Dependable Design Flow for Protection Systems using Programmable Logic Devices

Programmable Logic Devices (PLD) such as Field Programmable Gate Arrays (FPGA) are becoming more prevalent in protection and safety-related electronic systems. When employing such programmable logic devices, extra care and attention needs to be taken. The final synthesis result, used to generate the bit-stream to program the device, must be shown to meet the design’s requirements. This paper describes how to maximize confidence using techniques such as Formal Methods, exhaustive Hardware Description Language (HDL) code simulation and hardware testing. An example is given for one of the critical functions of the Safe Machine Parameters (SMP) system, used in the protection of the Large Hadron Collider (LHC) at CERN. CERN is also working towards an adaptation of the IEC- 61508 lifecycle designed for Machine Protection Systems (MPS), and the High Energy Physics environment, implementation of a protection function in FPGA code is only one small step of this lifecycle. The ultimate aim of this project is to create generic techniques and methods applicable to any PLD based system requiring a rigorous implementation and verification.