Scribd
Upload
176 views45 pages

NewTec's FPGA Functional Safety Solutions

The document discusses functional safety design on FPGAs. It provides an overview of NewTec, a company that specializes in functional safety and embedded security services and products. NewTec offers training, consultation, and various products to help customers develop safe and secure systems. The document then discusses examples of implementing safety in motor control systems using techniques like lockstep processors and dual-channel architectures to provide hardware diagnostics and meet safety standards.

Uploaded by

張偉勝
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
176 views45 pages

NewTec's FPGA Functional Safety Solutions

The document discusses functional safety design on FPGAs. It provides an overview of NewTec, a company that specializes in functional safety and embedded security services and products. NewTec offers training, consultation, and various products to help customers develop safe and secure systems. The document then discusses examples of implementing safety in motor control systems using techniques like lockstep processors and dual-channel architectures to provide hardware diagnostics and meet safety standards.

Uploaded by

張偉勝
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Safety design on FPGA‘s

Elmer Chiang,

BD Director, AP Sales & Marketing


TUV R. Certified Fuctional Safety Engineer

Folie 1
Who is NewTec?
A Brief Profile

Folie 2
Vision & Mission

We make the world safer!

Folie 3
Story of Initiation

NewTec GmbH Complete System Global and


Engineering office Provider NewTec cross-sectoral experts
is founded continues to expand for Functional Safety
and Embedded Security

1986 1995 2007 2017

F900_0717 Folie 4
Toward a successful future

In the near future, interconnected and automated systems will dictate the
market. Their reliability will be the basis for the success of your business.

Folie 5
How does NewTec work?
Customer Benefits

Folie 6
NewTec Service Portfolio

Strengthening your market position by availing of the


innovation and technology impulses from NewTec

Services Faster product launch and reduced development costs


thanks to the wide range of expertise that NewTec offers

Training & Risk minimization thanks to maximum transparency,


Consultation integration in your processes and successful project
management

High level of safety and security expertise with respect


to development processes and global safety standards
Products
Ensuring competitiveness by reliably protecting your
sensitive data

Folie 7
NTSafetySolutions

Safe Products – fast and efficient:


Risk management, ensure safety,
managing SIL

Services

Training &
Consultation

Products

F900_0717 Folie 8
NTSafetySolutions

Training & Consultation

• Varied range of seminars


for functional safety in Expert services to do Managed Services
practice with all aspects of product in Product Lifecycle
• Safety workshops for development
individual customers
• Safety management assessment • Safety system development
• Safety risk assessment • Safety engineering
Products, e.g. • Safety requirement analysis • Safety software development
• Licensing strategy • Safety hardware development
• SafeFlex – Reference platform • Safety planning • Integration, verification &
for safety development • Safety concept validation
• NTSafeDrive – Safety module for • Concept examination • Documentation & traceability
drives • Functional safety management
• NTSafePLC – Safe PLC basis-platform
for industry applications

F900_0717 Folie 9
NTSecuritySolutions

Embedded Security:
Protection against sabotage attacks and
external manipulation

Services

Training &
Consultation

Products

F900_0717 Folie 10
NTSecuritySolutions

Training & Consultation Expert services to do with Managed services


all aspects of product in product lifecycle
• Varied range of seminars development
relating to embedded
security • Security risk assessment • Continuous examination of weak
• Security workshops for • Security requirement points due to new threats
individual customers analysis • Continuous examination of
• Security concepts conformity with current safety
• Penetration tests standards
Products, e.g.
• Security robustness tests • Continuous maintenance of the
• Statistical code analysis safety requirement wanted
• NTSecureCloudSolution
• Incident management
• NTSecurePOS
• Obsolescence management for
safety-relevant system parts

F900_0717 Folie 11
NewTec Product and System Development

Complete Lifecycle of the


Product Engineering

• Requirements
• Design
• System development
• Software development
• Hardware development
• Mechanics
• Testing

F900_0717 Folie 12
Why Smart Watchdog/Challenge

• Processor Suppliers deliver Systems with Lockstep Processor and


System Basis Chip
• Intel PSG to provide SIL3/SIL4 ready systems with Max 10 System Basis
Chip

F900_0717 Folie 13
Example of Motor Control System

Control algorithm Low level motor control


implemented on NIOS II implemented in FPGA
Softcore processor logic

Industrial Ethernet Encoder Interface

communication
Implemented on NIOS II
Softcore processor Drive Control PWM Power Stage

IE Stack
Industrial
Ethernet
MAC

Motor Encoder

F900_0717 Folie 14
Example of Motor Control System with Safety

Safety encoder considered


Safety critical software black channel communication
Safety Processing Emergency Shut Off

Safety processing Communicaton


Safety
Encoder
Encoder Interface

Drive Control PWM STO Power Stage

IE Stack
Industrial
Ethernet
MAC

Industrial Ethernet considerd


as black channel communication Motor Encoder

F900_0717 Folie 15
Different ways to implement safety

• 1 standard MCU is used for drive controls


• 2 “safe” MCU’s are used for safe communication and safe stop functionality

F900_0717 Folie 16
Different ways to implement safety

• Safety designs require diagnostics to be run periodically to ensure safety


function is functioning correctly. For a processor this generally requires
Software Test Libraries (STL’s)
• STL’s used to test processor functionality in addition to rest of
system

F900_0717 Folie 17
Different ways to implement safety

• Disadvantages of STL’s
• Running STL’s consume essential processing MIPS
• STL’s are often destructive and require system context to be Saved
before running Restored after running
• Alternative to provide hardware realtime diagnostics via Lockstep
processor implementation or two channel solution

F900_0717 Folie 18
Different ways to implement safety

• Provide hardware realtime diagnostics via Lockstep processor


implementation
• Provide hardware realtime diagnostics via Smart Watchdog (Two channel)
Redundancy

F900_0717 Folie 19
What is a lockstep processor….

HFT 1

• It is not 1oo2 system


• It is a processor with hardware diagnostics
• Diagnostics provided by 2nd slave processor and comparator

F900_0717 Folie 20
What is a lockstep processor….

SFF (Safe Failure Hardware Fault Tolerance


Fraction)
0 1 2
<60% Not Allowed SIL1 SIL2
60% - <90% SIL1 SIL2 SIL3
90% - <99% SIL2 SIL3 SIL4
≥99% SIL3 SIL4 SIL4

• STL may achieve 70% DC


• Limits safety capability to SIL1/2
• Lockstep capable of achieving >99%
• Enables SIL3/4 capability
F900_0717 Folie 21
Safe Processor Architecture

NIOS II NIOS II

Comparator

CRC
Program RAM Data RAM Timers Mailbox
Calculator

IP Safety Protocol
F900_0717 Folie 22
Different ways to implement safety

Safe processor & peripherals is safety critical


• Implement using LockStep processor
• >99% DC
• Reduces need for STL -> more performance for safety application
• ECC for program/data RAM
• 90% DC

F900_0717 Folie 23
Different ways to implement safety

• STL (limited) for


• Timers
• Interrupts
• Bus infrastructure
• CRC Calculation
• Accelerate CRC calculations for Safe IE
• Clock Checker
• Check clock network/PLL

F900_0717 Folie 24
Smart Watchdog vs Lockstep

• LockStep processor >99% DC


• For all other components a DC >99% must be proven
• Single Chip needs additional “system basis chip”
• To detect common cause failures of single chip
• Monitoring and test of power monitoring
• Clock Watchdog

F900_0717 Folie 25
Smart Watchdog Concept

Smart Watchdog as Monitor


• Pre-configured NIOS II processor to supervise program flow and correct
data
• Power Supply
• Design guideline for discrete design of power monitor
• IP Core to test power supply monitor
• Window Watchdog
• Enhanced safety block associated with fail-safe output
• SPI Interface
• Flexible Safe I/O

F900_0717 Folie 26
Challenge

• SIL3 with least possible effort on customer side


• „safetify“ existing systems
• Pre-Integrate Diagnostics

F900_0717 Folie 27
Smart Watchdog Concept

Input Processing Output

monitoring

Processing

F900_0717 Folie 28
Solution Smart Watchdog Concept

F900_0717 Folie 29
Smart Watchdog Concept

• Intel FPGA as Customer-Application-FPGA


• MAX10 FPGA as Smart-Watchdog
• Power Supply Design including Power Supply Monitoring

F900_0717 Folie 30
Smart Watchdog Concept

• Integrated IP-Cores for


• Safe RAM
• Safe ROM
• Safe Clock
• Diagnostic Communication
• IP-Cores on demand for
• Safe Digital Inputs
• Safe Digital Outputs
• Safe Ethernet Communication

F900_0717 Folie 31
Smart Watchdog Concept

• Integrate Safety in existing Systems


• Pre-configured Diagnostics with IP-Cores
• Simple Safety-Application in Smart Watchdog FPGA
• Less effort in Engineering
• Very short Time-to-Market
• Safe I/O, communication, memory just by using the concept
• Safety-Manual

F900_0717 Folie 32
Demonstration

STO

Realisation of Safe Torque Off according to


DIN EN 61800-5-2 with SafeFlex

F900_0717 Folie 33
Safety Concept
HW System Architecture
Sensor Logic Actuator
Introduction

• SAFEFLEX: Hardware Architecture


Demonstration System Architecture

SafeFlex+ Diagnostic Measures

Power Supply

Power Supply
Monitor
Cyclone 5 SoC SOM

DSI 1 DS0 1

DSI 2 DS0 2

DSI 3 DS0 3

DSI 4 watchdog DS0 4

DSI 5
TS0 1
DSI 6
TS0 2
MAX10 SOM

RAM for
Blackchannel

Ethernet Ethernet

F900_0717 Folie 37
NTSafeDrive

The NTSafeDrive is an add-on Safety Module. It is enabling existing


drives to be used in environments where Functional Safety is required. It
supports encoder and encoderless operation.
The Safety Module is based on a two FPGAs 1oo2 architecture. It is
certifiable up to SIL3/SILCL3 according to IEC61508/IEC62061 and, PLe,
Cat 4. according to ISO 13849.

F900_0717 Folie 38
NTSafeDrive

NTSafeDrive
Power Supply with Power
Monitor

Safe Input Safe Output

Safe Input Safe Output

Safe Input Control Main Safe Output

Safe Input Safe Output

Safe Input Safe Output

Control Child

EMIF

SPI PWM FB
Encoder Interface

Customer Servo Drive

Control STO Power Stage

Motor Encoder

F900_0717 Folie 39
Typical applications

• Servomotors
• Inverters

F900_0717 Folie 40
Safe drive functions IEC61800-5-2/ IEC60204-1:

Advanced stop functions:


• Safe Torque Off (STO)
• Safe Stop1 (SS1)
• Safe Operating Stop (SOS)
• Safe Stop2 (SS2)
Advanced position functions:
• Safe Direction (SDI)
• Safely-limited Increment (SLI)
• Safely-Limited Position (SLP)

F900_0717 Folie 41
Safe drive functions IEC61800-5-2/ IEC60204-1:

Brake Functions
• Safe Brake Control
• Safe Brake Test
• Safe Monitored Temperature

F900_0717 Folie 42
Supported Encoder Interfaces

• EnDat
• Hiperface DSL
• SinCos
• SSI
• BISS
• BISS Safety

F900_0717 Folie 43
Safety Protocol

• FSoE
• ProfiSafe
• CipSafety
• Safety for TSN ??
• OpenSafety

F900_0717 Folie 44
Customer benefits

With the use of the NTSafeDrive Module you can focus on your core
competence, functional
safety is achieved by using the module and the support of NewTec.

F900_0717 Folie 45

You might also like