



### FPGA Familiarization (Introduction to Field Programmable Gate Arrays)

36th International System Safety Conference Phoenix, AZ Thursday, August 16, 2017

Charles Fulks fpga@irtc-hq.com

Approved for public release; distribution is unlimited. (Last edit: 2018-07-05)

INTUITIVE ©, ITS...INTUITIVE ©, and our lighthouse logo are all Registered Trademarks of Intuitive Research and Technology Corporation. © 2016 Intuitive Research and Technology Corporation. All Rights Reserved.

## Presentation Outline

- 1 What is Digital Design?
- 2 What is an FPGA?
- **3** Manufacturers and Tools
- 4 Quality Indicators
  - Development Process
  - Management
  - Technical
- 5 Fault Tolerance
- 6 Concluding Thoughts

Research and Technology www.irtc-hq.com

### **Class Information**

#### Abstract

Field Programmable Gate Arrays are becoming ubiquitous is electronics. Many people misunderstand the nature of these devices and confuse their development with software development. This session introduces Field Programmable Gate Array (FPGA) technology and development. This is intended for engineers and management who need to understand FPGAs, but who do not intend to personally develop FPGA designs.

The attendee will leave with a solid foundation of FPGA technology, development process, and management. They will also have basic knowledge of common errors and indicators of design quality (red flags).

#### Disclaimer

This presentation is not meant as a stand-alone document, and cannot be used effectively without the accompanying verbal discussion.

#### Page 3 of 65

### Introductions

#### Curriculum Vitae

Charles Fulks leads the FPGA development group for Intuitive Research and Technology Corporation (www.irtc-hq.com). With over 20 years in the embedded / high reliability industry, Charles works with a number of different technologies. However, his focus over the past decade is primarily Field Programmable Gate Arrays (FPGA) and embedded digital design. He has patented FPGA related technology. He holds a MSEE degree from the University of Central Florida and is a Senior Member of the IEEE. Charles has trained numerous design engineers, is a regular speaker at several conferences, and has presented on the topic of FPGA design internationally. He was interviewed for EE Web's Featured Engineer column.

We develop opinions based on our personal experience (and reading). Experience is usually field related. The opinions developed in academia are therefore necessarily different from those developed in a safety critical environment. The opinions expressed in this paper are those of an engineer, experienced in FPGA design in a high reliability field. Your mileage may vary.



Page 4 of 65

### Fundamentals

- What is an FPGA?
  - A place to implement a digital design.
- Then, what is digital design?

This discussion is intended as a brief introduction to the field of digital circuit design; not a comprehensive overview.



## Analog Signals

- "Real world" signals
- Continuous range of values
- Sensitive to noise





## **Digital Signals**

- Digital computer signals
- Discrete (discontinuous) values; either '1' or '0'
- Easier to turn a circuit on or off than to hold an analog value
- Much less sensitive to noise



Page 7 of 65 What is Digital Design?

### **Binary Numbers**

- The value of a bit depends on it's position
- Hexadecimal is a group of 4 bits
- We use A F for 11 15

| 2 <sup>3</sup> | 2 <sup>2</sup> | 2 <sup>1</sup> | 2 <sup>0</sup> | Decimal | Hex |
|----------------|----------------|----------------|----------------|---------|-----|
| 8              | 4              | 2              | 1              |         |     |
| 0              | 0              | 0              | 0              | 0       | 0   |
| 0              | 0              | 0              | 1              | 1       | 1   |
| 0              | 0              | 1              | 0              | 2       | 2   |
| 1              | 0              | 0              | 1              | 9       | 9   |
| 1              | 0              | 1              | 0              | 10      | А   |
| 1              | 0              | 1              | 1              | 11      | В   |
| 1              | 1              | 1              | 1              | 15      | F   |

www.irtc-

## Logic Functions

| Α | В | AND | NAND | OR | NOR | XOR |
|---|---|-----|------|----|-----|-----|
| 0 | 0 | 0   | 1    | 0  | 1   | 0   |
| 0 | 1 | 0   | 1    | 1  | 0   | 1   |
| 1 | 0 | 0   | 1    | 1  | 0   | 1   |
| 1 | 1 | 1   | 0    | 1  | 0   | 0   |



Page 9 of 65 What is Digital Design?

# **Binary Addition**

Half-Adder

| Α | В | A+B | Carry |
|---|---|-----|-------|
| 0 | 0 | 0   | 0     |
| 0 | 1 | 1   | 0     |
| 1 | 0 | 1   | 0     |
| 1 | 1 | 0   | 1     |

Clock Synchronous Circuit

Add registers to control timing

#### A CE Sum CE AND CE CE CE CE CE CE CE CE CE



Page 10 of 65 What is Digital Design?

### What is Digital Design?

#### Key Points

- Digital design is the design of circuits that process digital (binary) signals.
- The clock is the "heartbeat" of the digital circuit.

#### Why digital signals?

It is easier to get an electronic device to switch into one of a number of known states than to accurately reproduce a continuous range of values.



### Key Points to Remember

These are the key points to remember regarding FPGA technology. Worldwide Standards — we are not inventing processes An FPGA is digital design — it requires digital design skills An FPGA is not software — although design complexity is similar Avoid the term "firmware" — "firmware" is ill-defined



## Language of FPGA Technology

| Term                | Definition                                                                             |
|---------------------|----------------------------------------------------------------------------------------|
| PLD                 | Programmable Logic Device                                                              |
| CPLD                | Complex Programmable Logic Device                                                      |
| FPGA                | Field Programmable Gate Array; the most com-<br>mon PLD                                |
| SoC                 | System-on-Chip; a silicon device that includes 1 or more processor cores with the FPGA |
| Complex Electronics | A term used to describe any electronic device that cannot be comprehensively tested.   |

Page 13 of 65 What is an FPGA?

## Industry Standards

Federal Aviation Administration

#### RTCA DO-178

"Software Considerations in Airborne Systems and Equipment Certification"

#### FAA Advisory Circular 20-152 recommends RTCA/DO-254

Excerpt from RTCA/DO-254 Design Assurance Guidance For Airborne Electronic Hardware:

- A hardware item is identified as simple only if a comprehensive combination of deterministic tests and analyses appropriate to the design assurance level can ensure correct functional performance under all foreseeable operating conditions with no anomalous behavior.
- When an item cannot be classified as simple, it should be classified as complex.

## Industry Standards

NASA

#### Assurance Process for Complex Electronics

www.hq.nasa.gov/office/codeq/software/ComplexElectronics/index.htm

- Complex electronics are programmable devices that can be used to implement specific hardware circuits. The devices that are included under the label of complex electronics are: CPLD, FPGA, ASIC...
- In the term complex electronics, the complex adjective is used to distinguish between simple devices, such as off-the-shelf ICs and logic gates, and user-creatable devices.

"Note that firmware (which is essentially software stored on a readonly device) is not considered complex electronics. The integrated circuit (e.g. EPROM) is simple electronics. The program stored in that device is software, which has a defined assurance process in place."

Page 15 of 65 What is an FPGA?

## FPGA Evolution - Overview

#### We started with hardware

A new algorithm required re-wiring the system

### Then we invented software

- The algorithm is independent from the physical hardware
- Complexity of software is very high with respect to hardware
- Developed a process to ensure quality

#### Then we invented programmable logic (FPGAs)

- **The digital design** is independent from the physical hardware
- Digital design complexity is on par with software
- Need to follow a process to ensure quality



## FPGA Device Description

#### **FPGA** Characteristics

- An FPGA is a generic, blank digital device
- It has many of each type of element but they are not movable

### FPGA Elements

- Logic elements (LE)
- "Banks" of IO Blocks
- Multipliers
- Block RAM
- Clocking resources
- Silicon IP
- Routing resources



Page 17 of 65 What is an FPGA?

#### Research and Technology www.irtc-hq.com

## What can you do with an FPGA?





### FPGA Design Capture

Schematic (obsolete)

Hardware Description Languages (HDL)

```
p_reg_a : process( clock )
begin
    if rising_edge( clock ) then
        if ( reset = '1' ) then
            reg_a <= (others=>'0');
        else
            reg_a <= i_reg_a;
        end if;
    end if;
end process p_reg_a;</pre>
```



Key Point: FPGA design is not software development; FPGA design is digital design. It requires the digital design skill set.

Page 19 of 65 What is an FPGA?

Case Study — Input Debouncer

Hardware Description Language (VHDL)

```
library ieee;
 use ieee.std_logic_1164.all;
entity debounce is
port (
  discrete_in : in std_logic;
  discrete_out : out std_logic;
  ce : in std_logic;
  clock : in std_logic;
  reset : in std_logic
);
end debounce;
architecture debounce_arch of
    debounce <mark>is</mark>
  signal sample
                  : std_logic_vector
      (3 downto 1);
  signal all_high : std_logic;
  signal all_low : std_logic;
begin
  p_sample : process (clock)
  begin
   if rising_edge(clock) then
     if (reset = '1') then
        sample <= (others => '0');
```

```
elsif (ce = '1') then
      sample(1) <= discrete_in;</pre>
       sample(2) <= sample(1);</pre>
       sample(3) <= sample(2);</pre>
     end if;
    end if;
 end process;
 all_high <= '1' when sample = "111
      " else 'O'; -- AND Gate
 all_low <= '1' when sample = "000
       " else '0'; -- NOR Gate
 p_discrete_out : process (clock)
 begin
   if rising_edge(clock) then
     if (reset = '1') then
       discrete_out <= '0';
      elsif (all_high = '1') or (
           all_low = '1') then
       discrete_out <= all_high;
     end if;
   end if;
 end process;
end debounce_arch;
```



INTUITIVE

www.irtc-hq.com

# Case Study — Input Debouncer

#### Debouncer Logic Diagram



The synthesizable subset of VHDL describes digital logic circuits.

#### Page 21 of 65 What is an FPGA?

## Case Study — Input Debouncer

How do you realize the debouncer design?

### Discrete Logic Circuit Board





# Case Study — Input Debouncer

How do you realize the debouncer design?

#### Application Specific Integrated Circuit (ASIC)

On a silicon wafer, place transistors that combine to form 4 flip-flops and 3 gates (design and fabricate a custom IC).

• Unchangable  $\rightarrow$  Significant NRE invested in a single product



## Case Study — Input Debouncer

#### Create a generic "Logic Element" (LE)

- Comprised of a 16-bit memory (LUT), a flip-flop, and a multiplexer
- The values stored in the memory and control bits determine the function

| QO, | Q1, | Q2 | refer | to | the | debouncer | logic | diagram |
|-----|-----|----|-------|----|-----|-----------|-------|---------|
|-----|-----|----|-------|----|-----|-----------|-------|---------|

| <b>Q</b> 0 | <b>Q</b> 1 | Q2 | D | CE |
|------------|------------|----|---|----|
| 0          | 0          | 0  | 0 | 1  |
| 0          | 0          | 1  | 0 | 0  |
| 0          | 1          | 0  | 0 | 0  |
| 0          | 1          | 1  | 0 | 0  |
| 1          | 0          | 0  | 0 | 0  |
| 1          | 0          | 1  | 0 | 0  |
| 1          | 1          | 0  | 0 | 0  |
| 1          | 1          | 1  | 1 | 1  |
|            |            |    |   |    |



Page 24 of 65 What is an FPGA?

 $D = 0 \times 0080$ ,  $CE = 0 \times 0081$ 

# Case Study — Input Debouncer

How do you realize the debouncer design?

### FPGA Synthesis

- Develop equations for each logic element
- Connect logic elements with routing resources
- The synthesis tool automates this
- The designer must be aware of how the HDL is implemented
- There are many inputs to the synthesis tool other than HDL
  - Pin assignments
  - Timing information
  - Tool settings
  - etc.

Page 25 of 65 What is an FPGA?

## Case Study — Input Debouncer

Synthesis Process

| Term                  | Definition                                                                                             |
|-----------------------|--------------------------------------------------------------------------------------------------------|
| Synthesize            | Generate a netlist from the HDL                                                                        |
| Translate             | Reduce the design to "primitives" specific to the FPGA manufacturer                                    |
| Мар                   | Select available logic blocks to implement logic in the netlist                                        |
| Place and Route (PAR) | Select specific logic blocks on the physical FPGA silicon and select routing resources to connect them |
| net                   | A wire                                                                                                 |
| netlist               | The list of all wires and their connections in a design                                                |
| bitstream             | The programming file used to configure an FPGA                                                         |





Page 27 of 65 What is an FPGA?

## A Comparison between software and FPGA design...

Apples and Oranges — Both are grown in orchards, but...

- FPGAs and Software are fundamentally different things
- They require fundamentally different skill sets
- The level of design complexity is similar
- They require an almost identical development process
  - Revision control
  - Design phases
  - Review phases
  - Simulation
  - Integration



## Manufacturers



## Vendor Tools



- Microsemi Libero (www.microsemi.com)
- Xilinx Vivado (www.xilinx.com)



### Languages

#### Design

VHDL, Verilog

■ Tool Control Language (TCL)

#### Simulation

System Verilog UVM (Universal Verification Methodology)

NTUITIVE

VHDL (using http://osvvm.org/ framework)



## Notional Minimum Development Process



#### How much process?

- Use a level of process appropriate for the criticality of the design too much process fosters avoidance
- Give the design team the authority to modify the process where needed with appropriate justification and oversight



Quality Indicators Development Process

Quality Indicators

#### Key points

- You cannot completely test an FPGA design. Adherence to a good process helps ensure a level of quality.
  - The same is true of software
- There is more to the story than the source code. A process provides a disciplined and documented way to capture critical design artifacts.

#### Warning!

If the vendor gives you nothing but the bitstream you have little or no ability to modify, update, or analyze the design

### Key Point

FPGA requirements must be well matched to the FPGA capabilities

"How will I know when I'm done?"

- Technical lead reviewed "prioritized feature list"
- Models for all signal processing algorithms

#### Requirements change?

- All projects encounter requirements changes
- These adversely affect schedule, cost, and quality
- Closing the loop eliminates requirements changes due to misunderstandings

Page 36 of 65 Quality Indicators

Process Documentation

### Design document versus "As-Built" document

- "Think, then act" as opposed to "Act, then describe what we seem to remember about the design if we have the time"
- The digital design must be well defined prior to attempting to capture it in HDL.
- The level of detail is debatable; however, if you cannot describe your design with timing diagrams, block diagrams, and some text, how can you expect to describe it with HDL accurately?



#### Peer reviews (desk check)

- A working review finds errors early in the design cycle; avoiding later changes that may compromise quality
- Requires enough staff and schedule for other qualified engineers to take time to review co-worker's design

#### Change request log

The quality of a good design that requires many changes is likely to suffer

Page 38 of 65 Quality Indicators

## Process

Design Capture

#### Capture HDL from a design document

- Design prior to coding vs. designing while coding
- Avoid the myth of "self-commenting code"; the code tells me what it does, not what it is supposed to do.

#### HDL Coding Standard Guidelines

- Enforce the use of HDL techniques that reduce the probability of error
- INTUITIVE's VHDL Capture Guideline is available free

#### Key point

HDLs and simulators make it easy to substitute action for thought; Design first, then code!

#### Functional simulation

- Proves that the HDL embodies the design correctly
- Absolutely necessary in every design

#### Lint warnings

Warnings regarding legal, but inadvisable HDL syntax

#### Post synthesis, post place & route simulation

- Verifies that the synthesis tool did not unexpectedly add, remove, or change the implementation the designer described
- Recommended, but seldom available because the necessary models are unavailable

#### Page 40 of 65 Quality Indicators

### Process

Scripts

#### Simulation and synthesis should be run using (TCL) scripts

- The script captures the required steps to build (or rebuild) a project
- Eliminates errors due to forgetting build steps
- Frees the engineer to think about the design instead of focusing on the mundane tasks
- Facilitates future use of the design

#### Script Benefits

- Facilitates design understanding in the future...
- Frees the engineer from the equivalent of hourly typing quizes



#### Importance of Revision Control

"If you're not using revision control, just stop developing; it's not worth your time." — Jack Ganssle

#### Revision Control Goals

- Should be able to reproduce the design
  - Design documents
  - Source HDL, constraints (pin locations, timing, etc)
  - Scripts
  - Test bench
- And reproduce the design environment
  - OS, OS patches
  - Tools, tool license

Page 42 of 65 Quality Indicators

## Management Experience

#### Understanding, Commitment, Staffing

- What is the level of management's understanding of FPGA technology?
- What is the level of commitment to:
  - An informed FPGA design process
  - Design team training
- Design team staffing
  - Understaffed teams skip process steps
  - This leads to avoidable errors



#### Independent Review

An IV&V team, at least as competent as the FPGA design team, should review the requirements, design document, HDL, simulation, etc.

On large projects, the simulation effort takes twice the effort of the design effort.

Specialized tools (System Verilog, VHDL OSVVM)



## Design Team Experience

#### FPGA design is digital circuit design

Writing reliable, synthesizable, efficient, synchronous HDL for FPGAs requires knowledge of digital design techniques

#### HDLs are not software programming languages

- Quality will suffer if the design team does not have a strong digital design background and/or relevant training.
- In HDL form or schematic form, digital design is still digital design
  - Interface to input and output circuits (including analog effects)
  - Timing margins
  - Synchronous vs. asynchronous
  - Metastability and re-clocking



There are many quality indicators, these are the heavy hitters.



- Reset source
- Reset synchronization
- Clock domains
- Synchronous design
- Finite state machines

#### Tool Usage

- Timing report
- Synthesis warnings



Page 48 of 65 Quality Indicators

# Design Techniques

Reset Synchronization

#### Reset source and synchronization

- Reset must be removed synchronously with the clock to avoid intermittent metastability failures
  - "Asynchronous & Synchronous Reset Design Techniques Part Deux", Cummings et. al., Sunburst Design
  - Xilinx white paper 272

#### MAPLD 2004 (NASA Office of Logic Design)

"Unintended operation or lockup of finite state machines or systems may result if the flip-flops come out of reset during different clock periods. There is a potential for one or more uncontrolled metastable states. Therefore, only reset circuits that [attempt to] remove power on reset synchronously should be considered in hi-rel applications."

### Digital Design Clocking Rules

**1** Only use one clock!

2 When you need more than one clock, only use one clock!

Seriously...

FPGAs frequently have multiple clocks

- Each clock domain is synchronous to one clock
- Clock domain crossing is a critical design detail

Page 50 of 65 Quality Indicators

## Design Techniques

Synchronous design

#### FPGAs require synchronous design practices

Asynchronous circuits will cause intermittent failures

#### Synchronous design rules

- All data are passed through combinatorial logic and flip-flops that are synchronized to a single clock.
- Delay is always controlled by flip-flops, not combinatorial logic.
- No signal that is generated by combinatorial logic can be fed back to the same group of combinatorial logic without first going through a synchronizing flip-flop.
- Clocks cannot be gated; clocks must go directly to the clock inputs of the flip-flops without going through any combinatorial logic.
- Do not clock entities or processes with outputs of other entities or processes.

Ref: "Introduction to CPLD and FPGA Design", Bob Zeidman, Zeidman Consulting



## Design Techniques

State Machines

#### Disclaimer

A thorough discussion of Finite State Machines (FSM) is on the order of a semester long graduate level course.



# Design Techniques

State Machines

#### Reasonable complexity of Conventional FSMs

- A good rule of thumb is no more than 20 "complex" states
- Break large state machines into several smaller ones
- Think about the complexity of the next state equation the tool will have to develop
- Think about your understanding of the design and the complexity of the implementation

#### HDL Capture of FSMs

Naive HDL for a 12-bit one-hot encoded FSM may have thousands of undefined states!



## Timing Report



## Synthesis Tool Warnings

#### Intellectual Property (IP)

- Vendor provided IP notoriously produces many warnings
  - There may be a few critical warnings in thousands of mundane warnings
- Vendor IP can lead to several issues
  - License restrictions, obsolescence, support, etc.

#### No "Inferred Latch" warnings

- This is the tool telling you that you have not completely defined your intent.
- In order to provide the described behavior, the tool must insert a memory element (latch) where the designer did not request one.
- This is at the same level of concern as an IRS audit

### Configuration Protection

Types of Errors

#### Non-critical Errors

The majority of configuration errors have no effect on the functionality of an FPGA.

 An error that connects one end of an unused routing resource has no effect.

#### Critical Errors

An error that modifies design memory (BRAM) contents or the function of a LUT is critical.

A criticality map is generated by the tools.



## **Configuration Protection**

Types of FPGAs

#### Volatile (SRAM) FPGA

FPGA Configuration is stored in static memory (SRAM). The configuration bitstream must be loaded at each power cycle.

### Non-Volatile FPGA

FPGA Configuration is stored in non-volatile memory and is retained across power cycles.

- Flash memory based devices and be configured multiple times.
  - Some devices have distributed Flash memory at each node
  - Some devices are SRAM FPGAs with Flash memory on-chip
- Anti-fuse devices can be configured once.



## Fault Tolerant Design



# Configuration Protection

Xilinx

#### Configuration memory

Xilinx Soft Error Mitigation (SEM) Core

- Perform SEU detection, correction, and classification
- Perform emulation of SEUs by injecting errors into configuration memory

#### Design Elements

User design can use Block Memory (BRAM) Error Correction Code (ECC) to detect and correct BRAM errors.

# Configuration Protection

Intel PSG (Altera)

#### Configuration memory

- Computes CRC for each CRAM frame
- CRC error detection engine provides the location of an SEU
- Allows error injection to simulate SEU events



### Fault Tolerant Design Radiation Upset

**Single Event Upsets (SEUs)** occur when high-energy ionizing particles, such as heavy ions, alpha particles or protons, pass through an integrated circuit causing a disruption in the system logic.

**Single Event Latch-Up (SEL)** is a condition that causes loss of device functionality due to a single-event-induced high current state. A SEL may or may not cause permanent device damage, but requires power strobing of the device to resume normal device operations.



## Fault Tolerant Design

Radiation Upset



Fault Tolerant Design

### Ancillary Components

- FPGA Power supply
- Communication circuits
- etc.



## Concluding Thoughts

### Questions?

## Key Points

- FPGA design is digital logic circuit design
- The FPGA designer must follow a good design process to get good results
- The designer must be aware of how the HDL is physically implemented
- Functional simulation is required for every design
- There are many free resources and tutorials available

Page 64 of 65 Concluding Thoughts

## Further Reading I

