If the Intel® Quartus® Prime assembler gives an internal error message, there may be a mismatch between the safety IP bitstream in the previously generated .sof file and the .sof from the current compilation. If the error is because of a mismatch, move or rename the .sof file to allow you to rerun the assembler without the internal error. You may then continue to run the partial bitstream comparison where the comparison is expected to fail with an explicit message.
  4. Post process the .sof file and .psm files that the assembler generates to create the partially preserved bitstream file for the safety IP regions.
  5. Verify that the Intel® Quartus® Prime software preserves the strictly preserved partition successfully by using the functional safety POF partition verification tool to compare the .ppb file created in the design creation flow and design modification flows for each safety IP partition. 
    sppv --device=<device name from qsf> [<options>] <design creation flow directory>/<partition-name>.rbf.ppb <design modification flow directory>/<partitionname>.rbf.ppb
    Intel includes the functional safety POF partition verification tool in the functional safety data pack but not with the Intel® Quartus® Prime Design Suite
    The verification tool generates a report file named <partition-name> .rbf.ppb.rpt
  6. Alternatively, if you do not have the functional safety POF partition verification tool, compare the MD5.sign checksum files.
    Note: The checksum also covers some device option bits that are legal to change without compromising strict preservation. If these bits change the checksums do not match. In this case, use the functional safety POF partition verification tool to detect the location of the mismatch. Commonly, this mismatch is the Intel® Quartus® Prime auto usercode feature (enabled by default). Use the following .qsf setting to disable the auto usercode feature: 
    set_global_assignment -name USE_CHECKSUM_AS_USERCODE OFF
    The safety assessor may archive the md5.sign checksum file for each safety IP when they initially assess a design creation flow design. To verify that the design modification flow uses the .ppb file that the design creation flow generates, check for a match between the checksum that the functional safety POF partition verification tool reports and the checksum in the .md5.sign file both match The functional safety POF partition verification tool then reports the comparison results between the design creation flow and design modification flow as evidence of strict preservation.
Related Information
Level Two Title